I can't see any way selling .org from a non-profit to a commercial entity who is profit motivated makes sense at all.
In online debates a decade or more ago, I remember people, including myself, used to defend American control of the domain system by pointing out the altruistic and independent nature of the ICANN and their history of being good stewards of the DNS infrastructure thus far. That seems to no longer be the case. This whole deal calls into serious question their current integrity.
> On Wednesday, the iconic yellow-bordered magazine, beset by financial issues, entered its own uncharted territory. In an effort to stave off further decline, the magazine was effectively sold by its nonprofit parent organization to a for-profit venture whose principal shareholder is one of Rupert Murdoch’s global media companies.
I'm not sure that's a valid precedent. National Geographic was facing bankruptcy with a bleak future. Their options were to sell or shut the doors - they took what they believed to be the lesser of two evils.
.org prints money - they have almost no overhead, and a basically guaranteed revenue stream. This isn't a public good that has no other options to survive - it's a bunch of shady board members attempting to enrich themselves at the expense of the public good.
Did you ever get a copy of Nat Geo Adventure / Traveler?
It was one of the sub-magazines that proliferated (probably as they were trying to keep the print business alive). Grabbed a couple in an airport, but they seemed more interesting and focused than the main one.
Interestingly, this act itself proves that whilst the US DOC was, and claimed, to have moved ICANN to international ownership [1], it is in fact still under the control of the US government.
As long as the Internet namespace, or DNS, is governed by US (California state specifically) law, the Internet itself will be operating under the same jurisdiction as DNS is generally considered critical to the function of the Internet.
This is a very strong reason that, just like currency [2], the Internet namespace is also ripe to be decentralized to distributed ownership by the people [3].
The internet deserves to be owned by the people - not any single government.
And like currency, it turns out that it's almost impossible to have a fully decentralized, trustless system for all but the most basic functions. Maybe you prefer that to the current system, but it's not like handwavingly suggesting blockchain makes any of this better. There are all sorts of real-world issues that you can't handle on-chain.
It’s easy to say that a hypothetical system will do everything you want, similar to how Bitcoin salespeople spent most of a decade saying it’d be better than cash and credit cards before trying to claim they’d had different goals all along.
You first need a system which works and scales to plausible levels before we can say anything about whether it’s a viable solution for anything. In particular, it’d be important to have real cost and control information to show that it wasn’t trading ICANN for a different group which has similar control — and the inherent inefficiency of a blockchain means that there’d be more of a likelihood that power would consolidate in a few major players.
(As an aside, Symantec screwing up does not seem relevant to a discussion about ICANN. Perhaps you could explain why you believe it to be?)
> similar to how Bitcoin salespeople spent most of a decade saying it’d be better than cash and credit cards before trying to claim they’d had different goals all along.
As someone following Bitcoin for a long time since just after genesis, I can assure you that replacing cash and credit cards was never on the original agenda but instead a byproduct of the goal. Make no mistake, the goal was always to decentralize currency and give the “power” of money back to the people. That said, in a decentralized system, there can be more than one goal and goals do not need to be unified across participants. That freedom is one of the beauties of decentralization.
As long as a third party central authority controls our money system, we will always be subject to the whims of the few. Bitcoin is helping to liberate us and it’s absolutely working.
> it’d be important to have real cost and control information to show that it wasn’t trading ICANN for a different group which has similar control
This exists by virtue of our trust in cryptography - which for me is absolute.
> As an aside, Symantec screwing up does not seem relevant to a discussion about ICANN. Perhaps you could explain why you believe it to be?
Less directly and more by way of overall system architecture, the separation of DNS and “truth” has caused many issues to the Internet. It’s relevant because Handshake finally combines DNS and truth [1] by essentially completing the once incomplete DNSSEC.
> As long as a third party central authority controls our money system, we will always be subject to the whims of the few. Bitcoin is helping to liberate us and it’s absolutely working.
A bold claim without evidence. In fact, the opposite may be true [1]. This is but one counterpoint; another notable problem is the centralization of bitcoin mining in China [2].
The same can be said about any money system in a capitalist economy (e.g., 1% owns 40% of the wealth in the US [1.1]).
> This is but one counterpoint; another notable problem is the centralization of bitcoin mining in China [2].
