VeriSign’s Sitefinder

Well, I have remained silent on this issue for now – mainly because of conflicts. I was one of a few members of the technical advisory group asked by VeriSign to look at Sitefinder and ask the questions – what does it add, what does it break, and how can we fix anything it breaks? The scope of the group was unlimited by any VeriSign edict and the members were of impeccable individual credentials. This group has now completed its work so I feel able to comment.

Today Stratton Sclavos is interviewed at CNet. Stratton declares that the key issue is the ability to innovate in the DNS infrastructure. To evolve it.

Kevin Werbach declares that to be a wrong point of view. He says innovation must be above the DNS.

I think both of these comments have their merits, but actually, they each have something right and something wrong. Stratton is right that innovation must happen, he is wrong to suggest that Sitefinder is an example of innovation – it is actually the implementation of an existing standard [update: actually this is acknowledged in Strattons interview]. Kevin is right that innovation should be on top of the core protocols, he is wrong in thinking that Sitefinder breaks that rule. Lets examine this.

The “innovation” VeriSign did was to place a wildcard into the .com and .net root domains. This means that if a non-existent domain is typed into an application the DNS is able to redirect the request to the sitefinder service, which is in turnable to provide a meaningful help service to users. In the process of doing this VeriSign has implemented an existing standard. The wildcard IS part of the ietf standard for DNS. The IAB acknoweged this clearly in their deliberations on the matter.

We hesitate to recommend a flat prohibition against wildcards in “registry”-class zones, but strongly suggest that the burden of proof in such cases should be on the registry to demonstrate that their intended use of wildcards will not pose a threat to stable operation of the DNS or predictable behavior for applications and users.

To this extent “innovation” might not be the right word. What VeriiSgn has done is to implement a previously unimplemented standard. The worst I can think to say is that they might have notified people more ahead of time. They certainly did not, and in my opinion do not, need permission to do it. Its all about being community friendly, but not about rights.

For what its worth the DNS service is actually better than it was before for HTTP requests to mistaken addresses. An error message has effectively been replaced with a redirected help screen. Where there are minor inconveniences – as with SMTP – these can easily be worked around if the industry is aware of the use of wildcards. No need for a huge over-reaction here.

So who is right Stratton or Kevin? Actually both are. Let’s look at the issues.

Is Stratton right to declare the need to innovate in the infrastructure – absolutely yes!

Look at the farce on international domain names. Still today the use of Japanese, Chinese, Korean and indeed any non-roman ascii character is disallowed in a domain name. In order to make anything work at all here VeriSign has deployed a plugin that, like all plugins, is only sparsely distributed. It had to do this because the ietf and ICANN together have been unable to come up with a workable solution. This is an area crying out for true innovation. Somebody needs to take the lead and let the market decide on the appropriateness of the solution. And this needs to be as free as possible from the control of a regulatory body.

Is Kevin right that the correct place to innovate is on top of the core protocols. Yes absolutely!

John Klensin [former iab chair at the ietf] has been arguing for a couple of years now for layers on top of the DNS facilitating search and directory like results. This is something I wholeheartedly agree with him on and I would say RealNames was exactly that – and internationalised too. Sitefinder is also that when looked at from the point of view of the results page. The wildcard in the DNS is the standard being implemented, but the results page is produced through an “escape” from the DNS – allowed by the wildcard. It is indeed, at that point a search and directory service built on top of the DNS.

My own viewpoint is that Sitefinder should be the starting point for true innovation above the DNS. Internationalised search and directory should be a high priority for the product folks. For me this can only be agood thing. Heck, it could even provide some competition to my friends at Google, who must be bored out of their skulls with the lack of outside pressure on them to innovate.

Bottom line – lets get rid of the emotion, lets allow ICANN to focus on helping the entire industry to evolve – and not be distracted by a bunch of fake stability claims, and lets allow the naming industry to evolve a strategy for a search and directory layer on top of the DNS.






Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: