Re: URI Ownership Re: DNS alternatives springing up in response to government-mandated registry updates from Yves Lafon on 2010-12-13 (www-tag@w3.org from December 2010)

From: Yves Lafon <ylafon@w3.org>
Date: Mon, 13 Dec 2010 03:46:27 -0500 (EST)
To: Karl Dubost <karld@opera.com>
cc: "www-tag@w3.org" <www-tag@w3.org>
Message-ID: <alpine.DEB.1.10.1012130339540.4077@wnl.j3.bet>

On Thu, 9 Dec 2010, Karl Dubost wrote:

>
> Le 9 déc. 2010 à 14:50, Noah Mendelsohn a écrit :
>> Within days of the ICE/DHS seizures, at least three separate initiatives to work around the DNS had been announced
>> ---
>> Several specific systems are described.  If things like this proliferate, it could have a significant impact on the de-facto operation of the Web.
>
> Which reminded me of a comment I had done about Web Arch in 2004 about "URI ownership"
> http://lists.w3.org/Archives/Public/public-webarch-comments/2004OctDec/thread.html#msg44
>
> I was saying
>    2.5 URI ownership
>    """One consequence of this approach is the Web's heavy
>    reliance on the central DNS registry."""
>    That's short for something which is one of the major
>    issue of the Web. The whole Web relies on something
>    which is dependent on a rented property notion.
>    - You own a domain name only for a portion of time
>    - You don't own a domain name for ever.
>    - A domain name has a cost which makes it
>        inaccessible for many persons in the world.
>
>    ====> Consequences: URIs are not free!!!! and so not
>        all people can use them and guarantee the ownership.
>        In fact, there's no such thing as URI ownership, but
>        more "URI renting" or "URI tenant" for URIs based on
>        domain names.

Another consequence is that you trust that any content from 
http://<hostname>/ is under the authority of its owner (well, in some 
ways). You know that everything under www.w3.org is from W3C.
(Well, that may be faked, there are lots of attacks that can undermine 
that assertion, but they are easily spotted in general).

So if you move to an alternative type of distribution or even DNS 
resolution, you must ensure that the URI content you will get by 
dereferencing is under the authority of what you think its owner is. In 
P2P it is more difficult to do. Is digital signature an answer? DNSSEC?
Many questions, but it seems that every time you remove a weak point, you 
introduce a new one, mostly because of trust issues.

>
> Norman Walsh at this time said:
> http://lists.w3.org/Archives/Public/public-webarch-comments/2004OctDec/0056.html
>
>    The question of who "owns" a domain name strikes me
>    as a legal issue more than an architectural one. The
>    webarch document extolls the virtues of URI
>    persistence and explains the notion of ownership,
>    and the rights and responsibilities that are
>    associated with it, in a way that I think is
>    satisfactory.
>
>     Are there any specific changes you would like to
>    suggest to the text?
>
> I was asking for defining URI Ownership. The text of Web arch had been slightly modified in Web arch. But I think the issue is still there in the way the Web operates now with strong ties between the URIs
> http://lists.w3.org/Archives/Public/public-webarch-comments/2004OctDec/0093.html
>
> The domain names right now in the Web architecture are a weak point, as we can see these days.
>
>
>
>

-- 
Baroula que barouleras, au tiéu toujou t'entourneras.

         ~~Yves

Received on Monday, 13 December 2010 08:46:29 UTC