I'm not sure this is 'looming' today as the article boldly claims, but centralization is definitely a risk. It's important for everyone to participate in the system as they can for a more equal distribution of ownership - akin to how one should exercise their vote in US elections.
> As someone following Bitcoin for a long time since just after genesis, I can assure you that replacing cash and credit cards was never on the original agenda but instead a byproduct of the goal.
As someone who was also there, I stopped reading at this point. The things getting circulation were bold predictions about replacing cash and credit cards in daily life and anyone who questioned that inevitability was dismissed as not understanding it. Everyone knew it was an attempt to dress up “use your money to make me rich” in a more noble guise but that doesn’t mean it didn’t happen.
I disagree with the claims about effectiveness, but this is otherwise correct.
Bitcoin emerged from the Cypherpunks crowd; while nobody has positively IDed the 'real' author of the paper, the ideological motivations are rooted in anarcho-capitalist thought. The operative theory is really not that different than Grover Norquist's; attack the tax base and the state withers. Grover is just less ambitious.
The flaw in the bitcoin thesis is that the internet is powerful tool of centralized control and reinforces authoritarians, not the opposite.
I'm resigned to losing internet points any time I open my mouth about bitcoin. I'm neither a cheerleader nor an opponent, so approximately nobody involved likes what I say about it.
We probably disagree on other things bitcoin-related, but right here I think it is only about how we're defining 'success'. I agree that it is an existence-proof for decentralized currency, and am not trying to downplay the significance of that.
I think Bitcoin was stopped, it was adopted by a secondary tier who were only using it to speculate, then it was brought into the tax systems of governments, now it's treated as principally something other than for daily transactions.
It's so volatile it's useless except for speculators.
Greed ruined it, I feel, like it does with everything else.
> What are the issues that can’t be handled in the Handshake blockchain ecosystem?
From the handshake FAQ: 'There are no social or technical guarantees with the renewability or ownership, this is an experimental system, please read the code to see details of how it currently works'. That's below the bit where they auction them off to the highest bidder. There are plenty of issues with ICANN, but it isn't a toy with a short term profit-maximization scheme attached...
> That's below the bit where they auction them off to the highest bidder. There are plenty of issues with ICANN, but it isn't a toy with a short term profit-maximization scheme attached...
The blockchain auctions domains off to the highest bidder thru a blind Vickrey auction [1] wherein the winner pays the amount of the second highest bid.
After the auction completes, the coins are burned (provably destroyed).
Both the legacy ICANN system and new TLDs on Handshake [2] are working together in harmony.
To be clear, everything on the internet including the internet itself started as an experiment.
> That's below the bit where they auction them off to the highest bidder.
The hns paid for winning an auction are destroyed.
> There are plenty of issues with ICANN, but it isn't a toy with a short term profit-maximization scheme attached.
Handshake is anything but a short term profit-maximization
scheme! The Handshake developers took $10 million of VC money and donated it to free and open source foundations: https://handshake.org/grant-sponsors/
It's under US law like any other entity operating within our borders, but it's not really under US government control anymore, which seems to have been to everyone's detriment.
Some organisations are granted special status - for example, CERN is built straddling the frano-swiss border and can issue its own diplomatic vehicle registrations. Not to mention things like the UN building in New York.
If for some reason the US thought ICANN shouldn't be subject to US law, they could do something similar. Being inside a country's borders doesn't always mean being subject to its laws.
Of course, the corruption in the .org selloff doesn't make me feel ICANN needs less oversight. And it's questionable whether the US can grant independence it cannot revoke, at least from an international realist perspective.
The sad part is, giving up control doesn't seem to have stopped other nations from slowly severing themselves from the global conversation like the Great Firewall and Russianet.
People having a passing familiarity with all the TLDs increases security. You know to trust Microsoft.com but it would be easy trick someone into clicking a link to Microsoft.c0m or some such.
In 2018 the Supreme Court decided the case Masterpiece Cakeshop v. Colorado Civil Rights Commission case in favor of the cakeshop, which had originally refused to bake a wedding cake for a gay couple. The couple sue the cakeshop, claiming illegal discrimination (in Colorado) but the cakeshop won the case not because of its merits, but because US Supreme Court ruled that the members of the Colorado Civil Rights Commission were biased... against Christians.
Don’t forget to take into account that religious liberty is a real thing in the US... literally the first thing spelled out in the Bill of Rights. That’s why the court considered the state commission’s bias against the religious person’s exercise of their sincerely held belief. Plus, you know, the whole “state can’t compel speech” thing (also part of the Bill of Rights) kind of makes the resulting decision pretty unsurprising.
They are referring to the supreme court case revolving around a bakery in Colorado who refused to make a wedding cake if it was going to be served at a gay wedding.
Sure, I've never heard it described that way. That makes it sound like the point of asking to be served is to punish and frustrate the bakery. I've never heard civil rights protests called the "serve my lunch racist!" debate.
The sentiment behind the phrase "bake my cake bigot!" seems to trivialize the issue of being discriminated against by a public business and incorrectly attributes malice to the person being discriminated against.
I'm not attributing any ill-intent to you but wanted to give feedback on that terminology which is why I asked the question. Thanks for your response.
When I read about the cake shop story, I believe the reason I didn't automatically side with the gay couple was because it appeared they visited multiple shops, specifically looking for a shop that would not accommodate their request to make an overtly "gay-themed" cake. Even when they found the shop that was sued, the baker offered to make them alternative cakes, just not one that had their preferred phraseology. It seemed more like they were trying to make a point/easy cash grab, which ultimately backfired.
And I'm glad that you've illustrated my point perfectly. Having misinterpreted my statement to be homophobic, you've chanted the magic words to summon the specter of censorship.
Where exactly do you see homophobia in their comments?
See, this is the problem right here. Whenever people like you hear something they disagree with you'll start screaming "bigot" or "homophobe" or "nazi". How are we supposed to have a mature, civilised discussion about these things?
When you know that Ethos Capital (that wants to buy .org) was co-founded by an ex-ICANN CEO, and that it employs several other former high-ranking ICANN staff, then it starts to make a lot of sense.
And centralization of decentralized entities isn't a question of if - it's a question of when.
Decentralization has so many downsides compared to centralization when things are going "right" that centralization has competitive advantages over decentralization.
Except that centralization will eventually give rise to corruption =p. It's and endless debate I guess. But for an organization like ICANN my vote goes to decentralization.
Their argument is that .org is akin to a school owning large playing fields in the middle a rapidly expanding city.
Selling off some or all of an asset that has become unexpectedly valuable can fund the organisation’s wider mission with a windfall endowment.
No one buys such an argument in this case because, just as sports are a big part of school, so too is it ICANN’s core mission to provide equitable access to names in TLDs — or at least that’s what most people would say it is.
(Apologies if this ruffles the feathers of anyone fighting a school playing field sell off battle, especially if you also own yourschool.org too.)
That's a good analogy IMO, they put short time finance above the altruistic aims they're supposed to engender. At least the school do it for the students, and not to enrich private individuals.
If icann is broken, which it seemingly is given this catastrophe handling of .org, then the solution is pretty obvious. Remake icann with a strong and clear purpose and goal of making the internet infrastructure more stable and safer. Selling off all the different part of icann to for-profit companies will have the usually effect when the goal become to farm taxes on commons.
I don't agree with it, but the reasoning goes like this:
It makes sense for both parties because for the seller the investment gains from the capital they're getting from this transaction will be similar to what they're making from running the registry. But they no longer have the headaches of running the registry.
For the buyer, well, it's a monopoly so the sky is the limit. Even if current seller is able to raise the prices, they might not want it due to the backlash this would cause. Current buyer is less constrained by this.
I'm not sure much of value is lost. the .org TLD has not been a strong signal of credibility for some time now. for example, "4chan.org" has been registered since 2004. AFAIK, there has not been any requirement to actually show that the registrant is a non-profit for decades.
with the possible exception of .gov (and local equivalents), people should not be encouraged to use TLDs as a positive signal of credibility. imo, the only things that matter are that domain should point to the expected entity (eg, wellsfargo.com points to the bank, not a phishing site) and that disputes over who gets to use a specific domain get handled in a reasonable way.
You point to one example (4chan) yet there are probably hundreds of thousands of counter-examples of usage of ORG domains.
