These notes are only a partial record of the workshop, and the scribes apologise for any errors or mis- or missing attributions.
HenrT: Henry on URI ownership, binding, resolution; domain name ownership
appearance of dependence on domain ownership - arguing that this is not an issue would be in order today
(minimal scribing, see Henry's slides)
D-S is a Tahoe-LAFS developer
Resolving names to other names suffices as a model
local name systems.
pet name systems.
zooko's triangle - what properties might one have for a given type of name
difficult to have all 3 properties at same time
decentralized, memorizable, secure
change 'memorizable' to 'human-friendly' - do we have a free choice of names (a bit weaker)
what does 'global' mean? maybe split into context-free and decentralized
DNSSec comes close to satisfying the traingle but doesn't have decentralized reliance
peer-to-peer search has dec. rel. but not binding integrity
(slide 10) self-authenticating global names also have 3 out of 4
Without decentralized reliance we have a single point of failure
merge top 2 points as security properties 'noncentralized security'
human-friendly invites reorganization
human-friendly means not self-authenticating
(slide 14) name systems & currency systems
EFF sovereign keys (names)
systems based on a public ledger - distributed, write-only
oops, write-once
problem: need consensus on who owns a name (analogous to agreeing on who possesses currency)
stuart's questions
pet names, transaction ledger
<PaulW> not come across the analogy to currency systems before - will be going off to have a look at NameCoins and sovereign names later
Example: Byron Review URI - important link - pointers to PDFs
it got linked to.
200 OK, last updated 26 July => "this web site doesn't exist any more"
A human can, with difficulty, find things in the archive.
manual search finds everything.
indexed under original URI and date/time archived
problem with doing a redirect is archive date...
there was a reorg, and now the document is someplace else...
archive has 68 copies of the report - for different dates. we don't have unique names
KevA: it might say, we don't have the version from the date you requested, but we have from soon before or after
D-S: If it's not standardized, how useful is it?
<StuW> Hmmm... mutable/immutable resources and resources that mutate toward an immutable state - begs the question of what our notion of a resource is and what it is we wish to name :-)
PhilA: The intelligence is designed for a human researcher, not a machine
reorganizations effect on linked data
best to have dedicated domain. . . with a living will - 3rd party insurance
D-S: Why not a tag: URI?
PhilA: Change is part of life. Departments come and go. There is no appreciation of the value of permanence
ChuckM: It's not enough to educate people to the value of permanence, but. ..
ChuckM: It's a matter of self-awareness. If you assume nothing's permanent, expectations are set. . . why would any web site try to buck impermanence?
PhilA: there is some scope for education around survivable URIs
How domains fail & what they cost
CentralNIC
(I will be taking minimal notes - consult slides)
domain names are property - can be sold, stolen
trademarks, seizures
Blue Security went out of business due to DDoS
TLDs are not permanent eg. .su, .yu
The new gTLD allows failed TLDs to be transferred and shut down
jar: Is there any tombstoning policy?
economics - cost of dns query servicing
ICANN requires gTLDs to maintain 100% availability
anycast / BGP routing implements this
overprovisioning for DDoS defense
economies of scale don't apply - cost to meet threat doesn't scale - cost of meeting threat for 2n sites might be bigger than 2 * cost of meeting for n
bigger targets can be more vulnerable
Q: Re policies on bill nonpayment - example of australian university - hotmail.com in 2002-3
mailbase.ac.uk
are there any policies?
In the gTLD space, there is a standard policy - if you fail to renew, you lose the domain
HenrT: Different registrars can compete based on policy
D-S: Isn't the big-target phenomenon a consequence of the policy for dividing administration?
(break)
Old school persistence. GB 1438 / CRDA / 21/ DS /1/ 1997
impermanence abounds, but ids remain unique. but resolution gets harder
HenrT: Archiving's system like URI devolves to lookup + hierarchy
D-S: There is another class of system - hashes as names, distributed hash tables
HenrT: They're fragile
??: country codes - is anyone doing scenario planning - what if UK ceases to exist?
