Wampum

ICANN's Board just chose Cartagena, Colombia for the HalloweenNovemberDecember meeting.

Posted by EBW at 09:55 PM | Permalink | Comments (2) | TrackBacks (0)

I co-wrote, well, actually, Andrew Sullivan wrote, but on namedroppers, the working list for the DNSEXT WG, I wrote the issue statements in a series of notes Andrew was kind enough, and thoughtful enough, to collect, and frame, together with notes by Paul Vixie and YAO Jiankang (姚建康), on proposed solutions, into two notes. The first was unpublished, as it addressed a situation which existed when the ICANN Board disclosed and voted on several resolutions relating to International Domain Names (IDNs) in Nairobi on March 12th, which was corrected on April 7th. The second, published as Comments on "Proposed Implementation Plan for Synchronized IDN ccTLDs", is less of a technical ... shot across the bows, as the prior situation and the dangers it posed had been largely corrected.

The real text is that there are two roots, one operated out of Beijing, and one operated out of Marina del Rey, and managing the divergence between these two roots is the fundamental task of "internet governance" or "technical coordination".

Posted by EBW at 10:15 PM | Permalink | Comments (0) | TrackBacks (0)

Hours of review of a draft I hope never sees the light of day. The DNS Directorate and others (I'm one of the others) corrects the ICANN Board, and ICANN Senior Staff, on an issue of fundamental import, framed as a technical question, but actually ... a policy problem.

I'm not sure if I should categorize this as "ICANN" or "profound failure". The latter seems the likeliest outcome.

Posted by EBW at 10:56 PM | Permalink | Comments (0) | TrackBacks (0)

The speculators lost their wager, the "Expression of Intent" was voted down. The Deleware-Dollar bubble was holed, and the new gTLD application process, at the very least, and perhaps the operational requirements, is now, in theory, not a rigid $185,000 (plus the non-fee costs such as the inflated operational requirements) barrier to applicants from outside what I think of as the access-to-Delaware-corporate-law-facilities and use-currency-equivalent-to-US-dollars perimeter that surrounds the OEDC economies.

Two big wins to celebrate by ... going back to bed.

Posted by EBW at 03:53 AM | Permalink | Comments (0) | TrackBacks (0)

An interesting, and gratifying day, starting at 3am and ending at 10am. Steve Crocker, ICANN Board and former SSAC Chair comments from the Board side of the dias to CEO Rod Beckstrom that his rhetorical flurishes of Internet-is-dying-DNS-is-fragile are unsubstantiated, followed by ccNSO Chair Chris Despain from the floor who comments to CEO Rod Beckstrom that his alarmist rhetoric is harmful and the claim of ccTLDs going dark are false, followed by Roddney Joffee of UltraDNS/NeuStar who comments remotely to CEO Rod Beckstrom that his claims of increased attacks aren't supported by data, followed by the GAC rep from Canada asking CEO Rod Beckstrom if, among those large number of important countries he's contacted and gotten the data supporting his claims, he's contacted Canada. The answer was painful to watch. In his prior job at some time he's been to Canada.

So we've had our little Joe McCarthy moment, our bank sheet of paper with the names of communists in the State Department and the War Department waving moment.

When he was asked about the prayer thing when the meeting started, he blamed the Africans.

More useful was the High Security Zone Advisory Group followed by the wicked interesting presentation on the Waledac system and the civil prosecution by Microsoft. Buried in the wicked interesting presentation was the surprising realization that law enforcement is the last place to go, and civil action very effective. A very surprising and important message.

Today the Board held a closed "workshop" (vote alignment session) on the "Expression of Interest". I've commented that it is a bad idea until I'm blue in the carpal tunnels.

Posted by EBW at 09:57 AM | Permalink | Comments (0) | TrackBacks (0)

Enom is reported to have obtained a trademark for the sequence of letters "b", "l", "o", "g". In that order. In what jurisdiction this absurdity has occurred I don't yet know but when any TLD operator receives a registration request for the domain *blog*.TLD, where the "*" matches any zero or more characters before, and after the substring "blog", they may, in short order, receive a trademark-based claim to that domain.