There is no perfect solution of course, but generally speaking ORG domains have been used to signal that you are an organization vs. a corporation, and potentially a non-profit.
That said, just like in the real world, individuals are encouraged to do their research and confirm that one is what they claim to be (just like door-to-door charity workers) before engaging.
> There is no perfect solution of course, but generally speaking ORG domains have been used to signal that you are an organization vs. a corporation, and potentially a non-profit.
what I'm getting at is: if ICANN never enforced the convention in the first place, and they are selling it to someone else who also doesn't intend to enforce it, what should I expect to change?
when it comes to security in particular, conventions that are usually (but not always) followed are often worse than having no convention at all. it sets dangerous expectations for lay people.
> what I'm getting at is: if ICANN never enforced the convention in the first place, and they are selling it to someone else who also doesn't intend to enforce it, what should I expect to change?
I think the biggest concern with this sale is around pricing more than "correctness of use", where I agree with you the ship has long sailed.
Selling PIR to a for-profit company, a private equity firm no less, means you can pretty much 100% guarantee that in the future pricing would be increasingly profit-driven.
Am I the only one who believes .tld model is broken? ICANN and IANA overseeing all .tld creation, the current pollution with thousands of .ltds, being just two problems.
Maybe even the .tld model is too old to help identify hosts. In the beginning of Internet com, edu, gov, mil, org were enough to group hosts. But now, that we have zillions of hosts, .tld might not be enough.
If IPv6 is a response to IPv4 limits, maybe we need something better than .tld, too.
opening up TLDs for sale seems like a (somewhat) logical way to expand the available namespace for domains. We have zillions of hosts, why require them to conform to one of a few random categories.
Certainly, I have issues with how TLDs are allocated and controlled, but that doesn't mean that the general idea of allowing essentially arbitrary top level domains the same the way we do with second level domains is inherently a bad thing.
> opening up TLDs for sale seems like a (somewhat) logical way to expand the available namespace for domains.
Some would say the new gTLDs have failed to increase the supply of useful domain names, because the only people who use the likes of .info and .biz are scammers, and that bad reputation scares users off.
It was also well known from the start that the gTLD program was going to extract a lot of rent from domain owners - that the likes of Volvo would end up paying $180k for the .volvo TLD and $300 for volvo.sucks and so on.
Some people see the fact gTLDs had none of the benefits and all of the costs, and yet ICANN keeps on issuing them, as a sign that it was never about the benefits to begin with - that it was about shaking people down for rent all along.
They tlds are basically scams. When they are introduced they claim to have a rollout schedule that allows the general public to register names but the good names are effectively reserved.
I tried to buy california.beer on the first day .beer was available to the public. It was always listed as unregistered but if I tried to buy it strange errors occurred.
After the time period where they were required to allow registrations for a set price, california.beer was listed for $1000+.
It ossifies the namespace. As in, you can't have a name that is both reasonable and can coexist with the current DNS model.
Any of .onion, .bit, .coin, .eth, .crypto, .zil, can expect the .dev treatment, or, in time there won't be many nice available one for future developments. Similar issue might be with things like .ipfs, which don't resolve in the usual sense, but could cause confusion if there was an ICANN .ipfs domain.
Some domain trader will come and say those aren't "real" names, and you are supposed to rent them from ICANN, but that seems like a protection racket.
The main issue is that it breaks expectations. Someone missing a space after a period now potentially typed in a syntactically valid URL (I see this pretty commonly in texts where the messaging app decides its a link), it breaks the UX of searching in browsers URL/Omni-bar and now you have to include a question mark for lots of cases where you haven't for multiple decades.
>opening up TLDs for sale seems like a (somewhat) logical way to expand the available namespace for domains.
It does the reverse. There is only one root zone. Before the root was a free-for-all there were hundreds of different areas to set up shop in the namespace. Now there are exactly two: 1. have fuckloads of money to piss away on a vanity TLD, or 2. use someone else's TLD.
Every TLD has the same possibility space as the root zone, but we only get one root zone. There are no do-overs. Careful creation of TLDs allowed mistakes of previous TLDs models to not be repeated, experimentation with different implementations, business models or namespace allocation strategies. Now there's exactly one.
We used to have headroom at the top to sidestep "hope an existing brand isn't squatting the name" and try things like country code TLDs, .arpa, and .int. Or tack resolution experiment onto the side with .local or .onion.
If you wanted to do any of those now, it's impossible because the namespace has been reduced. Go back to options 1 and 2.
I fail to see alternative DNS as much better solution, as that still depends on having tlds.
For sure, identifying hosts in a "good for all purposes and all actors" manner it isn't a easy problem to solve, but it something that might makes lives of many easier.
And even if you come up with a great solution, how you convince most actors to use it?
There's a blockchain project for everything these days, so there's also a blockchain project for TLDs: https://handshake.org/
If we had DNSSEC and DANE support in browsers, it would solve the security problems stemming from certificate authorities being able to issue certificates for any domain they like. Handshake would enable people to actually own their domains and bypass the CAs altogether.
NextDNS has native support for Handshake domains, I started using NextDNS (because it's fantastic in its own right) and I can resolve Handshake domains "for free" (with no other configuration).
It would solve that problem by allowing governments to directly issue certificates for every domain under their TLD, while not actually preventing CAs from doing anything (see Adam Langley's post for why), all the while allowing this weird blockchain project to monetize its own quirky version of the DNS. I don't understand why this project is taken seriously.
> It would solve that problem by allowing governments to directly issue certificates for every domain under their TLD, while not actually preventing CAs from doing anything (see Adam Langley's post for why)
Definitely a valid point - DNSSEC and DANE are incomplete without Handshake [1].
> quirky version of the DNS
It's the same DNS, simply the root was decentralized from ICANN to the commons.
> I don't understand why this project is taken seriously.
The reason the project is taken so seriously by so many is because the project improves our internet by improving security [2] and gives ownership of the internet back to the people where it originated, and where it belongs [3].
"monetized private blockchain thingy" is a gross misrepresentation of the project. Please read the design notes [1] before making any assumptions, sir!
Rather than being a 'blockchain' project, Handshake is a project that makes use of blockchain technology to solve a real problem that the world has been trying to solve for some time [2].
Is this just someone stealing the Handshake project's name, or does the Handshake project really believe that a piece of Internet infrastructure will be run off a trading cryptocurrency --- and, not just that, but their trading cryptocurrency?
Thomas, I also highly respect you. While you're not wrong in anything you write, you're doing the conversation a disservice by not reading the design notes [1].
Perhaps if you're really short on time (aren't we all?), you might at least find it amusing that the Handshake developers took $10 million of VC money and donated it to Free and Open Source foundations [2]. That was actual cash donated, not just magical internet money.
In exchange for that money, Handshake appears to want the Internet to donate something of great value (authority over the DNS) so Handshake can sell it back to them.
It doesn't even matter what I think about this design. Speaking positively, not normatively: this is never going to happen. Everyone from billion dollar corporations to academic research labs to inexplicably influential Internet curmudgeons working out of basements will recoil from this.
Do you think the current system is just fine? If yes, what are your thoughts on the recent ICANN controversies? If not, what are the better alternatives?
Pro-tip: Handshake coins can be exchanged for US dollars or Bitcoin on the Namebase exchange. This is a great time to HODL and use your airdrop to bid on available Handshake domain names. As the adoption of HNS and Handshake domains increases, we are likely to see the value of both these assets increase over time. As early airdrop recipients, you are the best advocates and builders of Handshake.
Yeah this seems super legit. Can I do it too? I'd like to blockchain ARP. I'll pre-distribute my ARPCoins to open source developers, so it'll be totally above board. Down with the IEEE Registration Authority! Up with the people!
I wasn't sure where that quote came from, but Google helped out. It appears you're trying to misrepresent text from an exchange's website as somehow being representative of the Handshake community.
The vast majority of the handshake community has no affiliation with Namebase, but I definitely recommend Namebase for people who are not comfortable managing their private keys.
Your comment is analagous with taking a comment from the Microsoft website about GNU/Linux.
On another note, Thomas, I would like to point out that you have chosen to be outspoken in the community, so I would like to strongly suggest you do so in a more constructive manner.
I think you're being too dismissive of my plan. It's at least theoretically possible to use the Internet without the DNS. But just try using it without ARP!