KevA: .su archival ids probably still work in some way -
somewhat different from DNS, where retired country codes get wiped clean
what did the .cs domain look like?
D-S: human readable means temptation to reorg and recycle
D-S: IAB gave advice to ICANN that TLD names should not be reassigned for 150 years
geoff bilder: Knowledge Exchange working on interop between per* id schemes
GeoB: Please be careful about words. persistent != permanent
"the best we can" - at Crossref we never say permanent
<StuW> When we speak of merely renting domain names - is there anyone that (regards themselves) as absolute owner of names.
GeoB: Persistable vs. persistent
... Human readable - really means hacker readable, expert readable.
SICIs are hackable only to a small minority
<StuW> There have at least been some maverick attempts to set up parallel DNS roots (mapping 4th level domain names into 2nd level names under their root servers).
SeanR: Handles - Bob Kahn - distributed
objects - naming, repository
... rfc 3652
... ITU
... "nonsemantic" prefixes are key
... (see slides)
... Numeric prefixes important.
... Delegation leads to fragility, so is limited in handle
system.
... -> name hierarchy usually reflects labile administrative
hierarchy
... CNRI has a FIrefox plugin for hdl: URIs
... What about dependence on hdl.handle.net ? - no dependence on
DNS under the hood
... hdl.handle.net is "too big to fail"
... hdl.handle.net is "exceptional" - specially understood e.g. by
Firefox
... "Exceptional domain names" were discussed on IETF URI
discussion list
D-S: And that's better than a new URI scheme?
SeanR: Yes, because it works using DNS
as a backup when client doesn't know the scheme
... discussion comparing to phone numbers, interpretable by
shortcut in context
D-S: What about false negatives & positives
PhilA: Does the plugin just do a
redirection, or does it do something more interesting? What if
target isn't a URL?
... How does this improve on purl.org? What is advantage to browser
makers?
D-S: There is a way to define new URI schemes that doesn't require a plugin
<D-S> http://www.whatwg.org/specs/web-apps/current-work/#custom-handlers Note that it is limited in that spec to a set of whitelisted schemes (not including hdl: or doi:) and schemes starting with "web+"
SeanR?: DNS persistence doesn't solve the whole problem
SeanR?: Problem with aliasing e.g. add ?xyz to end of any URL
SeanR?: Hierarchy is harmful
SeanR?: TLD for persistence? Should have nonsemantic subdomains
SeanR?: Maybe domain impermanence is not such a problem after all. DNS is working pretty well. Maybe URI scheme is better solution than DNS.
SeanR?: TLD would be good, but not the whole story.
(slides are detailed, refer to them)
NormP: Creation of IDF: retrieve rights
status etc.
... Bankruptcy makes redirects difficult
... Coexistence of DNS with good identifier principles?
PhilA: What about interaction between IDF and W3C? Much commonality.
NormP: A DOI URI draft to IETF was rejected on the odd grounds of "not relevant to the internet"; subsequently asked to resubmit but by then info: came along - but not being pursued now
NormP: IDF have received numerous approaches to support one or other approach to persistent ids, e.g. pressure to make DOIs URNs
NormP: There's also the OID scheme - object identifiers OIDs - ISO/ITU joint scheme; some are using for "Internet of things"
GeoB: We know that people will attach meaning to things, even numbers (e.g. zip codes) - branding importance in DOI prefixes
GeoB?: area codes, license plates
GeoB?: Fragility is proportional to semantics
GeoB?: We need obfuscation.
NormP: One size does not fit all
DesirM: ICANN budget 60M
... RFC 5892 Unicode and IDNA
... e.g. U+2028/9 no longer allowed to prevent spoofing
... ICANN Security & stability advisory committee etc.
... ALAC at large advisory committee
... bottom up policy making process
... redemption period - 30 days
... for new TLDs, must be able to run it for at least 3 years
... URI shortener X archive.org
[Break for lunch]
GeoB?: late binding - doi: is good because it doesn't commit until point of resolution
GeoB: Den Haag manifesto. perstistent
ids. conneg.
