Inside ICANNWatch  
Submit Story
Lost Password
Site Messages
Top 10 Lists
Latest Comments
Search by topic

Our Mission
ICANN for Beginners
About Us
How To Use This Site
Slash Tech Info
Link to Us
Write to Us

  Useful ICANN sites  
  • ICANN itself
  • Bret Fausett's ICANN Blog
  • Internet Governance Project
  • UN Working Group on Internet Governance
  • Karl Auerbach web site
  • Müller-Maguhn home
  • UDRPinfo.com;
  • UDRPlaw.net;
  • CircleID;
  • LatinoamerICANN Project
  • ICB Tollfree News

  •   At Large Membership and Civil Society Participation in ICANN  
  • icannatlarge.com;
  • Noncommercial Users Constituency of ICANN
  • NAIS Project
  • ICANN At Large Study Committee Final Report
  • ICANN (non)Members page
  • ICANN Membership Election site

  • ICANN-Related Reading
    Browse ICANNWatch by Subject

    Ted Byfied
    - ICANN: Defending Our Precious Bodily Fluids
    - Ushering in Banality
    - ICANN! No U CANN't!
    - roving_reporter
    - DNS: A Short History and a Short Future

    David Farber
    - Overcoming ICANN (PFIR statement)

    A. Michael Froomkin
    - When We Say US™, We Mean It!
    - ICANN 2.0: Meet The New Boss
    - Habermas@ discourse.net: Toward a Critical Theory of Cyberspace
    - ICANN and Anti-Trust (with Mark Lemley)
    - Wrong Turn in Cyberspace: Using ICANN to Route Around the APA & the Constitution (html)
    - Form and Substance in Cyberspace
    - ICANN's "Uniform Dispute Resolution Policy"-- Causes and (Partial) Cures

    Milton Mueller
    - Ruling the Root
    - Success by Default: A New Profile of Domain Name Trademark Disputes under ICANN's UDRP
    - Dancing the Quango: ICANN as International Regulatory Regime
    - Goverments and Country Names: ICANN's Transformation into an Intergovernmental Regime
    - Competing DNS Roots: Creative Destruction or Just Plain Destruction?
    - Rough Justice: A Statistical Assessment of the UDRP
    - ICANN and Internet Governance

    David Post
    - Governing Cyberspace, or Where is James Madison When We Need Him?
    - The 'Unsettled Paradox': The Internet, the State, and the Consent of the Governed

    Jonathan Weinberg
    - Sitefinder and Internet Governance
    - ICANN, Internet Stability, and New Top Level Domains
    - Geeks and Greeks
    - ICANN and the Problem of Legitimacy

    Highlights of the ICANNWatch Archive
    (June 1999 - March 2001)

    New gTLDs Verisign/NSI
    .museum's Awfully Defensive Statement on Its Wildcard
    posted by michael on Tuesday October 07 2003, @07:54PM

    One of the reasons why the IAB was too honest to say "Wildcards bad, end of story" is that a large number of registries use them. Mostly it's ccTLDs, but there is also one gTLD, .museum, that uses a wildcard. That registry has now issued a Statement Concerning Wildcard A Records in Top-Level Domains. As it notes, "Since it was entered into the DNS nearly two years ago, the .museum TLD zone file has included a wildcard A record, implemented according to conditions in the ICANN-MuseDoma agreement."

    But they don't want you to think of them as being like VeriSign, oh my no...."The purpose of the present statement is to call attention to key differences in the purposes that the wildcards serve, their benefits and drawbacks, and the processes by which they are introduced."

