Does The Internet Need A United Nations When It Doesn't Have A First Amendment?

The Department of Commerce has announced that it will soon abdicate its responsibility for maintaining the internet's Domain Name System, the directory that allows translation of a plain English (or Russian, or Turkish) term like popehat.com into the string of numbers and periods that are this site's actual address. DNS is the internet's central nervous system, to analogize crudely.  If a site is removed from DNS, it may as well no longer exist.

The goal, we're told, is to spread governance of the internet from a United States agency to set of "stakeholders" from across the "global internet community." And that's what should worry everyone in the "global internet community" who is concerned with free speech. Unlike the Department of Commerce, the "global internet community" and its "stakeholders" are not constrained from abridging the freedom of speech.

Readers may recall the case of American talk radio host Glenn Beck, who in 2009 sued the owner of the parodic website GlennBeckRapedAndMurderedAYoungGirlIn1990.com, in the World Internet Property Organization (a United Nations body), arguing that the site's name was defamatory, and that it infringed Beck's trademark in the name "Glenn Beck." (The parody countered Beck's style of argument in which he demands opponents prove a negative: "Barack Obama must prove he wasn't in Indonesia on August 4, 1961!") How do we know Glenn Beck didn't rape and murder a young girl in 1990, after all? Beck hasn't proven he didn't. We have only his word to rely upon. The World Internet Property Organization, to its credit and thanks to the commendable advocacy of defense attorney Marc Randazza, denied Beck's claims, finding the assertion contained in the site's name to be an obvious parody that only a dipshit would credit as true.

What's telling about the Beck case is that Beck, for all his professed faith in the United States Constitution, chose not to file his claim in an American court. Beck certainly could have done so: the defendant, like Beck, was an American citizen and subject to the jurisdiction of United States courts. But the First Amendment to the United States Constitution provides broad protections to free speech, some of the broadest in the world, constraining courts and government agencies alike from infringing speech. And a website's name, just like its text, is speech.

No, Beck, or his attorneys, assumed he'd get better treatment from a United Nations agency in his efforts to quash free speech than he'd get in an American court. And for good reason: United Nations agencies are not constrained by the First Amendment.  And so, coming back round to the "stakeholders" of the "global internet community," to what legal constraints will they be subject? And to whom will they answer? The Constitution of the People's Republic of China, for instance, promises that:

Citizens of the People's Republic of China enjoy freedom of speech, of the press, of assembly, of association, of procession and of demonstration. … Citizens of the People's Republic of China enjoy freedom of religious belief.

Under the new internet order, Sina Weibo is undoubtedly a major "global stakeholder" in the internet. Does anyone believe that a representative of Sina Weibo, which already censors its users at the behest of its government, would not vote to obliterate a website glorifying Tank Man?

tank man

Of course China is not the only global stakeholder. There are plenty of European nations which also have a stake in the internet, such as the Russian Federation. Perhaps the most distinguished Russian holding a stake in the internet is Evgeny Kaspersky, the famed security expert, whose products are used worldwide. Another famed Russian on the internet is Garry Kasparov, grandmaster of chess and political dissident. For all of Kaspersky's integrity, does anyone doubt that if Kasparov created a website parodying Vladimir Putin, perhaps one called VladimirPutinOrderedTheMurderOfAnnaPolitkovskaya.com, Kaspersky would face intense pressure to vote that it be deleted as defamatory, an offense against the majesty of the Soviet Union Russian Federation?

Of course there are plenty of enlightened non-European countries whose citizens are global stakeholders, such as Thailand. Guarantors of international human rights, including the Democratic Republic of Congo, Egypt, Pakistan, Saudi Arabia, Sudan, and Zimbabwe.