... it's the turtles all the way down thing. redirection,
crossref,
DesirM: In addition to expiry, we now
have take-down
... mostly for IP / copyright violations
... But this can be mistaken/abused, see e.g. the case of
rioja.com
... Also happening in the UK, possibly -- nominet
... This is a sign of government taking more control over DNS
... Moving into IP addresses -- dutch court has issued a freeze
order for a range of IP addresses to ???
<GavinBrown> The feature in BIND is called DNS RPZ - Response Policy Zones
DesirM: Auto-redirecting is also coming
in BIND -- see above
... It will cost money to address permanence issues
... What is the policy for failing gTLDs?
... consider .museum and .aero
DesirM: Security and Stability is the most important ICANN committee in terms of affecting ICANN policy
GavB: domainincite is a useful ICANN
watch site, dot-nxt is another
... Anyone can join the ALAC
... Chairman of SSAC is Steve Crocker, so serious technical points
can be introduced and will be understood
??: What's the chain of command down to the operational organisations?
HenrT: is there friction?
DesirM: there is friction, and there's
not enough enforcement
... ICANN doesn't interfere with pricing for say .com or .net
... But when wildkeys were introduced w/o negotiation, ICANN
eventually stepped in and pulled that
s@w/o negotiation@by operators w/o negotiation@
JthanR: Persistent identifier systems are based on priority binding
NormP: One entity has only one name?
JthanR: other way around
... If you can treat them as persistent, you can allow them to
propagate
... binding and resolution are distinct functions
... Once a name is bound, multiple resolution mechanisms (or none)
are possible
... Resolution and registration are stewardship roles, not
authority roles
... Because persistent names belong to society, not
individuals
... contra the TAG's official story
[exchange about changing binding, scribe missed]
<PaulW> It struck me, listening to Desiree's excellent overview of the governance aspects, that the threat(?) of interference from governments is primarily aimed at 'resolution' rather than 'binding'
JthanR: rule of law, not rule of some
authority
... So everyone is enabled to fix bugs in resolution
... because everyone knows what the bindings are
... Compare the system of species names
<GavinBrown> Paul: they're going after both. Blocking resolution is generally easier though.
JthanR: There needn't be, and indeed
isn't, any unified authority for the Linnean taxonomic system
... The appearance of [persistence] is as important as
[persistence] itself
<PaulW> @Gavin - are they going after both because both functions are often under the same governance? Or are they genuiinely aware of and interested in binding per se?
JthanR: So e.g. URNs by appearing
different to apparently impersistent http: URIs gained some social
credibility as persistent
... Perceived fragility of URIs comes from known occasional
fragility of domain names
... [channeling/parodying URN people] Any resolution system is a
threat to the identifier system
... because if it is undermined, it a) gives the appearance of
impermanence and b) weakens the binding definition, in so far as
they disagree
<GavinBrown> Governments censor DNS resolution to stop bad stuff that's already happening from comtinuing
JthanR: Authority-free resolution is a
must
... Authority-free binding is desirable
... Plant and animal names have both of these properties
<GavinBrown> They get involved in the "binding" (registration) phase to prevent future bad stuff
JthanR: The idea of 'exceptional domains'
came up
... This amounts to server-side persistence -- you need some
cooperation from ICANN/IETF/Registrars. . .
... But if one of those won't play, you can go to client-side
persistence
<GavinBrown> (for government values of "bad stuff")
JthanR: and e.g. get the browser vendors to recognise your exceptional domain
KevA: But the browser route only works when people are using a browser, there are lots more agents on the Web
D-S: But there are fewer libraries
HenrT: value of distinction between binding and resolution
PaulW: Occasional divergence is the
worry, because it's easy to miss
... I understand the distinction between binding and
resolution
... Don't they need to be tightly coupled?
... One keeping the other honest
JthanR: The system today doesn't guarantee that a good resolver today will still, w/o changing its nature, be doing the right thing
SeanR: Exceptional domains, and e.g the
xhtml namespace, only work in a few cases, and, as HST said, you
have to get in early
... So a new gTLD which is designed to be persistent has an
advantage here
<StuW> I think that the xhtml namespace thing is not so much about getting in early, so much as concensus arising from a spec. creation process( W3C happened to be the venue) such that there was sufficient confidence in the 'stability' of the namespace for folks to 'weld' the meaning into their software and not have to go off to a schema/dtd whatever determine available terms.
