[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CORE Show Stopper

Date: Sun, 30 Nov 1997 11:52:16 +0000
From: Jeff Williams <jwkckid1@ix.netcom.com>
Subject: Re: CORE Show Stopper
Kent and all,


Kent Crispin wrote:
> 
> On Sun, Nov 30, 1997 at 11:35:20AM +0000, Jim Dixon wrote:
> > On Sat, 29 Nov 1997, Kent Crispin wrote:
> >
> > > > It would not totally prevent the scenario, because anyone can lie and
> > > > say the name is taken after checking and seeing that it is not.  But
> > > > it will also be knowable that it is not possible to check and get a
> > > > false negative, so the scenario of someone signing up for a domain and
> > > > later being told "oops" isn't likely to occur to a well educated public.
> > >
> > > This issue has been known for a *long* time, and registrar collusion
> > > is one of the central design concerns of the CORE registry design...
> >
> > It was?  I recall no discussion at all of this issue in Munich, New
> > York, or on the RFP team's email list.  It was certainly not a central
> > design concept.
> 
> Then you weren't paying attention.  I certainly made the point several
> times in New York that one of the reasons for avoiding secret
> components of the shared registry protocol was to avoid collusion -- I
> probably used that very term (though I don't recall exactly), since I
> have used it before.  Also, Munich, New York and the RFP list are a
> tiny fraction of the debate that has gone on.

  Well this is good to hear, Kent, but stands in stark contrast
to your last post on this thread, and I quote, 

"Perhaps so.  But of course, the other 86 registrars might be a little
miffed if they did.  Any registrar that hoards names takes away
potential profit from the other registrars.  Any small group of
colluding registrars is acting against the selfish interests of all
the other registrars.  The registrars are in competition with each
other, so small scale collusion is self-policing."

  Now this is not what I would call trying to avoide collusion or
even having it on your mind at the time you did the Technical
specs for a shared registry system.  Any comments there Kent old boy?


> 
> But jeez, Jim, think.  Why do you suppose it's a *shared* registry? --
> the whole point is to put the registrars in a competitive
> relationship, and a great deal of thought has gone into making sure
> that competition is maintained.

  I doubt that Jim or anyone else disagrees with needing to maintain
a competitive nature amongst the registrars.  That should be a given,
of course.  But as Paul had indicated, why not make it work for
everybody,
and provide a clearing house approach to keep these registrars honest
with each other and their customers by providing an additional check.
CORE cannot really police itself.  No orginization, without some 
fairly good chance of collusion occuring sooner or later.  This needs
to be done independantly of COR or the gTLD-MoU entirely.
  
> This aspect of it was argued at
> vociferous length on the IAHC list, and at various times on the newdom
> lists before that.  (Though I grant you the exact term "collusion" was
> not used -- the first use of that term that I recall was in a short
> paper on dispute resolution I circulated on the PAB list -- it had a
> section titled "Collusion", and the basic conclusion was that the best
> way of avoiding collusion was avoiding secrecy in the Shared Registry
> Protocol.)

  I agree that this is one step that should be taken, of course.  But
it is woefully inadaquate after the shared registry code is up
and running if it ever is.  Additional independant checking mechnisim
needs to be put in place to insure that collusion does not occur
after the fact of the shared registry code is in place.
> 
> As far as the RFP team is concerned: of course not every aspect of
> the design was discussed -- great portions of the design were
> determined by discussions that occured long ago, and the team accepted
> that prior work without comment.  In particular, as you know, I wrote
> the technical specifications section, people reviewed what I wrote, made
> some comments which were incorporated, and let a great deal of it pass
> without comment.

  This problem, possible collusion DID NOT pass without comment.  It 
did however pass without being addressed adaquatly.  Hence it is now
being revisited.  Thanks to Paul.  >;)
> 
> The particular features of the design that were explicitly concerned
> with the possibility of collusion were things like:
> 
> 1) the basic notion of a shared registrary
> 2) the use of digital signatures on all transactions and replies,
> thus giving every registrar a complete non-repudiatable record of all
> transactions with CORE.
> 3) the insistance on complete openness of the transaction logs for
> the CORE database.

  #3 should be avalible for anyone to review.  Is that in place or 
will it be?
> 
> Anti-collusion definitely WAS a central design concept.  As I said, I
> wrote the technical specs, and anti-collusion was something I was very
> conscious of while I was doing it.  Anti-collusion has been a concern
> of mine (and others) for a long time before you were ever on the
> scene.  It may be something you haven't thought much about, but it's
> generally bad practice to generalize your own lack of thought to
> others.

  You are not really being honest here Kent.  See quote from your
last post on this thread.  Better yet, here it is again.

<from Kents previous post on this thread>  Below.

"Perhaps so.  But of course, the other 86 registrars might be a little
miffed if they did.  Any registrar that hoards names takes away
potential profit from the other registrars.  Any small group of
colluding registrars is acting against the selfish interests of all
the other registrars.  The registrars are in competition with each
other, so small scale collusion is self-policing."


> 
> --
> Kent Crispin                            "No reason to get excited",
> kent@songbird.com                       the thief he kindly spoke...
> PGP fingerprint:   B1 8B 72 ED 55 21 5E 44  61 F4 58 0F 72 10 65 55
> http://songbird.com/kent/pgp_key.html
> 

Regards,

-- 
Jeffrey A. Williams
DIR. Internet Network Eng/SR. Java Development Eng.
Information Eng. Group. IEG. INC. (Soon to be INEG. INC) Stay tunned! 
Phone :913-294-2375 (v-office)
E-Mail jwkckid1@ix.netcom.com

Wisdom:   "One who knows others is wise,
           one who knows himself is enlightened."
           Lao Tzu
Prev by Date: Re: Disney
Next by Date: Re: Implications of NSI *Skunkworks* Rul ing
Prev by thread: Re: CORE Show Stopper
Next by thread: Re: CORE Show Stopper
Index(es):
- Date
- Thread