Is that cute or what?

Today I sent out invitations to Verisign, Afilias, and NeuStar, all of whom I know or presume have responded to the New York City RFP for a .nyc to make presentations to ISOC-NY on April 10th at NYU. I'll present CORE's proposal and perhaps our competitors will show up to show off theirs.

Of course, who ever wins, the City of New York will have to give *blog*.nyc to Enom ... or tell Enom to go back to being channel registrar milking strings of resellers.

Posted by EBW at 06:19 PM | Permalink | Comments (0) | TrackBacks (0)

How to describe a bottom-up, multi-stakeholder organization which imposes, from the staff general counsel, unilateral conditions upon the contracted parties? Over the unanimous objections of the contracted parties? Peter Dengate-Thrush appears to be heedlessly striding off into the heroic testosterone soaked drama as the man who must be obeyed, and Rod Beckham appears to be a simple Garth clone at his side, mashing infrastructure security (recall, the DNS is a high value target for sophisticated I/O actors with state, or near-state resources) and retail cops-and-robbers crap into a meaningless glop of mindless mandates.

Watching the Board members present while Peter reversed utterly his position at Seoul made me wonder who on the Board is actually sharp enough to be useful. Obviously the half that were there agreed with the idea that unanimous non-consent from registries and registrars is not important enough to look into.

Posted by EBW at 09:18 AM | Permalink | Comments (0) | TrackBacks (0)

My day began coordinating (an upscale version of "meddling in") a presentation from the Haitian network community to the African national registry operators, at 4:30am Eastern, 5:30am Atlantic, and 12:30pm Nairobi.

This was followed by hours of listening to ICANN staff present on the Guidebook, the Four Overarching Issues, Vertical Integration and Single Registrant, and of course, the "Expression of Intent (EOI)" proposal that came out of a competitor's coordinated effort to flood the microphone at the Seoul meeting. Later in the day the GNSO Council and Governmental Advisory Committee Joint Meeting took the polish off the poisoned EOI apple.

Odd having a work day end in the mid-morning. I've got a letter to write pointing out that the decision to have just one "cost recovery bag" to put all applications in means that the applications by the Scots, the Welsh, the Basques, ... the cities of Barcelona, Paris, New York, ... which don't require evaluation intended to sort out which speculators-cum-investors manage to wrest {"shop", "sport", "web", ...} from all other like-minded speculators-cum-investors, and which of their monitization schemes are insufficiently toxic to cause immediate harm yet able to prevent their registry from most of all possible paths to ruin (the dead now are ".pro", ".name", ".travel" and ".mobi", though these deaths are all artfully packaged as "sales" rather than "registry failover") are subsidizing the mess of for-profit applications.

The canonical response when someone points out the high cost for applicants from outside of North America and Europe is that they, whether a community or a city or even a business, are looking for an exception to a fair process, for a subsidy, rather than the other way around, looking for relief from paying a speculators-and-other-idiots tax.

Just how much money does it really, really cost, to evaluate the request by the Scottish Authority or the Basque Autonomous Region or the Parking Authority of the City of Barcelona to hire a registry operator and proceed to operate a registry in their respective public interest?

If the answer is always the same as it costs Bonnie and Clyde to open up .bank, and the Scottish Authority or the Basque Autonomous Region or the Parking Authority of the City of Barcelona also have to wait until after all the Bonnies and the Clydes have set up their herds of cash cows to be allowed to act in the public interest ... is the problem too small to solve?

Update: The African national registry operators will "make every effort to put [ICANN CEO Rod Beckham] on the spot with the Haitian situation tomorrow [when the ICANN conference formally opens, though the real meeting began 36 hours ago]". I'm proud of both ends of the link. The Africans made the Haitians their peers, not just a basket case, viewed through the lenses of the donor nations, and the Haitians embarked across the Atlantic.

Posted by EBW at 10:56 AM | Permalink | Comments (0) | TrackBacks (0)

I'm participating remotely in the 37th ICANN meeting, after attending the previous seven meetings in Los Angeles, New Delhi, Paris, Cairo, Mexico, Sydney and Seoul. Two of my co-workers are in Nairobi, and today's agenda is the GNSO meeting -- the agenda is here. There are 52 people in the room, and the same number participating remotely. Tomorrow's meeting will be in a room twice the size.