HenrT:Questions for discussion: What is the role of the Internet Archive in all this?
Endowment?
What are the constituencies?
Creators of reports/accounts/etc. of public interest
Consumers of ditto
Foundational documents of the internet
<StuW> I think there are various layers to things. At least from a linked data/semweb pov, part of the endeavour is the establish stable URI names for the 'words' (s,p,o) that we use to say things (makes statements). At the next is establishing names for 'important' things (noun's) that we need to be able to use to say the things that we really want to say (reference data). And then there are things that we really want to say (sometimes called transacti
PhilA: 'non-semantic' names? 'warm' URIs? Doesn't human interpretation of names imply a risk of change?
D-S: What value does human-readability give you
PhilA: maintainability
HenrT: [tries to get away from the opacity of URIs argument]
D-S: The very value of the readability of domains leads to their vulnerability
NormP: What would the new rules look like?
JthanR: We have a bunch of existing rules
for naming schemes
... There are lots of starting points
NormP: How would that be different from issuing an RFC
??: Social contract better than cryptography?
JthanR: Both are kinds of constitutions for a new scheme
GeoB: Not either-or (post-hoc or de novo), but both-and, maybe looking towards deprecation of the post-hoc ones
<StuW> re: human readability - one communication channel for identifiers is the side of a bus (QR codes and the like not withstanding). But maybe permanence is of low value in such cases.
<TimD> use case: I already have non-dns identifier and I need to be able to bind it
HenrT: Seems like cryptographic approach is (primarily?) for binding, not resolution, to use JAR's distinction
D-S: No, works for both
<TimD> use case: I have a dns-based identifier, but I've lost my domain name, but still need to bind my identifier to a dns-located service
GeoB: Existing persistent schemes depend for resolution on domain names -- that's a problem with any claim of persistent resolvability -- let's fix that
<TimD> use case: I already have an identifier for which I need/want to change the dns location part
<StuW> somene said wteo the is conflation of ~5 things 1) persistence of identifier; 2) persistence of the thing bound an identifier; 3) persistence of the mapping between those two; 4) persistence of the resolution mechanism; 4) persistence of the mechanisms to establish and maintain all of the above...
NormP: "Registrar cannot allocate an
Exceptional Domain to anyone else"
... is one requirement for solving the problem
PhilA: Where does the list of Exceptional Domains end? Who is the gatekeeper?
HenrT: So, another "Exceptional Domains are eligible for robust inheritance plans"
KevA: That's a non-starter, intersects poisonously with legal systems
GeoB: Inheritance could even be implemented technically
StuW: A lot of this is trust and
disposition
... is there a set of properties we can look for in entities, which
we could put in the resolution process
DesirM: The Wikileaks experience looks in different direction, in that mirrors need not have the same domain name
D-S: This puts the problem over onto the user
??: wikileaks.ch was pushing malware
HenrT: How for most URIs does the separation between binding and resolution work? For most of the URIs I create they are indistinguisable
D-S: Could you [JAR] clarify what the difference is?
JthanR: resolvers are a kind of cache for
bindings
... I come back to the biology [Linnaeus] example -- using the
whole scholarly record as the binding mechanism
sw, jr: "Jonathan Rees" on a piece of paper example
<TimD> I think we're trying to solve everything rather than identifying the problems
KevA: Trademarks don't always work anyway -- two people can trademark the same string in different contexts/jurisdictions/...
HenrT: So this comes back to binding -- a trademark is a (partial) independent of resolution mechanism for establishing a binding
TimD: So this is could be a fallback after losing control, and then losing the appeal process to get it back
PaulW: wouldn't the idea of gold-plating
a domain name lead to land grabs on a huge scale
... or putting responsibility on registrars to judge worthiness
PhilA: Requirements for getting one of these would have to be in place
HenrT: Back to the guidelines for access to exceptional domains
GavB: Maybe the arpazone gives a
precedent -- you get into the arpazone by publishing an RFC
... That gives a consensus process for getting into this special
status
... Barrier to gaming the system
... No cost [at least not in money]
... Meritocratic
... Enum is in .arpa already
... for example
PhilA: Take me through this at a lower level
GavB: 'arpa' is a tld, separate from ccTLD gTLD, ex post facto stands Address Resolution and Parameter Area
DesirM: An 'infrastructure' TLD
GeoB: So handle gets in how?
GavB: Update the handle RFC to describe how handle.arpa was to be managed
GeoB: Flood of bogus RFCs?
GavB: No, substantial review
... Would need to be standards track
PaulW: So we've escalated fragility from individual names to the whole DNS system
JthanR: IANA administers this under the guidance of the IETF
PaulW: It's strength is it's so rarely used
GavB: It's rarely used because it requires substantial review
JthanR: We have grounded this in a document!
GavB: I offer this in the first
instance for new names
... existing ones are less clear
... Publish and sign the zone files for the exceptional names
D-S: Does that make it harder to change the IP address?
GavB: Not impossible, still would be timeouts
JthanR: Are we done here . . .
GeoB: Who would 'own' handle.arpa -- CNRI? Is there precedent for this?
GavB: It wouldn't be owned, .arpa is in
the public interest space
... Who operates it is a separate question
... It could be distributed
D-S: So we would need an RFC to
establish the system as a whole
... with criteria for subsequent RFCs which create (or
grandfather?) an exceptional domain as a sub-domain of .arpa, with
properties as specified
KevA: This looks a lot better than a new gTLD
<PaulW> +1 "This looks a lot better than a new gTLD"
GavB: For sure -- time is too short and bar too high for getting in for the January call, and a subsequent exception would be hugely problematic
GeoB: So what would the next step be, supposing handle.arpa happened
HenrT: So I was confused, I thought the idea was that handle.org would be protected via the registration of handle.arpa
GavB: Maybe, per example.org, we could get existing domains in as well
PhilA: So we want ICANN to recognise that w3.org gets into this category by some form similar to e.g. handle.arpa
PaulW: I was closer to HST's misunderstanding, with the .arpa subspace giving the persistent evidence that a lapsed domain was special
GeoB: So we need recognition that domains that get under .arpa in some form to be protected
HenrT: Shorthand for my version would be that you get protection in perpetuity for foo.org, say, by getting an RFC approved for org.foo.prd.arpa
KevA: This is overcomplicated, puts a burden on registrars, which puts the whole thing at risk
GeoB: Second step would be very important -- there are a lot of existing ones out there
KevA: Decoupling step one from step
two
... future would register ...arpa, the special case would be
once-only for the existing ones
GeoB: Yes, there is a circularity here, which is that you want to establish the utility of your plan, which means deploying a non-.arpa solution
DesirM: Getting IETF to agree to working
with .arpa will be hard, I predict
... There is a [scribe missed this] in the US that might allow
experimentation
JthanR: PIR would be a useful interlocutor here
DesirM: If you lose a domain name, you want a way of recovering it by re-instating the registry entry, so you need a special service at, for instance, the .org level, for such exceptional domain names
<StuW> Alt how about a pattern that embeds year of registration in the domain name (or a sequence) www.w3:1995.com or www.w3:1.com
D-S: Publishing an RFC as all we have to do to get an exceptional domain is a key point
HenrT: Absolutely -- it removes the need to write incredibly detailed guidelines on what justifies exceptional domain status, for application by hundreds of registrars trying to deal with applications for exceptional status
GavB: We do need to get some input from some IETF experts in this area
JthanR: Even if the choice were to be a new TLD, something like an RFC would be the right way to get access to a sub-domain of that new TLD
TimD: There is an issue of
undemocratisation of binding -- the RFC process is a high barrier
for people who are creating identifiers all the time
... There needs to be a way for the big identity providers (DOI,
Handle) to allow for "later binding" to domain names
... So when someone tries to dereference a DOI, the binding to a
service happens early if you use the http://dx.doi.org/... form
... That was an advantage of doi:... and the firefox plugin,
because it did that binding later
[scribe missed some stuff about late binding in the DNS servers]
D-S: Keeping http://dx.doi.org/ working persistently
doesn't prevent using different protocols for doi:
JthanR: The exceptional domain people
haven't been satisfied yet
... There are lots of entities potentially involved in resolving an
identifier
... If you are a URN fan, your preferred remediation is to bypass
DNS
... If you are a DNS fan, your preferred remediation is to get one
or more domains which have the same robustness as URI schemes
[which they get from RFCs]
GeoB: .arpa is different enough that it might give a different, better, message about stabililty
JthanR: crossref has a lot to lose,
having made the move to recommend the use of http://dx.doi.org/... for citations in
journals -- there's almost a contradiction here!