The Department of Commerce assures us that only private global stakeholders will be nominated to hold a stake in tomorrow's internet, and therefore to make decisions on who (if anyone) gets to have domains ending in suffixes such as .bible or .gay or .wine. We're assured that the new regime will be run much along the lines of the United Nations Internet Governance Forum (which coincidentally is holding its annual meeting for 2014 in Istanbul). But each of those stakeholders is, at least until we have anarchist floating cities, also a stakeholder in some government or state.  In a lot of those states, the government considers itself a "stakeholder" in its citizens, who'll know doubt vote accordingly. And while Commerce promises us that it won't support government involvement in the new DNS regime, once control has passed beyond Commerce, who's to say conditions won't change?

None of this is to suggest that the United States is somehow "deserving" of internet governance, that the internet is American property, or the American government's hands are clean. They're not. I could be reasonably content with an internet whose administration was controlled by other constitutional democracies, such as Australia, Costa Rica, Japan, or even the United Kingdom.

But it won't be. We've seen the others, and they're worse. The system isn't broken, and at least now there are some free speech constraints on the entity ultimately responsible for global DNS.

If you care about free speech on the global internet, not just your provincial American corner of it, consider writing or calling your Congressman and Senators, and asking them to assert their authority against this ill-advised decision.

Last 5 posts by Patrick Non-White

Comments

  1. says

    If you care about free speech on the global internet, not just your provincial American corner of it, consider writing or calling your Congressman and Senators, and asking them to assert their authority against this ill-advised decision.

    Yeah, that'll work.

    LOL.

    Thanks, Patrick.

  2. Charlie says

    I expected better than to see an article here state that removing a site from major DNS servers will render the site "may as well as no longer exist".
    If that truly becomes a global (as opposed to merely national) problem, alternative DNS setups will be created, and one can always fall back to domain hopping. The Pirate Bay has experienced multiple unsuccessful attempts at blocking it via DNS blacklisting, and is still very much active and running, and accessible from mostly everywhere. Another example is Turkey's recent half-assed attempt to block Twitter, where the ISPs' poisoned DNS servers were trivially circumvented by using an alternative (Google) DNS server.

  3. says

    I do believe that the American constituency for spying on everyone in the world is rather larger than the constituency for giving Vladimir Putin and Xi Jinping a say in domain name registration.

    A shame, but I'll take what I can get.

  4. says

    @Charlie

    I expected better than to see an article here state that removing a site from major DNS servers will render the site "may as well as no longer exist".

    I'm with Patrick here.

    When the UN takes a site off the Global DNS, you or I could still get to it.

    My mom can't.

    For that matter, 99% of the people I know can't.

    And even if 3/4 of us could get to it, you've just chilled speech and behavior, because no one wants to risk that their site will be black-bagged and Gitmoed.

  5. says

    I expected better than to see an article here state that removing a site from major DNS servers will render the site "may as well as no longer exist".

    I expect better from our commenting audience than non sequitur cryptoanarchist glorification of the Pirate Bay. Like you, I'm doomed to disappointment.

  6. Charlie says

    @Clark
    I fully agree with you that implementing such a block would chill speech, as it already has in multiple cases of DNS blackholing by many different parties.
    What I dislike is the usage of extreme (imo) hyperbole on the topic, as a mere DNS block would do little more than inconvenience someone who is sufficiently determined to get to the site. I find it analogous to saying that erecting wall around your yard would render your house impervious to burglars.

  7. says

    Charlie, are you seriously suggesting that if, for instance, Popehat was removed from DNS the site would have any meaningful existence?

    I mean, I'd know how to read it. Clark would know how to read it. You'd know how to read it.

    But Ken wouldn't, nor would 99.5% of our readers.

  8. Charlie says

    Yes, I would seriously suggest that. I have more faith than you seem to have in the general technological competence of a group (in this case, Popehat readers) that is relatively far better educated than the general public. I don't find the act of changing a DNS server to be an extremely difficult task. I know my grandfather (who lives in China) knows how to use my SSH server to bypass the Great Firewall of China (which is a task I would rank as considerably more difficult than changing DNS servers).
    Blacklisting a site from DNS is an attack that has already been carried out and circumvented multiple times by internet users, and while it would certainly be a deplorable thing to do, I disagree that doing so would be particularly effective as a means of censorship (as compared to, for example, raiding their servers or physical threats).