The remote participation has been effective, the chat window has been bigger than a postage stamp, though it would be improved if it maintained state, as each "end of session" leaves the previously chatting participants (myself in Ithaca and some people in Reston at "Nairobi West") isolated until the next "session" begins, and there is no carry-over of chat state from session to session (or when I'm logged out by InterTube glitches), the audio quality acceptable and the elevator music is light European classical between sessions ...

Bill Drake from the Non-Commercial Constituency (NCUC) asks the cost-and-equity question during the EOI session. Is the $55k cost fair to developing country applicants? The response Kurt Pritz gives is cost-recovery, side-stepping the issue that policy, rather than profit driven applications, don't require the elaborate evaluation that, in other conversations, in particular the conversation around the unilateral amendment of the Registry Accreditation Agreement, of registrar-space gaming moving into the registry-space, Kurt describes as absolutely compelling. The short answer is not that poor communities and African municipalities are seeking subsidy from the rich Americans and Europeans, but are seeking to end their subsidy of rich Americans and Europeans who seek to game the rules and enrich themselves.

Odd how the "equity" claims are offered to advance inequity.

I'm attempting to coordinate a Haitian Registry and Network Recovery update for tomorrow's General Assembly meeting of the AfTLD (African Top-Level Domain registry operator group), which concludes the Introduction to Registry Operations Course (IROC) which CORE has sponsored in part, along with ISOC, ICANN, and AfriNIC and which is taught using materials developed by the NSRC. Reynold Guerrier will be speaking at 5:30am, Port au Prince time, 4:30am Ithaca time, to the AfTLD GA shortly after lunch, Nairobi time. I will need caffine.

Update: Success on the African end of things, and the Port au Prince end of things. The AfTLD GA will spend a quarter of an hour on an update from Port au Prince, with Q&A. Now how early will I have to go to bed in order to be awake at 4am? Hmm. Now looks pretty good...

Posted by EBW at 07:52 AM | Permalink | Comments (0) | TrackBacks (0)

The process of delegation embarked upon by Jon Postel after he settled on iso3166-1 as the organizing principle had its ups and downs. The .us zone became a playpen where six people "owned" 40% of the major US metropolitan areas. Pitcarin's Island went to someone in the UK. It got weirder from there, with Verisign buying the Comoros Islands for a ".cc" product, Tuvela became a streaming media play as ".tv", and the colonization, sometimes surprisingly self-inflicted continues. India is now Afilias' ".in" property.

The redelegation process was consensual. That is, the idiot who had the Pitcarin Island delegation had to agree to transfer the delegation to someone who actually paid attention to the company-sized population of on-islanders who wanted to use .pn. He didn't and the IANA got "this close" to doing a non-consensual redelegation, but in the final moments the idiot blinked and agreed to walk away from the registry.

The import of IANA's never having redelegated an iso3166-1 code point from party A to party B without the express prior consent of both parties A and B was that the DNS was not a legitimate military target. Whatever happened in Elbonia (Lower), coups, elections, corruption trials, ... did not effect a change in the control over the ".el" registry.

Until Iraq. ICANN in, and not in, the news, July 2004.

The .iq delegation handed over to agents of the regime put in place by the United States, without the consent of the delegee which had operated the .iq registry until it was shut down by agents of the United States. The DNS, and therefore its technical coordinating body, became a legitimate military target, with the first belligerent state targeting the DNS being ... the United States.

With that as a prelude, here's what those of us registered for the ICANN meeting next month in Nairobi got on the 11th:

Subject: New Information related to ICANN Nairobi Meeting
Updated Security Information as of 11 February 2010
Date:
Thursday, 11 February 2010

Dear ICANN Community,

Within the last 24 hours, we received an unclassified report from the United States’ Department of State related to the Kenyatta International Conference Center, the venue for our upcoming meeting (attached below).

The types of threats outlined in that communication are difficult to assess. ICANN is now reaching out to different parties in Kenya and elsewhere to see if it is possible to better assess the situation, and of course will share any further information with you.