GeoB: We were trying to address two
problems -- a lot of our members were committed to linked-data
principles, and doi:... didn't satisfy them, and the doi: the
resolution process was several steps longer than the http://dx.doi.org/... one
JthanR: Looking at this as a case study, if crossref has taken this position, shouldn't everyone else?
GeoB: The Den Hague manifesto, gathering of persistent identifier people, goal of improving interoperability, included a commitment to http: versions
JthanR: That amounts to a claim that some
http URIs are persistent
... But isn't there a risk, that you were looking to this workshop
to address?
GeoB: Yes -- it's a "turtles all the way down" situation -- if we go away, the next one down will pick it up . . .
StuW: Trust and confidence
... An alternative would be something like a robots.txt, where the
owner of a subspace of URIs makes claims about that subspace
... And your response depends on your trust and confidence in that
owner
JthanR: I don't see how having a
technical way to do that changes anything
... How does doing this in a machine-readable way make any
difference
KevA: It's not that we don't trust the entity involved, it's that things outside their control may make it impossible from them to keep their promise.
D-S: Another idea: start with a pure
first-come-first-served identity system, then allow some public
(newspaper-based, for example) mechanism whereby you gain
exceptional status
... Consider wikileaks.org -- you could imagine a choice [scribe
got lost]
D-S:You start with a pure first-come-first-served name system, and then you invite organisations that might have an interest in asserting alternative bindings (or that a binding should not be believed), *and* that have some reputation by which end-users might decide whether to trust them, to make those assertions cryptographically.
So (using a different example to wikileaks), a company that has some reputation in the security field, like Symantec for instance, might make assertions about which sites they think are hosting malware. If there are any assertions about a particular name from organisations that a user has chosen to listen to, the end-user software would present them (with proposed alternative bindings if any) to the user instead of automatically resolving the name.
(note that "listen to" != "trust in all cases")
The point to this idea is that a first-come first-served name system is easier to enforce, but might not always give the binding you would want in the case of disputes. No single organisation wants to be (or should be trusted to be) the arbiter for all disputes, but there are organisations that might want to assert things about disputes that they care about politically or have expertise in.
[via email]
??: A JISC-sponsored domain in Scotland closed down recently - - recommendations are needed for use of domains outside the ac.uk space for JISC projects
GeoB: Given JISC's scope, it should have a requirement for persistable names for all its projects
HenrT: i.e. in ac.uk
PhilH: Moved away from the original goal
-- I do think the meeting 6 years ago wasn't characterised by
obduracy on the two sides, just a failure of people to understand
one another. I don't see much improvement since then.
... Combining transparent and opaque components in a name, for
example, wasn't discussed.
JthanR: One doesn't usually obfuscate domain names.
PhilH: You might want to
... Back to the binomial [Linneaen] naming scheme. Aristotle
started descriptively, we would say phenotypically. Now we can get
different value from the genotypic perspective. Maybe we should
combine them
[various]: Prefer "robust" to "gold-plated"
HenrT: I'll try to take some steps to find out the viability of the .arpa idea
DesirM: Thomas Narten [IBM] is IETF/ICANN liaison
PaulW: I'm interested in understanding the Crossref decision, and may try to write that up
HenrT: send me use cases
StuW: Put the wiki up
HenrT: will find a way