ICANN ICANN Email List Archives

[tralliance-comments]


<<< Chronological Index >>>    <<< Thread Index    

Comparison with the wildcard in .museum

  • To: tralliance-comments@xxxxxxxxx
  • Subject: Comparison with the wildcard in .museum
  • From: Cary Karp <ck@xxxxxxxxxx>
  • Date: Mon, 13 Nov 2006 10:33:02 +0100

Much of the commentary on this forum, and in the general discussion of
wildcard records in TLD zones, makes reference to the A record wildcard
in .museum. The fact that it has been resolving for five years without
any observed interference with the stable operation of the Internet
demonstrates that any potentially disruptive effect it may have is lost
in the noise floor. It does not, however, provide a basis for
extrapolating threshold values beyond which such a situation might be
less benign. Much of the discussion has therefore been focused on
distinctions between "tolerably small" and "riskily large" TLDs. This
obviously resists expression in clear quantitative terms, and a variety
of subjective factors have been weighed into the issue.

The RSTEP report provides a reference to a statement that I made during
a previous phase of public commentary, when the comparison was between
the largest of the gTLD registries and the smallest, with registration
in the former not being subject to eligibility requirements, and there
being strictly enforced threshold criteria for inclusion in the latter.
This stark polarity certainly does not pertain to the present case, and
the experience with the wildcard in .museum might, indeed, be a
reasonable consideration in the assessment of the .travel wildcard proposal.

The RSTEP report does not apply any evaluative criteria other than those
with direct implications for security and stability. Since the further
consideration of the new proposal may nonetheless involve comparison
with .museum, it might be useful for some first-hand observations about
our experience with the wildcard to be on record here (repeating some
things that have been posted on other forums). I am making no comment,
whatsoever, on the extent to which any of it may be applicable to the
situation with .travel. These remarks are solely to avoid need for
speculation about matters on which I can comment authoritatively.

One of the initial proof-of-concept aspects of .museum was a restricted
second-level namespace with intricate three-label naming conventions. As
a "familiarization device", an index of all names in the .museum
registry was posted at http://index.museum/ and a wildcard leading to it
was placed in the zone. It became apparent at an early stage that key
aspects of the functionality intended with the wildcard were not
provided by that device alone (due to differences in the way empty nodes
in the name tree are handled by BIND8, which answers as implied in
RFC1034 with NOERROR,ANCOUNT=0 when no RRs are present, and BIND9, which
follows the DNSSEC mandate for answering with NXDOMAIN). Although this
was rectified with an adjunct facility (using conventional A records),
the wildcard could not be eliminated without a noticeable reduction in
the scope of the service.

The subsequent introduction of the "root-delegations-only" feature in
BIND9 injected a further note of uncertainty about the value of the
wildcard (despite the default exclusion of .museum, and the brevity of
the situation that gave immediate rise to the feature), and the occasion
was used for a general reevaluation of the .museum naming conventions.
Restrictions on the delegation of second-level names were substantially
curtailed (which would have happened in any case) and the utility of the
index as a familiarization device thus came to an end. Yet again,
however, it could be noted that the museum community still ascribed
significant value to the wildcard. The index had in the interim become
an entrenched and valued service for name holders, in the conviction
that it was of significant utility to the broader user community.

Our greatest current interest is focused on the introduction of IDNs in
.museum and their deployment on all levels of the domain. Any extensive
move away from the constraints of the ASCII repertoire is certain to
strain the index past the limits of its present utility. A multilingual
wiki-based successor service is therefore currently being structured.
Although the wildcard could be used to draw traffic to it, concentration
to a single point of entry is counter to the purpose of the
internationalization effort. Nor is it feasible to design a mechanism
that somehow recognizes and responds in the language intended by someone
making a resolution request that invokes the wildcard.

In light of all this, and in acknowledgment of the general applicability
of many of the concerns delineated in the RSTEP report, we intend to ask
ICANN for permission to suspend the operation of the .museum wildcard
for a period during which we can assess the target community's response
to that change, and test aspects of the alternate facility that might be
masked by the presence of a wildcard. Although there is no reason to
expect this to result in anything that can be registered on the DNS
"securitometer", it may nonetheless be worth monitoring simply to verify
that the (dis)appearance of a wildcard in a small gTLD is without
measurable effect on the stable operation of the Internet.

Cary Karp
Curator of the Museum Dot


<<< Chronological Index >>>    <<< Thread Index    

Privacy Policy | Terms of Service | Cookies Policy