    Some of the key points:
    • We're small
    • We developed our wildcard "through a consultative process that generated strong support within the museum community"...including SIX WHOLE WEEKS of advance warning to the museum community
    • There "have been no reported technical problems resulting from its use during the nearly two years of its operation,"
    • OUR users had advance notice;
    • WE didn't do it for the money
    • We love ICANN and welcome its "investigation of the technical concerns, including those raised by the Internet Architecture Board and the ICANN Security and Stability Advisory Committee."
    • Did we mention we are very very small? And that no one has ever objected to our wildcard?
    And, in conclusion,
    In its deliberations since 2001, the museum community has enthusiastically endorsed the use of the .museum wildcard to enhance the accessibility of a public index of the TLD namespace. The benefits of the index were viewed as significantly overriding any drawbacks that might result from the use of a wildcard to direct attention to the index. The wildcard implementation strictly adheres to the clearly defined and narrowly focused configuration developed in consultation with technical experts. MuseDoma has ensured further adherence to this through its supervision of the provider of .museum registry services, CORE.

    Despite its broad support of the .museum wildcard, the museum community recognizes its responsibility for developing .museum policies in a manner that avoids technically disruptive effect on other parts of the Internet. The use of the .museum wildcard is most effective as a user-familiarization tool in the TLD's initial stages and, as the .museum TLD grows in acceptance, it is appropriate periodically to review the use of the wildcard. MuseDoma expects the ongoing investigation by the ICANN Security and Stability Advisory Committee of the technical concerns raised by wildcards to illuminate the museum community's assessment of the present benefits and drawbacks of the .museum wildcard, and its development of policies regarding the future of that wildcard. MuseDoma looks forward to the insights this process will provide and to continuing to work with ICANN in ensuring that the Internet's infrastructure continues to be operated stably, securely, and in the interest of the global community.

      ICANNWatch Login  


    [ Don't have an account yet? Please create one. It's not required, but as a registered user you can customize the site, post comments with your name, and accumulate reputation points ("karma") that will make your comments more visible. ]

      Related Links  
    · CORE
    · VeriSign/NSI
    · ICANN
    · Statement Concerning Wildcard A Records in Top-Level Domains
    · More New gTLDs stories
    · Also by michael
    This discussion has been archived. No new comments can be posted.
    .museum's Awfully Defensive Statement on Its Wildcard | Log in/Create an Account | Top | 18 comments | Search Discussion
    Click this button to post a comment to this story
    The options below will change how the comments display
    Check box to change your default comment view
    The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
    Maybe .pro Should Wildcard
    by jberryhill on Tuesday October 07 2003, @08:40PM (#12413)
    User #3013 Info

    Of course, if it wasn't for the wildcard in .museum, you'd never find any museums, since the naming convention is counter-intuitive.

    For example, if you want to find broadband internet services, you go to:


    If you want to find the National Heritage Agency of the Isle of Man, you go to:


    And, how many times have you been looking for a frog museum in your country? It would be a long time before you stumbled across:


    But hurry. In order to qualify for a .museum domain name, the museum must be open to the public, and the swiss.frog.museum is only open for three hours every month.

    [ Reply to This | Parent ]
    • Re:Why Not? by ldg Sunday October 12 2003, @02:18PM
    • 1 reply beneath your current threshold.
    by RFassett on Wednesday October 08 2003, @06:13AM (#12419)
    User #3226 Info | http://www.enum.info
    the market place dictates that .com domain name registrations are a commodity. For those DNS business models this is of benefit to, there is no problem until threatened. Same would be true for .Museum except for the fact the market place does not dictate second level registrations as a commodity, by its own design. It seems ok to capitalize upon the commodity value of .com as long as you are not "the provider". Technical issues aside, I am not sure I get this logic.
    [ Reply to This | Parent ]
    Re:What's with the sarcasm?
    by KarlAuerbach on Wednesday October 08 2003, @12:25AM (#12415)
    User #3243 Info | http://www.cavebear.com/
    The real "users" of a TLD are not those who own names but rather those who utter the names into their e-mail or web browsers or voice-over-ip phones or CVS checkouts or ...