Sammy Buruchara, Chairman of the ICANN 2010 Local Steering Committee in Nairobi has already provided the following information:

“In relation with the Security threat by Al Shabaab to US Embassy and KICC, I wish to on behalf of ICANN 2010 Local Organizing committee and on behalf of the relevant Kenya Government Security Agencies state the following:

The Kenya Government is aware of the Security Threat by Al Shabaab on KICC and on the United States Embassy in Nairobi. Our security organs that include National Security Intelligence Service (NSIS) and Kenya Anti-Terrorism Police have been alerted and will make appropriate security responses to deal with this threat. Through their network of security agents, they have made contingency plans to thwart any possible terrorist plot that will target Nairobi City, including KICC and all the Hotels in which delegates will be hosted, and the US Embassy.

I wish to assure ICANN Community that the Kenya Government is committed to ensure your safety during the ICANN event and will take necessary security measures to guarantee the safety of all participants during the Conference.”

In the most transparent manner possible, ICANN will continue to share information as it becomes available. Just like you, we’re processing this information, and seeing how and if we need to update procedures and plans for the upcoming meeting.

Sincerely,
ICANN

Information from U.S. State Department

“As of early February 2010, individuals affiliated with al-Shabaab al-Islamiya were planning suicide bombing attacks on the US Embassy and Kenyan International Conference Center in Nairobi, Kenya. The individuals were targeting the KICC because it was deemed the largest and oldest building associated with the Kenyan government. The US Embassy was targeted for its support of the Kenyan government. As of early February, the individuals planning to carry out the attacks were living in Somali communities in Kenya. We have no additional information regarding the possible individuals involved in the plot, timing, or method of the attack.

This is all the information we have at this time, and we will continue to keep you updated if there are any potential updates.”

And ICANN chose to become a legitimate military target the day it said "yes" to the pseudo-military claims of the 21st Secretary of Defense of the United States, Donald Rumsfeld, and the pseudo-legal claims of the 79th Attorney General of the United States, John Ashcroft.

I suppose ICANN can find hotel space in LA or Vegas, or risk being the target of some very sincere, very determined "lobbyists".

Posted by EBW at 07:57 AM | Permalink | Comments (2) | TrackBacks (0)

Last Monday Northrop Grumman announced that 300 of its top executives are leaving Century City for the Washington area, including the Maryland and Virginia suburbs, leaving 21,000 people in Los Angeles County and another 9,000 people in the rest of California.

It is a big change, and part of a trend of the defense industry management teams flight from their WW2 origins in Pacific Theater airfields rich in trade and craft Okie labor and skilled SoCal technical labor, to the permanent war without locus waged from Washington. They, their product, their innovation, is simply insufficient to prevail in the expenditure driving deceit hawks who don't have to overcome a major technical challenge, ever, in their war against rhetoric and technique.

The next day ICANN announced that James 'Jamie' Hedlund, a Washington-based lobbyist, will take over at the end of the month as vice president for government affairs for the Americas. He is nominally replacing Paul Levins who held the position of Vice President of Corporate Affairs.

Now this isn't quite the same thing as shutting down one wing of a floor of the 4676 Admiralty Way site, but it bears repeating .. the VP for governmental affairs for the Americas will be someone who has never set foot in the building, has never attended an ICANN meeting, has never ...

His earnings, according to one source:

Year	Earnings	Client
2009	$1,060,000	Consumer Electronic Association
2008	$1,200,000	Yahoo!
2007	$1,625,700	Yahoo!
2006	$700,000	Yahoo!

An interesting quote. I've been more open in the past year that the fundamental problem is managing the delta between the MdR and Beijing roots, a delta I'd a very small part in causing to come into existence. I doubt if he is aware that "maintaining a single internet" puts him on collision course with (a) the belief that the US can act arbitrarily without adverse consequence, that is, the dull bits of the DoD glitterati, (b) the belief that the US is the only competent jurisdiction, that is, the dull bits of the DoC competition law and letters set, and their counter parties, (c) the sharper bits of the PRC science and tech policy advisers and (d) the unamused European Commission. Oh well, a man paid to be optimistic.

