A move to create a .p2p top-level domain outside of the regular DNS root is under way.
Following the outcry over the US government’s seizure of 82 .com domain names this weekend, a group of coders have decided to create a namespace not overseen by ICANN (which had nothing to do with it).
It’s not entirely clear to me how many projects have launched.
(Interestingly, dot-p2p.org appears to have been registered several days prior to the weekend’s domain name seizures)
The .p2p project plans to create an application that would intercept all DNS requests for .p2p domains and route them via a peer-to-peer network rather than the user’s regular DNS servers.
This presumably means that the entire .p2p zone file could wind up being stored on endpoints, which sounds like a scalability challenge to me.
More problematic is the the issue of “decentralization”, which is of course critical when you’re talking about trustworthy DNS. It can be summed up in this sentence:
“Hello, I’m bankofamerica.com.”
If anybody can claim to own any domain name, you need to be able to figure out who’s telling the truth.
The .p2p initiative seems to be dealing with this by, um, centralizing control over .p2p domain assignments to a free “registrar” at nic.p2p.
To prevent warehousing, registrants would need to prove they already own the string in another TLD in order to register the equivalent .p2p domain.
The project is obviously in its very early stages, as demonstrated by this wiki page, which tries to figure out the problem of decentralization using some kind of trust/voting system.
Here’s an example of the lack of thought that seems to have gone into it so far:
A small conflict, not malicious
1. Alice assigns fbi.p2p -> 18.104.22.168.
2. Bob propagates the assignment to his node, because he trusts Alice.
3. Dave assigns fbi.p2p -> 22.214.171.124. Conflict created.
4. Carol sees the conflict and:
– Decides to just follow the decision of her trustees and assigns fbi.p2p -> 126.96.36.199, or
– Does not create any assignment. There will be a warning and she will try to work out the problem with others.
5. Everyone will try to agree on a solution.
The page also currently includes this beauty:
1. Chuck owns a botnet and uses 10^6+ zombies to game the system.
2. Shitload of fake request need to be disproved
4. Problem? :U
The project seems like a heck of a lot of wheel-reinventing in order to solve a problem that doesn’t exist.
Okay, this is getting a bit silly now.
As you may have read, the US government “seized” a bunch of domain names that were hosting sites allegedly involved in piracy and counterfeit goods over the Thanksgiving weekend.
Over 80 domains, all of them in the .com namespace, had their DNS settings reconfigured to point them to a scary-looking notice from the Department of Homeland Security’s ICE division.
Claims that ICANN colluded with the DHS on the seizures seem to have first appeared in TorrentFreak, which broke the news on Friday.
The site quoted the owner of torrent-finder.com:
“I firstly had DNS downtime. While I was contacting GoDaddy I noticed the DNS had changed. Godaddy had no idea what was going on and until now they do not understand the situation and they say it was totally from ICANN.”
For anyone involved in the domain name industry and the ICANN community, this allegation screams bogosity, but just to be on the safe side I checked with ICANN.
A spokesperson told me he’s checked with ICANN’s legal, security and compliance departments and they all had this to say:
ICANN had nothing to do with the ICE investigation… nobody knew anything about this and did not take part in the investigation.
All of the seized domains were .coms, and obviously ICANN has no technical authority or control over second-level .com domains. It’s not in the position to do what the reports allege.
If anybody were to ask ICANN to yank a domain, all it could do would be to politely forward the request to the registrar (in the case of torrent-finder.com, apparently Go Daddy) or the registry operator, which in the case of .com is of course VeriSign.
It would make more sense, save more time, and be less likely to create an international political incident, for the DHS to simply go directly to Go Daddy or VeriSign.
Both are US companies, and the DHS did have legal warrants, after all.
That’s almost certainly what happened here. I have requests for comment in with both companies and will provide updates when I have more clarity.
In the meantime, I suggest that any would-be pirates might be better served by switching their web sites to non-US domains, rather than trying to build an alternate root system from the ground up.
UPDATE: Ben Butler, Go Daddy’s director of network abuse, has just provided me with the following statement, via a spokesperson:
It appears the domain names were locked directly by VeriSign. Go Daddy has not received any law enforcement inquiries or court orders concerning the suspension of the domains in question.
Go Daddy has not been contacted by ICE or DHS on the domain names in question.
The statement goes on to say that Go Daddy believes that it should be the registrar’s responsibility to handle such takedown notices.
With regard to the registry taking action against the domain names in question, Go Daddy believes the proper process lies with the registrar and not the registry. This gives the registrar the ability to communicate with their customer about what has happened and why. When the registry acts, Go Daddy is unable to provide any information to our customers regarding the seizure of their domain names.
Go Daddy routinely cooperates with government and law enforcement officials to enforce and comply with the law.
I’ll post any statement I receive from VeriSign when I have it.
UPDATE: VeriSign sent this statement:
VeriSign received sealed court orders directing certain actions to be taken with respect to specific domain names, and took appropriate actions. Because the orders are sealed, further questions should be directed to the U.S. Department of Homeland Security.