--On Wednesday, May 22, 2013 12:29 +0000 Yoav Nir
<ynir(_at_)checkpoint(_dot_)com> wrote:
Occasional fantasies about IETF enforcement power and the
Protocol Police notwithstanding, it seems to me that, if one
wanted to require standards-conforming nameservers, the most
(and maybe only) effective way to do that would be
requirements in the contractual agreements between TLD
registries and their registrants. Recursively applying
requirements down the tree is not a new idea; RFC 1591 uses
that language more than once.
We should be careful about requiring things like this (for
whatever value of "we"). Recursively applying requirements
means that "we" are requiring service providers (in this case
registries) to pick fights with their customers. So instead of
having an IETF protocol police, "we" expect service providers
to act as local sheriffs.
...
Seems like a tough sell to me.
Actually, I was thinking about something a little different (and
should have been more explicit).
I wouldn't suggest trying to mandate anything top-down. If
nothing else, ICANN's track record for being able to enforce its
mandates is very poor (and that is arguably a good thing). On
the other, we talk a lot about reputations and the advantages of
end sites being able to base policies on them. If whatever the
actual restrictions that, according to Stephane, forbid TLDs
from imposing "we require you to have a competent nameserver and
will test" were removed then, especially with the coming huge
increase in TLDs, it would make it possible for registries to
compete on the degree to which they wanted to offer assurances
of quality DNS servers and services in subsidiary zones.
Would-be registrants who didn't want to play would have the
option of finding TLDs who did not have those restrictions.
That would create a new opportunity for enhanced competition and
differentiation among TLDs (which ICANN presumably favors along
with favoring security and stability) and would create a basis
for some DNS server certification activities (and even a
business model for them).
No mandate from the top, just elimination of whatever
restrictions now prevent registries from insisting on quality
operations in registrants if they wanted to.
It wouldn't get us to "everyone has to run a conforming server"
--which I consider impossible as long as producing
non-conforming servers is legal with governments enforcing the
rules if servers don't conform (and I really don't think we
want to go there)-- but it would at least give a resolver an
indication of where conforming ones were guarantees and what
responses or non-responses they couldn't trust.
john