Posted by EBW at 05:23 PM | Permalink | Comments (0) | TrackBacks (0)

In a series of related threads on NANOG on the evolution of the Russian Business Network and spammers and their infrastructure, to which someone was kind enough to forward the request below, I mentioned in a footnote (yes, I footnote my technical mail) something to which Suresh commented, and I wrote the note below the below (but above its own footnotes). Here's the footnote, followed by the request, followed by this morning's mini-tutorial on shell registrars sent to NANOG.

...
[1] shell registrars exist for another exploit, to maximize race contention results for the VGRS drop pool, the acquisition of expired names which have "name" value or residual traffic monitization value. Four companies control 318 US domiciled ICANN accreditations: eNom (116), Directi/PDR (47), Dotster (51), and Snapnames (104). Source: http://www.knujon.com/registrars/

Hello,

I need servers to host botnet controller. Botnet controller is software that sends tasks to bots. Bots are hosts which send spam emails to millions of addresses. It's not direct spam but abuses on botnet contoller are received from time to time. What is your policy in case of receiving abuses and what is your policy in case of receiving a lot of abuses? What is policy about spam (not direct from your ips as I mentioned above)? Is it possible to host botnet controller in your datacenter during long-term time?

Thank you.

On 1/2/10 11:38 PM, Suresh Ramasubramanian wrote:
> ... it would be interesting if some process were developed to
> deaccredit or otherwise kill off the shell registrars

Suresh, Why?

ICANN accreditation provides the registrar with a right to attempt OT&E with registries, the Verisign operated .com registry in particular, and with that, the right to specify a range of addresses from which the .com registy EPP server must accept connections.

That is the asset.

Every day "mumble.com" is dropped by the .com registry and every day registrars "race" to register "mumble.com". For some reason "mumble.com" has value not present in "mumble.bar", where "bar" takes on some 20 values other than "com", possibly because "mumble" is a generic or hyphenated concatenation of a generic and some other string, possibly also a generic, possibly because strlen("mumble") is less than 5.

If every registrar has the right to a fixed number of connections, or "threads", at the .com registry, then the probability of acquisition of "mumble.com" is 1/N, where N is the number of registrars competing to register "mumble.com". Note that this might not be sufficient to motivate investment in a "secondary market", in the abstract, however the verisign registry, and others, identified the "secondary market" as having high value and attempted to obtain non-random distribution of secondary registrations.

Therefore, while the value of "threads" was significantly greater than the cost of ICANN accreditation (a subject of note in its own right), it was a rational economic activity to form registrar legal entities, obtain ICANN accreditation, and rent the "threads" to entities which specialized in the "secondary market", that is, in collecting "back orders" on "mumble.com" from entities seeking to become the registrant of "mumble.com", presumably ranked by value (bids at auction), and execution of registrations for "mumble.com" in a race environment.

That's auction to 3pm minus some delta, and race at 3pm minus some epsilon to 3pm plus some epsilon. So, a well-ordered sequence sensor and slots on a roulette wheel. Clearly, the more slots on the roulette wheel, the greater the likelihood of winning.

So, the root cause for shell registrars is the value of expired names, and the association of acquisition resources with accreditation.

Value arises from (a) strings which can be repurposed economically (I claim that should Qualcom forget to renew "q.com" that "q.com" can be repurposed as something other than a domain name for a communications goods and services vendor), and (b) strings which cannot be repurposed economically, but have some fungible value, aka "traffic".

Now, shell registrars are a pain in the ass, not for operational reasons, but because every time someone wants to say something stupid and get away with it they say "[some large number] of registrars".

For example, at the ICANN Seoul meeting an unidentified male (in the transcript) who I recall was Dan Halloran, ICANN's Deputy General Counsel, said, while discussing the proposed new gTLD registry agreement (note, it isn't called a contract):

"... the central idea is still there that ICANN does retain the right to modify the agreement..."

and a minute later

"... the point is there's 900 registrars and ... We don't have to go individually and negotiate bilaterally with each registrar."

Source, transcript [1].

