At 08:00 PM 3/31/99 -0800, Bill Lovell wrote:
>At 07:11 PM 3/31/99 -0800, you wrote:
>>In terms of security, a certain type of invisibility is desired. As regards
>>to going off-road, both the Suburban and the CJ5 are fully 4x4 qualified
>>(and still sport Colorado plates where 60% of the State roads are still
>>dirt/gravel<grin>). BTW, I also own boots, Stetson, duster, long-arm, and
>>side-arm. No, I didn't vote for Nighthorse (never trust a turn-coat).
>>Back to topic, it is no accident that you don't see actual transactions
>>over the InterNet. The *real* stuff uses SET rather than SSL.
>
>Well, I've no notion what that means, but I'll take your word for it.
I was talking about *real* e-commerce, financial transactions between
financial institutions and *real* security. The net ... ain't.
>We're trying
>>to bring that same level of security to the InterNet. But the only way we
>>can see of doing it is via new TLDs. Basically, a TLD with only known
>>secure hosts in it. Hosts that have passed some sort of security audit.
>>These hosts would also be on the Internet but access would be via the new
>>TLD. You were asking about what I meant about chartered TLDs earlier? Well,
>>that's the nutshell explanation.
>
>Okay, now we're communicating. The Oregon State Bar is contemplating
>doing much the same thing, so that us lawyers can exchange horror stories,
>cases, etc., without all you riffraff listening in. :-)
Now *that's* interesting.
>>My problem is that this TLD needs to be legally defensible and enforceable.
>>This means that if ICANN tries to give it to someone else, or some scum-bag
>>tries to register an unknown host in it, MHSC would have to hunt them down
>>and shoot them with a law suit and make it stick. Also, because of the way
>>DNS works, we have to be able to prevent ICANN from registering the TLD
>>elsewhere on the Internet. Even a private TLD has conflict problems with a
>>public TLD of the same name. "There can be only one" applies here, or did
>>you miss Stef's explanation of the technical problem?
>
>Heaven's no! That's why I've kept talking about the "net gods" and the fact
>that www.xxx.yyy.zzz cannot be equal to www'.xxx'.yyy'.zzz'. Once you
>(or somebody) factors in the fact that your "chartered TLD" is itself a
>private net, then all those problems disappear. But so long as it's a TLD,
>by which I mean, not to lose communication here, it is on the same "level"
>as .com, .org, etc. (anyone not know what I mean by that?), the need to
>establish that "private" TLD in concurrence with ICANN and other god-like
>entities still remains, does it not?
Yes and no. IMHO, you are confusing an independent mapping with an
overlayment. A truly private net has an independent addressing scheme, not
generally reachable from outside that net. An overlaid net is two
independent networks using the same hosts. Another way to look at is from
an orienteering perspective. The basic map are the hosts and their IP
addresses. The first overlay is the NET TLD. This is actually an
independent network that some of the hosts belong to, but not all of the
hosts. The next overlay is the COM TLD. If you look carefully, some hosts
belong to both, some belong only to one of them, and others belong to
neither (being associated with some other TLD).
You have it correct that the basic unit of addressing is the
www.xxx.yyy.zzz IP address (dotted quad notation). However, you totally
miss the point that one IP address can be a member of many different TLDs
(more than one anyway). Here is how it works, I want to put up a Virtual
Private Network (VPN) and I don't want to have to manually update all the
member hosts all the time. I do this by creating a new TLD (call it VPN)
and assign hosts to it based on whether they are qualified. Those hosts may
already be on COM/NET/ORG/CC/EDU/etc. However, they *also* get registered
in the VPN TLD. Viola, I now have a list of hosts that I know have passed
the qualification for VPN membership (whatever that is). Because of
membership in that exclusive club, I know exactly, or not, how far I can
trust them. I also know what their capabilities are, relative to the other
hosts whom are not also in the VPN TLD. It gets better, no one else (not a
member of VPN) knows exactly which hosts are members and the list is
automatically maintained by the DNS system, under the new TLD, which is
maintained by the VPN TLD registry. In addition, there could be hosts, in
the VPN TLD, that have no other connection with the Internet, similar to
the NET TLD. (Yes, I am looking into secure DNS.)
There are a number of complications if the root-servers started to point to
a different TLD root-server than the one set up by the VPN TLD registry.
Were ICANN, or NTIA, to assign the VPN TLD to someone else, there would be
an instantaneous conflict which, given the infrastructure investment, would
result in instantaneous litigation. Given prior use and trademark law, this
litigation could be successful. Some of this remains to be seen. It is
possible that the VPN TLD registry does not want to be in the root-server
system. In this case, given the technical conflict, the VPN registry must
still be able to deny the root-server system the ability to assign that TLD
to anyone else. The mechanism afforded by trademark law seems to be
helpful, in this regard. This is still under evaluation, although
preliminary research appears promising.
In the case of a purely private network, built on an internal TLD (call it
PNET), as you suggest, there is a bleed-though effect. Although the
internal IP block is a private one (not visible outside that block) and the
public IP addresses are only gateways, the node within that private network
still have access to the Internet via the proxy-servers(gateways). Were the
root-server to assign a public TLD, called PNET, then none of the internal
nodes of the private PNET TLD would be able to access any node on the
public PNET TLD. This is a Denial of Service issue. For this reason, the
root-servers must acknowledge private TLDs, even if they don't list them in
the roots.
At one time, I was rabidly against the entry of the trademark contingent in
these forums. It appears that they have become [unwitting?] allies. As much
as I don't like WIPO tactics and practices, some of their points aid my
cause. They present new tools that may be useful.
___________________________________________________
Roeland M.J. Meyer -
e-mail: mailto:[EMAIL PROTECTED]
Internet phone: hawk.lvrmr.mhsc.com
Personal web pages: http://staff.mhsc.com/~rmeyer
Company web-site: http://www.mhsc.com
___________________________________________________
KISS ... gotta love it!