Nobody is reading this thread besides us at this point, so maybe should just tie it off here, or with your reply. All the best!
>I think you're being too dismissive of my plan. It's at least theoretically possible to use the Internet without the DNS. But just try using it without ARP!
>Nobody is reading this thread besides us at this point, so maybe should just tie it off here, or with your reply. All the best!
Again, sir, I urge you to read the design notes [1] as it will answer many of your questions and uncertainties around this project. That said, you are someone I respect to the highest levels possible, so I sincerely appreciate the comments and criticisms shared thus far and earnestly hope that your participation will continue!
With that aside, to answer your question regarding monetized/cryptocurrency, here is an excerpt from the notes and there are far more details that can be found therein:
A blockchain is proposed which optimizes for correcting prior weaknesses around
acknowledging stakeholders such as existing top-level domain (TLD) holders and
optimizes for decentralization (while still allowing for n-of-m attestations).
Users use the native token (coin) to register TLDs which are pinned to a
specific certificate as the identity. A committed merkelized proof of all
top-level names allow for compact, shareable inclusion and exclusion proofs.
This blockchain exists to attempt to resolve the need for a globally unique
namespace which is necessary to have an association with unique names and
certificates. While it's possible to create a singular centralized globally
unique association (DNSSEC), a decentralized system can be resolved by creating
a blockchain with its own cryptoeconomic incentives (coin), including name
auctions of a unique namespace and block creation. Scarce resources require
sybil protection, usually managed by a central trusted authority (CAs, ICANN),
but can be resolved by having a blockchain based mechanism for global consensus
and resource allocation.
Is Handshake based on a cryptocurrency coin? Does that coin trade on coin markets? Are there early backers and investors?
If so: it's a dead project. I don't know why anyone would take it seriously. I'm skeptical of the entire model for any application. But for Internet infrastructure? Never going to happen.
> Is Handshake based on a cryptocurrency coin? Does that coin trade on coin markets? Are there early backers and investors?
Handshake is based on the ideal that the internet belongs to the people.
> If so: it's a dead project. I don't know why anyone would take it seriously. I'm skeptical of the entire model for any application. But for Internet infrastructure? Never going to happen.
People will always strive for better. I believe it will be Handshake, but if not, something else will come. People find a way, that's how we all got here today. This very thread itself is proof that the current system doesn't fulfill the wishes of humanity and there is a need for change.
If you believe Handshake has faults, let's all work together and improve it!
> Sure. Step 1: lose the speculative cryptocurrency.
The step seemed like it lacked any understanding of the mechanism design of handshake, and I realized it's because we skipped a step here. I like to start my count with 0:
Step 0: Please read the design notes document. Let's be constructive here.
Later:
In all seriousness, though, I urge you to read and understand how Handshake works and how different it is from these other 'cryptocurrency' projects that I am (and I'm sure many in the hn community) on the exact same page as you about. I trust you'll see why the community is moving in this direction.
Later 2:
Just incase you don't read the paper, the coin, and auction process, helps prevent sybil attacks among other things.
I could launch a DNS replacement project where users registered a domain name by coming to my house and handing me $1,000 in cash. It would be accurate for me to say that the “come visit me with cash” approach prevented botnet-based brute forcing, among other things. It would also be accurate for an observer to point out that my project has a crucial flaw for replacing DNS.
It’s clear you believe the usage of blockchain technology in Handshake is justified. But throughout this thread, whenever the question of ~“is your project backed by a cryptocurrency which is traded speculatively” has been posed, you’ve dodged answering it outright.
If you read closely, I did not dodge but instead suggested reading the design notes. It’s not worth arguing a point with someone who lacks the understanding of something. Once I realized that this was simply bias and the thread was attacks rather than sincerity, I answered directly.
Later:
My first response [1] included a direct answer pasted from the design notes - and it’s very clesr. Unfortunately, it won’t help if you don’t know what a Sybil Attack is. I incorrectly assumed that was basic knowledge in 2020 for anyone on Hacker News [2].