So the number of shell registrars is offered, by ICANN's DGC, and presumably by ICANN's GC (John Jeffrey) as well, as an absolute bar to contractual distinguishment.

Registrars can be "bad" because they fail to pay ICANN (the commonest form of registrar deaccreditation) or because they aren't responsive to email or because they are claimed to be in breech of some specific term in the current accreditation agreement. Other than that, it is ICANN's consistent position of record that registrars cannot be distinguished in contract since the divestiture of Network Solutions (registrar) by Verisign (registry).

Now to me (Eric Brunner-Williams, hat=="operator of ICANN accredited registrar #439 and CTO of ICANN accredited registrar #15 and operator of the sponsored gTLD .cat and .museum" registries for their respective ICANN contracted sponsors), the inability to distinguish, in contract, between an application advanced by the RBN and the IRC is ... a pain in the ass.

CORE's "business" is socially useful, socially responsible registries, its been our business since Jon Postel and others [2] drew up the IAHC-MOU [3], forming CORE. We'd like to see a contract for .com's clones, where "policy" is completely defined by first $6 offered, and a contract for .cat's kittens, where "policy" is consistent with the language in section 3, subsection 2, of RFC 1591.

The IRC contacted CORE (thanks to the ICANN staffer who suggested us to them!) for a .red-{cross,crescent} (Latin and Arabic scripts) but because ICANN won't create contractual constructs now, having done so in the past (the initial 7-10 round was partitioned between what is now called "standard" (biz/info/name/pro) and "sponsored" (aero/coop/museum), and the 2003 round was sponsored), the IRC (and CORE, and all of CORE's other registry partners, from the Provincial Government of Quebec to the Government of the City of Paris) has to wait until ICANN's crafted an evaluation process capable of evaluating every currently imagined scheme the RBN (or any other rational economic actor) puts forward.

Oddly enough, this appears to require unbounded time, and naturally enough, someone on NANOG will opine that one or more of, particularly the last item of this list -- {dnssec, ipv6, idns for ccTLDs, new gTLDs (ADH or IDN)} is "a bad thing". As an Indian, I will simply observe that the partition of Indian Countries into "Canada", "US", ... is suboptimal, and the further partition into "native" namespaces under each of the iso3166 associated namespaces is also suboptimal. We could do better, but even if the nsn.us namespace, to pick one well-ignored example, were turned over to me personally, that wouldn't meet all the needs of two of the three tribes I have cultural and/or political association with, which exist "in" both the United States and Canada. That is, I offer the claim that at least one TLD ought to exist, a claim made to Jon prior to the Green and White Papers. I expect the time from request to delegation will be 20 years, assuming the unbounded time requirement becomes bounded in 5 or so years from the present.

Shell registrars are not, generally, the source of primary registrations of arbitrarily abusive intent. That problem lies elsewhere and is adequately documented.

> .. and the bogus
> LIRs (which is how the thread started).

This has been a tutorial on why shell registrars are not the source of operational issues that could reasonably be characterized as problems. Problematic use of the DNS exists, but the registrar association is otherwise than to shell registrars. These are different exploits.

Eric

[1] http://sel.icann.org/meetings/seoul2009/transcript-gtld-registries-constituency-1-27oct09-en.pdf at pages 32 and 33, respectively.
[2] ISOC, IANA, IAB, FNC, ITU, INTA, WIPO
[3] http://www.gtld-mou.org/

Posted by EBW at 12:04 PM | Permalink | Comments (0) | TrackBacks (0)

Thursday this week will be the first ICANN policy event of the year, a Consultation on New gTLD Registry Agreement, announced on December 15th.

Wampum's readers who enjoyed Contracts will find the proposed draft registry agreement full of surprises and may enjoy the analysis of Jeff Neuman (NeuStar) and Steve Holsten (Verisign) here (Word format, 51pp), posted during the DAGv3 public comment period.

The second major topic is registry-registrar separation, which I'll write more about in the near future.

The agenda letter is below the fold.

Continue reading "The damp cocktail napkin and the CRAI Report no one asked for" »

Posted by EBW at 01:36 PM | Permalink | Comments (0) | TrackBacks (0)