    The effects of wildcards are felt and endured mainly by those who utter names. So why is there all this retroactive justification based solely on the opinions of those who have merely registered names?
    [ Reply to This | Parent ]
    Who has the authority to bind a domain name?
    by odonnell (michael_odonnell@acm.org) on Wednesday October 08 2003, @08:57AM (#12423)
    User #3447 Info | http://people.cs.uchicago.edu/~odonnell/

    Wildcards themselves are a technical device. The wildcard concept is a red herring in the discussion of Verisign's, MuseDoma's and others' insertion of wildcards into their tables. Whatever the actual reason

    why the IAB was too honest to say "Wildcards bad, end of story"
    the correct reason is that wildcards are not inherently bad, and no statement about wildcards is in fact the end of the story.

    The key question behind Verisign's and MuseDoma's actions is, "who has the authority to bind each domain name?" The operator of a DNS zone performs its duties for a particular constituency, which varies from zone to zone. Authority for general policies comes from the constituency, and entails particular authorities over particular domain names. An operator is responsible for respecting the authority of its constituency, and for encouraging healthy technical practices.

    In the case of the root zone, .com and .net, the constituency is essentially all of humanity. ICANN is the least problematic organized representative of humanity for this purpose. Verisign holds a contract (and apparently a very lucrative one with high profit margins) from ICANN to perform a large part of the .com and .net operations. Within these subdomains, it is widely accepted that control of a particular name is valuable, and must be awarded to particular applicants based on a combination of temporal priority, willingness to pay, and rights to trade names and marks connected naturally to the domain name. Verisign bound a huge number of these domain names without approval from its constituency, nor from ICANN as a representative of its constituency. Furthermore, it appropriated to itself a commodity with a high market value which it does not own, but holds as contractual steward for ICANN and humanity.

    It appears that the constituency for .museum may be well represented by MuseDoma, which may have acted totally responsibly to the authority of the constituency. If so, there is no objection to their use of a wildcard entry based on authority.

    It also appears that MuseDoma crafted its wildcard entry entirely to support a particular sort of Web browsing. If so, they are probably guilty of an engineering error. Healthy technical practice dictates that DNS responses must serve all possible applications at the IP level, and not just higher-level protocols, such as HTTP. In a very small subdomain, created solely for the exercise of HTTP, it is OK to ignore other uses. It is unlikely that .museum is small enough to qualify for this exception. But, based on the information before us, MuseDoma has probably made a modest and correctible technical error, and has not exceeded its authority.

    Of course, the technical objection applies very strongly to .com and .net, since addresses in those domains may be used for anything. As a really good steward, Verisign would have resisted popular pressure to add the sort of wildcard that it did, and explained to its constituency why every table entry must support all possible IP uses, and not only a subset of higher-level protocols---not even the subset consisting of all protocols in use today. To have instituted a technically unhealthy step (and it would be unhealthy even if the immediate consequences were all positive, because it constrains future innovation) against the wishes of its constituency is a serious ethical, and apparently contractual, offence by Verisign.

    Mike O'Donnell
    [ Reply to This | Parent ]
    Re:Hypocracy In Action
    by ldg on Sunday October 12 2003, @02:30PM (#12443)
    User #2935 Info | http://example.com/
    A better rule of thumb has been suggested - that wildcarding is OK in a zone if, and only if, all the names in that zone are under the control of the zone operator or have given their express permission.

    AND with the understanding that if DNS server operators patch to force proper DNS RCODE response, those domains may not work properly.

    [ Reply to This | Parent ]
  • 2 replies beneath your current threshold.

  • Search ICANNWatch.org:

    Privacy Policy: We will not knowingly give out your personal data -- other than identifying your postings in the way you direct by setting your configuration options -- without a court order. All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by ICANNWatch.Org. This web site was made with Slashcode, a web portal system written in perl. Slashcode is Free Software released under the GNU/GPL license.
    You can syndicate our headlines in .rdf, .rss, or .xml. Domain registration services donated by DomainRegistry.com