When somebody says ~“is this true” and you say ~“read the docs”, you’re dodging the question. It’s a pretty fair assumption that `tptacek and I are familiar with the docs and the concept of a Sybil attack. Even if we weren’t, you could just as easily say “Yes, the design of Handsake is based around a cryptocurrency, and our implementation involves speculation. For more info, you may want to check out the docs <here>.”
Instead, you’re deflecting by insinuating that we haven’t read the spec, and thus refusing to answer the question we’re posing to you.
If you're saying A) I ignored the cryptocurrency, unfortunately you are wrong.
If you're saying B) I didn't explain to you what a sybil attack is, you're right, albeit I did provide a link.
In a global unique namespace that has no centralized control, there needs to be constraints and scarcity built into the system itself in order to prevent someone from launching a "sybil attack" which, in this context, means someone could register a trillion names without anything stopping them. By introducing a coin that in itself is a limited resource and including an auction process, essentially, there are a limited number of names since there are a limited number of coins, and, in addition, the auction process itself helps to prevent someone from getting a lot of coins and registering many names.
This explanation really just touches the surface as all the intricacies of the architecture are better detailed in full, in our project design notes [1] as I have continued to urge you to read.
> If IPv6 is a response to IPv4 limits, maybe we need something better than .tld, too.
You get 63 bytes (really, ASCII chars, fewer Unicode codepoints using IDNA) per-label in a DNS domainname, and you can have many labels per-domainname, which means we really can't run out of names the way we have run out of IPv4 addresses. The comparison you drew is just not valid.
By "tld" you seem to mean "DNS". DNS is basically irreplaceable at this point. We can replace the UDP port 53 protocol with, e.g., DoT (DNS over TLS) or DoH (DNS over HTTP), maybe nice RESTful APIs -- whatever, but we can't replace the DNS data model because it's too deeply embedded, and not exactly busted and in need of replacement.
That is, domainnames are here to stay. DNS Resource Records are here to stay. Access methods and representation on the wire can change, but their semantics can't.
Given that, more TLDs, or not, makes no difference whatsoever to availability of domains for all sorts of organizations, as well as individuals.
Can't we come up with a simple, good technical solution to identify hosts?
Something that is scalable, is easy to use from a technical perspective and also easy to use by humans?
The biggest thing to solve is that meaningful dictionary words are few and many people fight over them. But the current solution to that means thousands upon thousands of tlds, which nobody cares of, are hard to remember. Most people still fight over .com domains and prices got to insane levels.
To have the chance to use a decent .com name for your business, you have to first buy another tld, work for a few years, pile up some millions of USD and get it from the domain hoarders.
Having a .com domain with a name relevant to your business is still perceived as a big advantage.
> Something that is scalable, is easy to use from a technical perspective and also easy to use by humans?
That's exactly what we have right now.
This is a business/culture/government/economics problem—not a technical one. As long as the end goal of the system is "type in a string of text on any computer connected to the internet, and get the same result[1]", we're going to have issues like this.
When I got my first domain name, the cost was $100 for two years (and $50/year thereafter). At that price, no one thought of squatting on any but the most lucrative domain names—certainly not mass-registering thousands of domains and holding on to them for years. I don't want to go back to those prices, but those are the sorts of parameters that impact the domain name market.
[1] Yes, there non-public zones, geo-routing, etc. But as long as we define "result" as "exactly what the organization controlling that substring wants you to get" I think it works.
>I don't want to go back to those prices, but those are the sorts of parameters that impact the domain name market.
The amount of money businesses are willing to spend on branding is large enough that there is no price point that would allow me to both afford renewals on my email server's domain, but doesn't also enable squatting.
> Can't we come up with a simple, good technical solution to identify hosts?
We can, but every single solution is a set of trade-offs and even geeks will never agree on what's the right set of trade-offs. If the people who could give the tech widespread support don't agree, how is there ever any hope of rolling it out?
The only way I see to shatter the status quo is if big companies decide to push ahead with whatever they came up with and the rest of the world just has to follow. QUIC is a bit like that, I think.
Only problem is I don't there being big incentive for big companies to overthrow the system. It works well enough?
Of course, I would love to throw away DNS and start using a system where I can be John Smith and you can be John Smith and I can pass your fingerprint to my friend John Smith so that they won't accidentally connect to John Smith the rich prince from Nigeria.
