James has responded again. He makes clear his views on my points. It’s clear we disagree. And that we remain friends. So decide for yourself by reading both views. No more on this from me re James. Maybe more on the subject as it develops.

To turn to another subject. SiteFinder is particularly interesting in the context of ICANN and its evolution. I have so far been very impressed with Paul Twomey as President and CEO. This issue is a real test of ICANN. There is enormous pressure on it to stand in the way of SiteFinder. Much of the pressure is well intentioned, much is purely driven by VeriSign hatred. ICANN was not set up as a regulatory body, and it was not set up to tell a registry how to run a business. It was explicitly set up as a private corporation to work with the private sector in the running of the DNS. That decision – to keep the DNS in the private sector – is key. It is what makes ICANN different to the ITU, where treaties and Governments are far more involved.

If ICANN steps outside its scope, and accepts the loudest voices as indicating consensus, it would be doing itself a serious disservice. It would soon become clear that the ITU is a more appropriate body for that more heavy handed, treaty driven, form of government. And the attempt to allow private industry and policy to co-exist will have failed. The onus – in my view – is on ICANN to step back, draw a line where it has no authority, and allow the market to decide winners and losers.

Of course all of this would be different if VeriSign, as accused, had really broken with standards in the DNS and had really threatened the stability of the Internet, or its security. In reality none of those things have happened and ICANN needs to be big enough to say so, despite the unpopularity of that viewpoint in certain circles.

James has responded again. I am responding because I believe the use of our weblogs as a place for public discussion is a great service to the community in airing the arguments – whether one agrees or disagrees with a given point of view.

This doesn’t need to be long but …. James, please re-read my piece.

I do not say John Klensin either does or will support SiteFinder. I say that his dns-search piece describes an outcome that is in every way similar to SiteFinder. It is an “above the DNS” search and directory layer. I also say that “if” John is consistent he would support it. By implication I am assuming he is not being consistent. His views, aired publicly, at the Stability committee last week suggest that too. So I am aware he is unlikely to actually support SiteFinder. I believe that is a “political” decision, not one that is justified technically. Shame on him if it is so.

Secondly. I absolutely see SiteFinder as “above the DNS”. It is an http service with search results. So by definition it is “above the DNS”. Why do you keep insisting it is not?

Also please distinguish between the wildcard and SiteFinder. They are two entirely different things. The wildcard is part of the DNS, and a standard part, albeit previously unimplemented. Let me repeat what the IAB said:

“We hesitate to recommend a flat prohibition against wildcards in “registry”-class zones, but strongly suggest that the burden of proof in such cases should be on the registry to demonstrate that their intended use of wildcards will not pose a threat to stable operation of the DNS or predictable behavior for applications and users.”

James, this is explicitly about the use of a wildcard in a TLD. And RFC is about the DNS in general, not excluding TLDs. So I really believe you are wrong on the issue of standards.

SiteFinder on the other hand is what happens once the DNS has released a query, having detected no valid domain name for the query in question. It is in that sense outside of and “above” the DNS.

Given all of this I really believe your rebuttal is simply avoiding my key points rather than addressing them.

VeriSign’s key mistake was one of not informing. It’s actual service is not a threat to the stability of the Internet and in my opinion can actually be a service to users and developers alike. What is needed is a clear statement of intent to re-introduce the wildcard, a date for doing so, and help for developers and network administrators in getting the best from it across all protocols.

I do not see any point in VeriSign engaging with the IETF on the wildcard. The IETF alrady has an RFC covering the wildcard and VeriSign has stuck to the RFC. So in a way there is nothing to discuss.

As for SiteFinder, there may well be very constructive discussions possible on how to evolve the service on top of the DNS. If VeriSign is prepared to engage the outside world in that discussion I can see only good coming from it. To be clear, that is not a standards discussion however. The very fact that SiteFinder is above the DNS makes it a discussion where different people can take differing views and none are either right or wrong in the abstract – it’s all a matter of opinion.

Clearly VeriSign’s opinion will count for a lot as it runs the .com and .net TLDs and so can redirect wildcard traffic to its own “above the DNS” solution. It is not very likely to abandon its own solution. That is just a commercial reality. We should all calm down and just get used to it. Running .com and .net carries a lot of power. Lets acknowledge it and get over it!

Lots of responses on my SiteFinder piece. Karl Auerbach [somebody who I generally warm too - although I never told him so] has a rebuttal here. And James Seng [who is a friend] has a piece here.

Karl and James are both good people, and honest too. But …. I believe they are missing several things in their largely negative analyses.

Karl makes an assault on my claim that the small % of people affected by SMTP issues was a “minor inconvenience”. He says:

” SiteFinder’s wildcard-record based redirection goes far beyond being a “minor inconvenience”.

The effects are not limited to email – everything from voice-over-IP to iSCSI (storage area networks) are damaged.  And this damage is not “easily worked around”.”

I couldn’t disagree more with Karl on the “end-to-end” point. VeriSign has not broken any end-to-end principle. For what its worth this is a principle I strongly believe in. IPV6 will be great at fixing the damage done by NAT, Proxy’s and Firewalls to that principle. I am a strong supporter of end-to-end. So, what has Sitefinder actually done? It has created a new “end”. The new end is different depending on the protocol in question.

Lets examine this in more detail.

HTTP and HTTPS – the old “end” was an error message from the DNS that there was no such domain. The new “end” is an http or https response that there is no such domain name and a list of possible alternatives. This is still an end

SMTP – The old “end” was a broken email with an error message to the sender after the DNS sent a ‘name error’ message to SMTP. The new “end” is an invalid recipient address with an SMTP error 550 code sent to the user. This is still and end

Indeed, in the case of every protocol – and we could go on with this list but I will preserve the reader from the details – there is a new “end” point of an initial request.

This opens the way for protocol specific error tracking. Certainly a vast improvement over a catch-all DNS error.

So – Karl – I challenge you to justify that end-to-end has been broken here. I can’t see it.

On VoIP, I run a company Santa Cruz Networks that has a major Video and voice over IP platform. We have seen no effects whatsoever. Why? because we run our service on legitimate domain names and our end points are legitimate domain names. There is no way the ‘wildcard’ invoked to produce a SiteFinder results page could actually affect us. If one of our users types a mistaken name, then they will get an error. But there again, that was also the case before SiteFinder.

The rest of Karl’s piece refers to allegorical things – the NASA space disaster and the US east Coast electricity grid failure. I for one do not see the similarities – sorry. Seems like more heat than light here if you will pardon the pun.

James Seng makes some different points.

James first point:

“The Internet is many things, but some of the basic protocols are really fundamental to the functioning of the Internet such as IP, TCP, UDP and of course DNS. Take away or modify them, you are breaking the Internet.

Really! I disagree, SiteFinder is the new [i]case “b”! SiteFinder is saying – the domain does not exist, but it is adding to this by saying – here are some you may have intended to type.

I stick to my point that this is a better end result than the one previously in existence. This domain does not exist is not as good as This domain does not exist and here are some that do in case that is what you intended.

James second point is about innovation needing to be above the DNS. There are several places he speaks of this and here is one of them:

“But over the years, I learnt and I realized there are more important things like keeping the Internet..well, Internet. Innovation above the DNS, which is why Internationalized Domain Name is now standardized as a function above the DNS and not part of it.”

I will simply repeat what I said earlier. SiteFinder is an above the DNS innovation. The wildcard is in the DNS. It is the escape from the DNS that allows SiteFinder to exist. The wildcard is a documented standard that even the IAB refrains from saying should be banned. SiteFinder is a search and directory service, running on http, above the DNS.

Next James suggests that I mistakenly called John Klensin as a witness for VeriSign:

“If you read Keith Teare’s blog, you may think John Klensin agrees with Verisign. While I cannot speak for John, I know him and we work on many projects together over the years and I am quite certain that’s not true. I remember John’s DNS Search and he talks about how people needs better way to locate resources then DNS but it is very specific that all these is to be done above the DNS, not inside it.”

So, to be clear. I do not mean to suggest that John Klensin supports SiteFinder. I do however suggest that if John was to be consistent he would support it. His RFC on dns-search at the IETF seems to me to be a very close approximation to SiteFinder. [NB. This draft has been strangely pulled from the IETF site, but another one relating to it is still there]

Clearly the wildcard as a route to a search and directory layer above the DNS is not part of John’s documents. But the end results look very similar to me.

I believe the industry as a whole should be very open to this innovation.

Having said all of that, am I an unequivocal supporter of VeriSIgn’s handling of this service. No! I have several critical things to say.

1. Notification – this was an important change and people should have been notified. Developers in particular.

2. Implementation. Improvements in implementation would have helped a lot. Wildcard MX records for example. Also the ability to distinguish between a truly non-existent domain and one in various forms of “stasis” with registrars.

3. Developer help. It would have been great if VeriSign had developed or intended to develop an SDK to help application developers implement the wildcard and its consequences into their applications.

Had there been no outburst about SiteFinder these would be the only points worth making. given the reaction and its largely emotional, non-analytical nature, rebutting the reaction seems a whole lot more important to me. Anything less would mean that attempts to innovate above the DNS as SiteFinder is would be destined to political failure – a far more serious issue than technical failure as its way harder to fix.

I hope that clarifies things.

Well, I have remained silent on this issue for now – mainly because of conflicts. I was one of a few members of the technical advisory group asked by VeriSign to look at Sitefinder and ask the questions – what does it add, what does it break, and how can we fix anything it breaks? The scope of the group was unlimited by any VeriSign edict and the members were of impeccable individual credentials. This group has now completed its work so I feel able to comment.

Today Stratton Sclavos is interviewed at CNet. Stratton declares that the key issue is the ability to innovate in the DNS infrastructure. To evolve it.

Kevin Werbach declares that to be a wrong point of view. He says innovation must be above the DNS.

I think both of these comments have their merits, but actually, they each have something right and something wrong. Stratton is right that innovation must happen, he is wrong to suggest that Sitefinder is an example of innovation – it is actually the implementation of an existing standard [update: actually this is acknowledged in Strattons interview]. Kevin is right that innovation should be on top of the core protocols, he is wrong in thinking that Sitefinder breaks that rule. Lets examine this.

