Re: URI Ownership Re: DNS alternatives springing up in response to government-mandated registry updates from Tim Berners-Lee on 2010-12-13 (www-tag@w3.org from December 2010)

From: Tim Berners-Lee <timbl@w3.org>
Date: Mon, 13 Dec 2010 23:31:07 +0000
To: Yves Lafon <ylafon@w3.org>
Cc: Karl Dubost <karld@opera.com>, "www-tag@w3.org" <www-tag@w3.org>
Message-Id: <1FFBDDD3-D8CB-41EA-A282-7E9811601FC0@w3.org>

On 2010-12 -13, at 08:46, Yves Lafon wrote:

> On Thu, 9 Dec 2010, Karl Dubost wrote:
> 
>> 
>> Le 9 déc. 2010 à 14:50, Noah Mendelsohn a écrit :
>>> Within days of the ICE/DHS seizures, at least three separate initiatives to work around the DNS had been announced
>>> ---
>>> Several specific systems are described.  If things like this proliferate, it could have a significant impact on the de-facto operation of the Web.
>> 
>> Which reminded me of a comment I had done about Web Arch in 2004 about "URI ownership"
>> http://lists.w3.org/Archives/Public/public-webarch-comments/2004OctDec/thread.html#msg44
>> 
>> I was saying
>>   2.5 URI ownership
>>   """One consequence of this approach is the Web's heavy
>>   reliance on the central DNS registry."""
>>   That's short for something which is one of the major
>>   issue of the Web. The whole Web relies on something
>>   which is dependent on a rented property notion.
>>   - You own a domain name only for a portion of time
>>   - You don't own a domain name for ever.
>>   - A domain name has a cost which makes it
>>       inaccessible for many persons in the world.
>> 
>>   ====> Consequences: URIs are not free!!!! and so not
>>       all people can use them and guarantee the ownership.
>>       In fact, there's no such thing as URI ownership, but
>>       more "URI renting" or "URI tenant" for URIs based on
>>       domain names.
> 
> Another consequence is that you trust that any content from http://<hostname>/ is under the authority of its owner (well, in some ways). You know that everything under www.w3.org is from W3C.
> (Well, that may be faked, there are lots of attacks that can undermine that assertion, but they are easily spotted in general).
> 
> So if you move to an alternative type of distribution or even DNS resolution, you must ensure that the URI content you will get by dereferencing is under the authority of what you think its owner is. In P2P it is more difficult to do. Is digital signature an answer?

Yes, maybe

> DNSSEC?


In its favor is that the DNS system has been designed for the job
When it is under attack, and one needs a backup,
 a bunch of signed XML or RDF documents linked together on the 
http://ip-address/ web would be a pretty good backup:
a mirror which would be archived by the web archives and CDNs etc etc.

Would be interesting to see some math models of its behavior under stress.

Tim

Received on Monday, 13 December 2010 23:31:47 UTC