Millions of internet users face being locked out of popular websites unless software developers pay attention to the forthcoming explosion in new top-level domain names. Domain name overseer ICANN told El Reg this week that developers and webmasters need to track the progress of its new gTLD programme, which is expected to start …
I have an alternative proposal: screw ICANN
Let's all just agree to ignore ICANN and it's pathetic attempts to screw up the whole DNS system in order to make some easy money for itself.
We don't "need" to do a damn thing about the new gTLD programme.
Better still - screw DNS
Rather than "Screw ICANN", what about we screw DNS? - or rather, create an alternative that can be used in parallel.
Consider all the "OMFG We must block <domain> FER DER CHILDRENZ!" and "We must block <domain> to protect this business". DNS is a single point of failure.
What if we take the distributed hash table idea, as used in the newer versions of the Bittorrent protocol, and use that to locate resources - in other words, isn't it about time we move to Tim Berners-Lee's idea of Uniform Resource Identifiers (URI) rather than Uniform Resource Locators (URL) - why not specify WHAT we want, not WHERE we want?
Now, I am not saying "punt DNS and go DHT" - DHT is chatty, can be slower than DNS, etc. But what if we established a standard for using DHT to resolve URIs, and modified the resolver libraries to look for domain names in DHT *in parallel with* DNS? Also, what if we move up the stack, and let clients look for URI's as well as URLs in DHT, again in parallel with DNS?
It's been months and my system still can't whois the .xxx domain. This'll happen all over the place with dotBrand
Lazy coders would have to be filtering/regexing the hundreds of existing TLDs in their code for this to occur, which wouldn't be very lazy at all thus making this a non-story...
What is the tld prefix in a URL even useful for? It's only attribute is supposed to be indicating locality, which it fails to do thanks to all the domain hacks out there. Or does everyone really associate Bit.ly with Libya?
"Millions of internet users face being locked out".
HOW? Are you honestly telling me that web browsers couldn't possibly comprehend a new TLD? That's odd because I just add smelly.farts to my hosts file for a local server and - lo' and behold - Chrome and Firefox both navigate there successfully!
I think the author is talking about email address & domain validation, both very common in commenting systems, online registrations, etc.
Even if your validating, checking the TLD won't prove anything. You'll still have to perform some sort of web request to work out if the address is valid, and both email@example.com and firstname.lastname@example.org will fail to validate.
Re: Re: HOW?
The only validating you should do is "exactly one @" and "at least one . after the @". Absolutely NOTHING else.
The author, or the ICANN rentagob, is still implying that whoever wrote that email validation system is explicitly parsing out the TLD and comparing it with the well-over-a-hundred currently existing TLDs. Either that, or we are dealing with something that was broken the day it was written, which is rather more likely.
So ... we have loads of code out there that *never* worked properly but people were prepared to put it on production systems anyway. And ICANN think that by raising awareness of gTLDs, these same people are suddenly going to think "Gosh, I must *now* fix my code so that I don't exclude the 6 billion people I've been ignoring all these years.".
Re: Re: Re: HOW?
Exactly! My email address is email@example.com (for non-x values of x, obviously), and it seems half the website contact forms out there won't accept it.
They do, of course, accept firstname.lastname@example.org, and I put my real address in the comment. Or just boycott them for reasons of technical ineptitude.
Actually coders do need to look at the tld
The various web browser security models (and some other protocols) rely on being able to distinguish the "public" bit of a host name from the registered bit. For example, browsers have to know that "a" is the registered domain in a.com, a.co.uk, a.fr, a.uk.com, etc., etc.
The only way to do this is to code a big long list of top-level domains and other oddities (like uk.com). This is retarded, but we're stuck with it, and a DNS query (as suggested in the article) does not solve the problem.
Adding even more top level domains with arbitrary sub-domain policies is making the problem even worse.
Re: Actually coders do need to look at the tld
I'll bite. I can well imagine that an end-user might tell the system to trust "*.microsoft.com" or distrust "*.mil", but those don't require any understanding of who the DN belongs to.
You seem to be implying that the browser comes built-in with its own ideas about who is trustworthy and that this idea is based on a distinction in trustworthiness between governments, registrars and everyone else. That sounds pretty retarded to me. Care to name names about the browsers in question?
You are completely missing the point. The browser is not choosing to trust different tlds differently; the browser needs to know which bit of the tld belongs to the registrar and which bit belongs to the registrant.
For example, cookies can be shared between "a.example.com" and "b.example.com" but can't be shared between "a.co.uk" and "b.co.uk". The browser has to know the difference.
These problems are exactly why the TLD explosion is a stupid idea. It was ICANN's responsibility to manage addresses, and they've failed.
Given that this extra TLDs will turn into instant internet slums in exactly the same way that .info and .biz did, I can't imagine anyone really *caring*.
To really cause some fun
Register the .local or .root gTLDs :-)
Re: To really cause some fun
They've though of that ya know...
About 30% of retail sites I come across wont even believe you can have a + in the left hand side, so there is much work to do.
The bigger fail is
allowing non latin characters on the domain.
You see a domain printed on some magazine, you want to visit that domain, but you don't have a clue on how to do it.
Of course you can argue that, for example, people living in Russia already had to use latin characters to use the web. But they already do it! And they can reach ALL the internet using them. They can even reach chinese and japanese web sites...
Lazy coders copy and paste someone else's regex without having a Scooby what it's actually doing. And there's lots of regex examples kicking about the web that assume a maximum of three characters for the TLD.
If ICANN are so concerned...
....why not hire a bunch of coders to write a few code libraries for parsing their new gTLDs and then release it under a GUN licence? That'd be the non-lazy way of dealing with the issue, rather than blaming everybody else for not instantly responding to your money making scheme.
Besides as David Given points out, when was the last time you typed .biz in ANYWHERE? I can imagine that the only people who are going to buy the vast majority of these domains are cyber-squatters who think they can make a buck and companies trying to protect their brand.
Re: If ICANN are so concerned...
A GUN licence? "You will use our libraries or we will shoot you in the head." :p
I think that's Eric Smith Raymond's favorite license....
The NRA life member one, please
Re: If ICANN are so concerned...
.biz always makes me think of baby poo... :-o
Millions of Internet Users?
These millions of internet users, they'll be the ones who don't have an email address under the current TLDs but will immediately use the new TLDs when they become available?
And with the costs involved in picking up a new TLD I can't imagine that these .coke and whatever addresses will be used for anything more than microsites and similar web-based marketing attempts for massive companies that already have very well-established internet presences.
I'm not seeing this as being anywhere near the issue that people are talking about...
I must insist...
"you must enter a 'valid' domain name".
After all, aren't those domain name validators supposed to keep the crap away? they do!
When all hope is lost ...
... read the directions.
- Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Leaked pics show EMBIGGENED iPhone 6 screen
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs