A recap of the events…

A few days ago, CNN reported an interview with Stratton Scalvos, CEO of Verisign on their controvesial Site Finder service and the need to allow Verisign to “innovate the DNS infrastructure”.

Kevin Werbach, former counsel for FCC, promptly dismissed Stratton and argued that innovation should be done above but not on the DNS.

Keith Teare, former CEO of Realnames, who is one of the members whom Verisign “consulted” on SiteFinder argues that innovation should be allowed on both DNS and above DNS citing John Klensin, former chair of IAB and his draft-klensin-dns-search proposal and also IAB comments on wildcard.

This prompted Karl Auerbach, former board member of ICANN, who reiterate the damage Verisign is doing to the Internet infrastructure even though it may not be felt by most users.

Verisign folks actually called me the day before they are forced to suspend their Sitefinder but we never hooked up. But never mind, let me add my views to the discussion, for whatever it is worth.The Internet is many things, but some of the basic protocols are really fundamental to the functioning of the Internet such as IP, TCP, UDP and of course DNS. Take away or modify them, you are breaking the Internet.

How so? The DNS is a really simple protocol designed to answer queries very efficiently. You send a query and the DNS reply either (a) an answer (b) no such domain or (c) please ask this guy instead. Verisign’s wildcard in the DNS effectively removed (b) as a possible answer.

While some argued that only (a) an answer is the only meaningful results, over the years many folks have utilized DNS in ways which we never expected. Particularly, spam filters depend on the fact it can differential an existence or non-existence host so a “no such domain” answer is as important as “the domain is…”. Now, that is what Kelvin called “innovation above the DNS”.

By changing the core behavior of the DNS, Verisign not only broke existing applications, it also eliminate other such innovations above DNS in future.

Because the success of the DNS, there are many commerical parties who attempts to “play” with the DNS infrastructure for their commerical benefit over the years. Keith and myself have once have a conversation, many years ago, about how wonderful it would be (for our companies) if we could add his Realname keywords and mine Internationalized Domain Name to the DNS directly.

But over the years, I learnt and I realized there are more important things like keeping the Internet..well, Internet. Innovation above the DNS, which is why Internationalized Domain Name is now standardized as a function above the DNS and not part of it.

If you read Keith Teare’s blog, you may think John Klensin agrees with Verisign. While I cannot speak for John, I know him and we work on many projects together over the years and I am quite certain that’s not true. I remember John’s DNS Search and he talks about how people needs better way to locate resources then DNS but it is very specific that all these is to be done above the DNS, not inside it.

Karl Auerbach is a great engineer with lots of passion. And he may sound very emotional in his writings but for those who knows him, he is actually very down to earth. In his passion in rebuting Keith, I think he forget the most important point that is Verisign does not own the DNS infrastructure. Verisign is a contractor to provide a critical infrastructure service for the Internet and there are others quite willing to do so if they are not willing to play by ICANN rules.

On the other hand, I have to add that there are certain benefits of wildcard and it could be potential be useful if utilized properly. Nevertheless, such changes to DNS, especially the largest .COM and .NET zone, is fundamental to the Internet as a whole, this should be done in consultation with the Internet Engineering Task Force and not with a 8hours notice to NANOG. On this regard, Verisign could have certainly handle the whole situation much better which I relate to a friend in Verisign.

ps: Incidently, it is funny to see how many people whom I knew argued with each another over blogs, and not over mailing list anymore ;-)