|
The DNS root zone, as supported by Verisign, bundles together two different services:
- Handle service: a handle is a token (not necessarily humanly readable or mnemonic) that can be owned by a user and reassigned to different IP numbers as that user migrates around the network;
- Name service: a name is a humanly meaningful token that resolves to an IP address.
DNS is currently the only handle service, which gives Verisign a sort of monopoly power. There are many different name services, including DNS, Yahoo, Google, which could compete more evenly if none of them were bundled with the only handle service.
We could deploy a handle service with almost no administrative burden, using current DNS software, at a lower level of the DNS hierarchy (perhaps a 3d level domain), providing meaningless numerical handles freely to all. Bob Frankston has described this idea in his dotDNS proposal: http://www.circleid.com/article/225_0_1_0_C. It only requires a stable institutional sponsor with a highly defensible domain name (e.g. nicesponsor.org), the technical oomph to run a name server at traffic levels similar to the alternate root servers, and the willingness to provide silly looking subdomains (e.g. 188828281282232.dns.nicesponsor.org) to all who request them.
If a handle service under dns.nicesponsor.org proves useful, it can migrate up to a higher level in DNS, and future software deployment can eventually treat it as a new root. Users can assign their own handles using public-key signatures and secure hashing, depending on the sponsor only for dissemination and not for authorization. In the meantime, dotDNS does not interfere at all with the current DNS. Nobody has to abandon her use of DNS while exploiting the alternative value of dotDNS.
It's time to just do this.
|
Security and Stability Advisory Committee Recommendations
