CENTR logo
CENTR (Council of European National Top Level Domain Registries), which is the European association for country code domain name registry managers, held their 43rd General Assembly in Brussels last week.

I was invited to speak at the meeting, but rather than giving a “talk” the format was a debate about “reputational DNS”.

So what exactly is “reputational DNS”?

Earlier this year Paul Vixie, who is highly influential in the DNS community, published an article introducing the concept of “reputational DNS”. In essence Mr Vixie contends that new domains are evil by their very nature and that DNS operators (ie. ISPs) should be able to stop them from resolving. Put another way, ISPs would be able to stop their users from accessing domains based on their reputation.

While there are probably reasons and situations in which taking this kind of action may make sense, there are substantially more reasons why this very concept is both flawed and dangerous.

The opening lines of Mr Vixie’s article rang alarm bells for me:

“Most new domain names are malicious.

I am stunned by the simplicity and truth of that observation. Every day lots of new names are added to the global DNS, and most of them belong to scammers, spammers, e-criminals, and speculators. The DNS industry has a lot of highly capable and competitive registrars and registries who have made it possible to reserve or create a new name in just seconds, and to create millions of them per day. Domains are cheap, domains are plentiful, and as a result most of them are dreck or worse.”

As a domain name registrar that sort of statement scares me. I also find it to be factually flawed. Lumping “speculators” into the same category as “criminals” seems more than a little extreme and as a solution I’d view it as being a sledgehammer to crack a walnut!

At the CENTR meeting the debate was pretty straightforward. Norm Ritchie, who works with ISC, was proposing, while I was opposing.

Norm gave us an overview of the technical aspects of the system and their reasoning for its introduction.

It was then up to me to argue against it.

As I already mentioned, I am very much against this very concept, as I see it as being another way to “take the genie out of the bottle” ie. once people start adopting this sort of technology there is a very real danger of censorship.

Apart from anything else “domains” themselves usually aren’t the issue. Yes – sites may get infected with all sorts of “charming” malware, but browsers and search engines are doing a very good job of warning users about them.

The debate was interesting, with quite a number of the attendees asking us both questions about our points of view.

Whether a debate behind closed doors in Brussels will have any substantial impact or not is another matter, but the audience was probably one of the better ones to get involved in this sort of debate.

Thanks again to CENTR for asking me along!