summarising [was: Re: ICANNs role]

No one wants to wait for security checks while browsing. This
information must be preprocess and "at the ready", or the Internet
starts to feel rather slow and broken. By slowing down registry
updates and even providing a preview of upcoming changes will allow
security to become much faster in providing comprehensive answers,
and make browsing seem unimpaired (as it should be).

There is no need for rapidly unannounced updates by the registries.

That simply isn't true.

It is more reasonable to say that "there is no need for rapid /and/
frequent updates" and to put some limits in place.

One fine day, I got involved with an ISP client handling a most unusual
situation. They had been contacted by some folks at United Media who
were in a panic because they had botched a registry update, putting in
IP addresses that did not work. As it happens, one of the IP's in
question was in an outsourced dial pool in Rockford, IL (IIRC - maybe
Beloit) and they had the imagination to call the ISP in question.

We set up a static IP, dialed in, and watched port 53 data stream in at
the full line speed. Everyone in the world who was looking for Dilbert
and other United Media properties was of course talking to resolvers
that were in turn banging on that IP.

Well, answering with much larger packets through the dialup wasn't
practical, and the ISP's upstreams had ingress filtering, but I did
manage to set up a VPN over to our networks where we control our own
filtering and our upstreams didn't do any ingress. We ended up fixing
them a handful of hours after their error. We watched the DNS traffic
dwindle over the next two days, and eventually hung up.

Obviously they had updated their info as soon as they could, but the
.com zone wasn't updated for almost another day (or was it two?)

Now, the reality is, accidents do happen. However, they happen
infrequently enough that you probably do not need to be able to
change your nameservers through the web interface and have them
reflected 5 seconds later. I do think that it would be very valuable
to have the capability to call someone at a registrar to deal with
issues like this for the infrequent times that it is needed, or
perhaps allow one such change per week(?) through the web interface.

Let us not get so intent on "getting the bad guy" that we damage the
innocent at the same time.

... JG

So, an "oops, I screwed up, and am in a panic" fee, of, say $100 and a quick but accurate identity check combined would take care of such an emergency. The fee would pay for the expense of the identity check, and perhaps provide a bit of profit for the registrar. This seems reasonable and workable. Or the fee could just be an extra profit for registrar and registry, raise the cost of doing business for the abusers, and also be workable.

> There is no need for rapidly unannounced updates by the
registries.

That simply isn't true.

You're right. Just like there is a very strong need for an airline that
offers 5 minutes from curb to seat checkin service. The need exists but
it ain't gonna be filled anytime soon because the government prohibits
such things. The government mandates delays and multiple vetting
processes between the time you step on the curb and the time you sit in
your airplane seat.

Same with buying a handgun in most states and in Canada. Same with
opening a business in most jurisdictions. You have to go to cityhall and
apply for a license first. Why should domain name registries be special
and be exempt from these normal processes of vetting and registering?

Now, the reality is, accidents do happen. However, they happen
infrequently enough that you probably do not need to be able to
change your nameservers through the web interface and have them
reflected 5 seconds later. I do think that it would be very valuable
to have the capability to call someone at a registrar to deal with
issues like this for the infrequent times that it is needed, or
perhaps allow one such change per week(?) through the web interface.

We had a situation rather like that about 6 weeks ago and we did call
Network Solutions and they did fix the problem by putting the lame
nameservers back in the .COM zone where the customer wanted them to be.
I believe the customer switched registrars in order to make sure that
their lame nameservers stayed lame. So at least some registrars do have
helpdesks available by phone who can get wierd issues sorted out for
you.

--Michael Dillon

offers 5 minutes from curb to seat checkin service. The need exists but
it ain't gonna be filled anytime soon because the government prohibits
such things. The government mandates delays and multiple vetting
processes between the time you step on the curb and the time you sit in
your airplane seat.

And government interference has been such a boon for the airlines and air travelers? Or just about any industry for that matter? Come on. Do you really want a group of people who think the Internet is a bunch of tubes telling you how things should be run?? God help us all if that happens.

Same with buying a handgun in most states and in Canada. Same with
opening a business in most jurisdictions. You have to go to cityhall and
apply for a license first. Why should domain name registries be special
and be exempt from these normal processes of vetting and registering?

Did you seriously, honestly, just compare a domain name to a handgun???

I have NO idea what to say to this ...

This was originally a much longer email but your statement made me realize the futility of my arguments...

-Don

<michael.dillon@bt.com> writes:

Same with buying a handgun in most states and in Canada. Same with
opening a business in most jurisdictions. You have to go to cityhall and
apply for a license first. Why should domain name registries be special
and be exempt from these normal processes of vetting and registering?

Analogies that compare to a postulated situation which is patently
false are amusing, but non-constructive. You might wish to bone up on
your understanding of US firearms law (preferably from a source other
than CSI or Law & Order [insert standard disparaging comment about the
mass media getting anything they cover, including the Internet, wrong
here]) before you embarrass yourself with another faulty analogy
involving guns.

                                        ---Rob (Senior NRA Training
                                                Counselor)

Analogies that compare to a postulated situation which is patently
false are amusing, but non-constructive. You might wish to bone up on
your understanding of US firearms law (preferably from a source other
than CSI or Law & Order [insert standard disparaging comment about the
mass media getting anything they cover, including the Internet, wrong
here]) before you embarrass yourself with another faulty analogy
involving guns.

People who take analogies as anything more than a rough approximation
are amusing. The fact is that in some jurisdictions in the USA there is
a cooling off period between the time when a person applies to buy a
handgun and the time they recieve one. Canada is somewhat similar due to
the need to file a Firearms Acquisition Certficate with the police. In
both these cases, the rules were put in place to allow enough time for
human beings to be alerted, and to intervene if necessary.

Network operations is not all about technology. There are people there
too and it is not unusual to accept the need for human beings to respond
to an alert with some time delay. That's why SLAs have 4 hour time to
repair clauses, etc. The situation with new domain name registrations is
similar. Some people wreak havoc by leveraging the fact that the
turnaround time is FASTER than human reaction time. Applying the same
general solution that some authorities have applied to handgun
purchases, is the answer.

This has nothing whatsoever to do with handguns themselves. It has to do
with the operational techniques used by the authorities which regulate
handguns. Whether or not you agree with those authorities is irrelevant.
The fact is that those authorities have goals and they apply certain
processes to meet these goals. We can learn by studying the abstract
without worrying overly much about the details of handgun sales. Details
are only important in the field where you APPLY the knowledge learned,
and in this case that is network operations.

--Michael Dillon