Root Server Operators (Re: What *are* they smoking?)

> i don't think so. verisign is on public record as saying that the
> reason they implemented the wildcard was to enhance the services
> offered to the internet's eyeball population, who has apparently
> been clamouring for this.

My question is, if this was to serve some need of internet users, why
does port 25 work and not port 80?

i wouldn't speak for verisign on that point even if i knew the facts
(which i don't) but i'm guessing that the internet today has mostly
just got web browsers on it, and verisign is principally concerned
with those people.

So, I'm curious as to your opinion about the bigger issue. Maybe it
has been stated somewhere else, and if it has, please direct me to
it. I've read all of your posts about this on nanog, and you do an
excellent job of staying neutral. You point out that what Verisign is
doing is technically valid and therefore shouldn't be addressed with a
technical "solution", but you also release a patch for Bind to
accomodate obvious demand (and to save users the hassle of
implementing half-assed patches with hardcoded A records). However,
you do so without actually stating whether or not you think the
wildcards are a (policy) problem or not.

let me be clear on that point, then. i've now heard some people from
icann's various committees and boards say that they either were not
consulted, or that they were consulted and they advised against this,
and they feel rather strongly that these wildcards should not have
been put in. so, there is a policy problem, which is that folks don't
agree as to whether verisign is the owner or the steward for .com and
.net, and folks don't agree on whose permission is needed for what.

i would like to see that policy problem resolved, but i have no part
in it, and i don't actually care which way it's resolved, so long as
it is resolved. we all need to know whether verisign is the owner or
steward, and we all need to know whose permission is needed for what,
and we all need to know what to expect. resolving the policy problems
will give us all those things. so, i hope that someone (else) resolves
those policy problems. (if y'all need me i'll be out washing my cat.)

You point out that there is high-level ambiguity about the
relationship between DOC, ICANN, and Verisign, and about whether or
not Verisign should have the public's interest in mind.

speaking as an individual, and not as a party to policy discussions
between the people who need to set and follow policies in this arena,
i can say:

                                                        Do you think
they should have the public's interest in mind?

yes. because any tld who does not do this gives ammo to the kooks who
want to set up their own alternative namespace. that would be bad for
the public since it would be even more chaotic than what we have now,
and chaos is expensive and painful.

                                                 And do you think the
wildcards are in the public's interest?

no. i liked it better when's parent domain (com) had no wildcard,
so that if someone mistyped my domain name they got a hard dns error rather
than a verisign search page or mail error.

I can certainly empathize with wanting to stay neutral, but I think we
need somebody who carries substantial influence in the name resolution
community to have strong opinions about such a poor policy decision.

i sure hope you find her (or him). good luck with that. see you all in
san diego (usenix) next month, when i shall joyously lampoon all of this
bitrot during my invited talk on the subject of internet governance.