Is this deal something the SEC can throw the book at? I mean it's quite obvious that this is an inside deal with front companies to gut a public non-profit just less than 4 years after ICANN stopped being supervised by the Department of Commerce.
How is this legal and why isn't it being criminally investigated?
Delays, not cancels. Alas, the attackers have a lot to gain, so they'll keep mounting the attacks. And the defenders have very little -personal- reason to fight back.
My office has “responsibility for supervising charitable trusts in California, for ensuring
compliance with trusts and articles of incorporation, and for protection of assets held by
charitable trusts and public benefit corporations…” (Gov. Code, § 12598.) My office is tasked
with the authority to “investigate transactions and relationships of corporations and trustees…for
the purpose of ascertaining whether or not the purposes of the corporation or trust are being
carried out in accordance with the terms and provisions of the articles of incorporation or other
instrument.” (Gov. Code, § 12588). To that end, my office conducted an investigation of
ICANN and its role in approving the transfer of the .ORG Registry Agreement from the Public
Interest Registry (“PIR”) (the supporting organization to the Internet Society (“ISOC”)) to Ethos
Capital...
and yes, ICANN is based in California, so it seems they could possibly have their charter revoked if they sell and the AG comes after them (IANAL).
Some of the public information is summarized and sourced in Wikipedia:
> Ethos Capital was founded by Erik Brooks. Brooks is a former Managing Partner of another private equity firm Abry Partners. During his tenure at Abry, in September 2018, the company acquired Donuts, a domain name registrar with a wide portfolio of new gTLDs. In October 2018 former ICANN President of Global Domains Akram Atallah joined Donuts as CEO, while in December 2018 Donuts co-founder Jon Nevett joined Public Interest Registry as CEO.
> Other former ICANN staff members are involved in Ethos Capital itself. Former CEO Fadi Chehadé serves as an advisor, and former Senior Vice President, Development and Public Responsibility Programs Nora Abusitta-Ouri serves as Chief Purpose Officer.
But the whole deal is designed to be as opaque as possible – as explained in TFA we have no idea who will really control the .org when it's done. What we do know is that ICANN management desperately wants those specific people to be in control of and profit from .org for some reason, otherwise they would have gone about this deal very differently. You know, like at least having a bidding process.
(Basically you pay to block OTHERS from registering domains instead of registering it yourself).
At the creation of DPML it was assumed they could hose every major brand with this by threatening someone would register "bigbrand.dumbTld" and put porn up.
I recall previous HN posts which found likely ties between Ethos capital and some members of the ISOC board. Where it was suggested they were selling the .org domain to themselves.
Front companies are a well established method of operation certainly in spycraft (see the latest Crypto AG revelations), but also in internet hosting.
For example, Google requires their employees at certain data centers to only wear the badges of / pretend to be COPT employees [1].
Additionally, the Wikileaks AWS Atlas [2] showed show how yet another major company does this. I realize these are cloud data centers, but the similarity between them and hosting registrars, in terms of "internet power", is very complementary.
What you are saying is interesting but unclear. Can you point to any reputable news sources? Also, I don’t understand the “easy win” netting American citizens.
How 'bout a little bit of both? Imagine the past year of US corporate simpering in regard to Chinese interests - but across the entire .com domain. Everyone better make sure they're using the CCP approved South China Sea maps, yes - it would get that silly.
Wild how organizations like ICANN that are supposedly international are in practice wholely within the jurisdiction of some regional government. Not even the Federal government, they're being stopped by the state of California!
I wonder why organizations like ICANN that are supposedly international are hurrying to sell .org tld to some private firm with very opaque ownership. And why that process of selling isn't transparent, why they didn't do any bidding before of selling?
You are aware that your link itself spells out that they aren't finished and still use a root cert with seven owners? There are likely more people involved in the decision making process at ICANN. But, yeah, lets migrate our critical infrastructure to some in progress project "as soon as possible". I mean it has electrolytes^W block-chain in it, that is what plants^W security experts crave, right?
In online debates a decade or more ago, I remember people, including myself, used to defend American control of the domain system by pointing out the altruistic and independent nature of the ICANN and their history of being good stewards of the DNS infrastructure thus far. That seems to no longer be the case. This whole deal calls into serious question their current integrity.