Harold Feld: Does this break end-to-end? Getting into a war between Verisign and Microsoft?
Crocker: Why limit to VSGN and MSFT? CISCO could also get into the middle and reinterpret things.
Feld: Can't limit to "what broke over the last weeks." Larger picture.
Q: Wildcard in personal domain v. TLD?
Klensin: Distinction between domain under control of entity, and domain being administered for benefit of others.
Crocker opens discussion up to the floor.
Huey Cali Son: What is the big deal? People in the room care. To Joe end user it's not a big deal. Couldn't those who care about this work around it?
Panelist: Wireless. RCODE 3 -> 17kB HTTP message. Cost.
Klensin: Think differently. Pretend it's 1991. Same question. Who gets hurt? There's that strange protocol allocated by IANA with port 80. Nobody ever heared of it. RSET on 80. Users can't figure out whether that thing on the other end doesn't exist or is just unreachable due to network congestion. May not have a web today.
Mohan: Fallacy that Internet is web. Internet is much more than Web.
Chuck Gomes (Verisign): Seem to understand -- Encourage innovation at the edges, even if not standards compliant. At center, discourage innovation, even if standards compliant. Doesn't know if that's correct.
Bellovin: If violation is at edge, I can use something different. Don't like IE? Use Galeon. I'm at the edge, can do what I want. Don't have choice with TLDs and dot-com.
Gomes: Don't believe that sitefinder limits choice, at least for providers like Microsoft.
Crocker: Fact issue. Change made at place where only registry operator can make that change, where there is no choice for anybody to propose, make any alternative changes or whatever. Unilateral action of registry operator. Architecture is now that registry operator is in position to make such changes.
Completely separate from any services offered around the edge.
....
Marilyn Cade: Thanks ICANN, SECSAC, everyone who came. Being willing to work together. Hope for collaborative, consensus-based approach. Try to work together to address challenges. Vision everyone shares of internet quite similar. International and language diversity. Internet important. Shared vision. Concern: Governments look hard to see whether consensus-based approach can work. Can private sector be trusted to solve complicated challenges? Yes, largely technical problems and questions. Stability more than just hard technical questions. Other questions had to be parked today. Have to address other questions in very near term. Very dependent on SECSAC for consultation and advice.
Robert Enger: Large amount of money being made. Verisign essentially taking money out of Microsoft's pockets. Microsoft might make changes to IE. Might lead Verisign to make counterchanges. Might disenfranchise third parties who have installed whatever workarounds. Initial loss just Verisign and Microsoft, ancillary effect on third parties.
Crocker: Don't get between Microsoft and Verisign?
Enger: Measure and countermeasure.
Howard Berkowitz: Stability question. Assume evolved sitefinder. Assume problem with application protocols is solved. Different standpoint now. Root servers geographically dispersed. Small enough set that we can have table of addresses of root servers. Not queried relatively often. Sitefinder usage would go up not by number of DNS resolvers or DNS caches, domains whatever -- go up by number of user sessions. More sitefinder instantiations necessary. How many instances needed? ... If adopted on large scale, how bring up to the level of robustness that we have in BGP?
Crocker: Robust systems are actually demonstrated capacity of Verisign. Load -- delicious question to them.
Berkowitz: Other TLDs? Same capability? Deliberate attack? Engineering requirements?
...
Chuck Gomes: Not talking about root servers, talking about .com/.net. Make sure nobody things talking about root servers. Understand from history why terms are interchanged. Posted today thorouogh response to IAB response. Feedback appreciated.
Parting question: Talking about wildcards based on standard, or about change made to DNS?
Robert Seastrom (?): Wildcards in delegation zones likely to violate two principles that have served interoperability well in past. Conservativity. Least surprise.
CAIDA rep -- fans of data as hard as it gets. Verisign said they have partners that have worked with VSGN to do pretesting. Make results of that available? Points to example of bad combination of features that caused load of traffic on root servers. Microsoft didn't know they were doing this.
Crocker: CAIDA has done stellar work in measurement, lady who spoke has had fingers dirty with real data for years. Gold standard of measurement activities. Verisign -- make data, methodology available?
Turner: Plan is to make available all data that they have.
Crocker: Look forward.
CAIDA: Love the data they hahve. Interested in what they did before that convinced verisign that it was an ok thing to do. That's what the community is freaking out abouot.
Turner: Happy to sell it to CAIDA if they get grant.
CAIDA: You're going to have to pay me to take it.
Crocker: Part of process. Vigorous collection of input; still ongoing. Not decision-making event, but information-gathering. Will have follow-up meeting. Will prepare available information, subject it to scrutiny. Will then present material to community.
Thanks.