The “innovation” VeriSign did was to place a wildcard into the .com and .net root domains. This means that if a non-existent domain is typed into an application the DNS is able to redirect the request to the sitefinder service, which is in turnable to provide a meaningful help service to users. In the process of doing this VeriSign has implemented an existing standard. The wildcard IS part of the ietf standard for DNS. The IAB acknoweged this clearly in their deliberations on the matter.

We hesitate to recommend a flat prohibition against wildcards in “registry”-class zones, but strongly suggest that the burden of proof in such cases should be on the registry to demonstrate that their intended use of wildcards will not pose a threat to stable operation of the DNS or predictable behavior for applications and users.

To this extent “innovation” might not be the right word. What VeriiSgn has done is to implement a previously unimplemented standard. The worst I can think to say is that they might have notified people more ahead of time. They certainly did not, and in my opinion do not, need permission to do it. Its all about being community friendly, but not about rights.

For what its worth the DNS service is actually better than it was before for HTTP requests to mistaken addresses. An error message has effectively been replaced with a redirected help screen. Where there are minor inconveniences – as with SMTP – these can easily be worked around if the industry is aware of the use of wildcards. No need for a huge over-reaction here.

So who is right Stratton or Kevin? Actually both are. Let’s look at the issues.

Is Stratton right to declare the need to innovate in the infrastructure – absolutely yes!

Look at the farce on international domain names. Still today the use of Japanese, Chinese, Korean and indeed any non-roman ascii character is disallowed in a domain name. In order to make anything work at all here VeriSign has deployed a plugin that, like all plugins, is only sparsely distributed. It had to do this because the ietf and ICANN together have been unable to come up with a workable solution. This is an area crying out for true innovation. Somebody needs to take the lead and let the market decide on the appropriateness of the solution. And this needs to be as free as possible from the control of a regulatory body.

Is Kevin right that the correct place to innovate is on top of the core protocols. Yes absolutely!

John Klensin [former iab chair at the ietf] has been arguing for a couple of years now for layers on top of the DNS facilitating search and directory like results. This is something I wholeheartedly agree with him on and I would say RealNames was exactly that – and internationalised too. Sitefinder is also that when looked at from the point of view of the results page. The wildcard in the DNS is the standard being implemented, but the results page is produced through an “escape” from the DNS – allowed by the wildcard. It is indeed, at that point a search and directory service built on top of the DNS.

My own viewpoint is that Sitefinder should be the starting point for true innovation above the DNS. Internationalised search and directory should be a high priority for the product folks. For me this can only be agood thing. Heck, it could even provide some competition to my friends at Google, who must be bored out of their skulls with the lack of outside pressure on them to innovate.

Bottom line – lets get rid of the emotion, lets allow ICANN to focus on helping the entire industry to evolve – and not be distracted by a bunch of fake stability claims, and lets allow the naming industry to evolve a strategy for a search and directory layer on top of the DNS.

Jeff Pulver – organizer of the VON conferences- in his newsletter, delivered via email, today.

Right on the Money!

We Didn’t Start the Fire

“We didn’t start the fire
It was always burning
Since the world’s been turning
We didn’t start the fire
No we didn’t light it
But we tried to fight it…
…and I can’t take it anymore!”

Check this out.

One of these boxes supports 2000 subscribers. If you charged only $50 per head per month for unlimited video and voice over IP a fully subscribed box would generate 50×2000x12 – that $1.2m a year. Even after bandwidth and hosting fees are taken into account you have a great business.

Santa Cruz Networks – full disclaimer, I am the CEO – is currently [through 15 November] offering to finance emerging service providers. What this means in practice is that you pay less than $10k up front and about $5k monthly to become a full communications service provider, offering voice and video over IP to individuals and enterprises. It’s like being the first ISP in your town. Contact Max Montgomery if you want to know more.

Dave said: “I told Doc tonight at dinner that I think we’re at the cusp of a communication revolution”.

OK I sooooo agree with this. When I helped start EasyNet in 1994 there were only 2 ISPs in the UK. It cost us $50,000 to start the company. Becoming an ISP was suddenly within reach of 2 guys and a credit card. Today, with Video and Voice over IP technology it will soon be possible to start a communications company for less that $50,000. This is going to make competing with the big telcos an achievable goal for many startups. Somebody is going to become the UUNet of communications, and the Earthlink of communications and even the AOL of communications. Many thousands of others will become local communications service providers, just as there are thousands of local ISPs.

It’s going to be fun to watch.

From The Register

“The second factor in 3G’s fate is, of course, whether 3G networks take off at any significant level at all, or whether they will be marginalized by Wi-Fi/WiMAX and by the advent of IP-based 4G.”

It seems clear that 2G, 2.5G and 3G wireless are simply staging posts to broadband wireless with real time communications over IP. Its just a matter of time.

However, state attempts to regulate IP based communications like Voice over IP will certainly slow things down. Shame.