  9. says

    Charlie, please don't take this as an attempt to besmirch the technological competence of Popehat readers, but:

    I have access to the site's referral logs. I may know something you don't.

  10. Chad H says

    Personally in comparative constitutional rights, I go for the North Korean Constition. It guarantees a fair trial, but North Korean law also makes judges criminally negligent for coming to the wrong decision.

    So guess why they always seem to decide in favour of the prosecution?

  11. John Cain says

    I thought Russia and China wanted this responsibility transferred to the ITU at the UN, and that's not what's happening here. ICANN still exists. Or am I missing something?

  12. says

    Personally I think the "Stalin Constitution" of 1936 was the most progressive document of governance ever written. In addition to freedom of speech, religion, education, assembly, inviolability of the person, scientific activities, and economic activities, it guaranteed citizens the right to leisure.

  13. says

    John Cain, did you know that ICANN is a contractor to the United States Department of Commerce?

    When it's a contractor for "global stakeholders" including the Russian and Chinese equivalents to the Department of Commerce (or to Kaspersky and Sina Weibo), is it possible that its priorities may change?

  14. Bruce says

    Aussies are not an ally of free speech, internet or otherwise.

    We keep electing nanny-statist goons that want to block/filter/monitor everything "for the sake of the children". They would love to have the keys to lock out those they dislike.

  15. Grifter says

    Whenever things like this come up, I'm always confused as to who possibly actually thought it would be a good idea?

  16. Mark Koskenmaki says

    As someone said, it's always possible to start up an uncensored DNS. Really, it isn't hard at all. The question is more along the lines of whether OUR government will enforced other nation's attempts at domain squashing or site squashing.

    That is, if China wants "Wereportchinesetyranny.org" blacklisted, will Washington DC demand it be silenced as well and enforce said blacklists here? Normally, I'd say not, but the deference our government has recently for accommodating tyrants, I'm not so sure we'd not have to battle our own government, as well.

  17. Kelly says

    Speaking as someone who's been on the Internet since the time DNS was invented (1985), I'm not particularly concerned about turning over DNS TLD management to non-US folks. Even if this means that eventually prevents someone from registering parody or protest domain names.

    Mostly, this is because I'm less interested in the NAME of some host on the internet than the content or services that host provides. To a lesser degree, I believe there are viable short term (host your protest or parody content under an acceptable domain name; publish a bit.ly URL instead of an English-readable URL) and even long term alternatives to DNS (e.g. http://b.mtjm.eu/dns-replacement-unnamed.html)

  18. C. S. P. Schofield says

    As an amateur student of history, I believe that turning anything important over to "The International Community" is about as intelligent as turning over a gallon of nitroglycerin to a six year old.

  19. Brian says

    I don't see a need to get worked up, especially before we know who the "stakeholders" are. Even without establishing a new root zone, DNS servers can (and do) selectively ignore entries in the root, or changes to them.

    Although the change does seem pointless.

  20. AlphaCentauri says

    I think part of the impetus is that the US has already been using DNS to kill sites owned by people outside the US. While we have good protections for free speech, the US government does not provide much protection for website owners accused of things like intellectual property infringement. "The international community" is concerned they've got all their eggs in one basket.

    I don't anticipate that internationalizing control will result in a single country being able to project its own restrictions on free speech onto the citizens of other nations. What I do expect is less ability to address illegal activity that uses the internet to cross borders, as there will always be a country willing to provide a secure home to unsavory activities so long as they only bring in cash from other countries' citizens.

  21. Fnord says

    If popehat alone were removed? Or if controversial sites were removed frequently?

    Those are different questions, because the greater the magnitude of the problem you suggest exists, the greater the incentive for people to learn to use alternative systems, and the greater the incentive for US companies to provide user-friendly solutions.

  22. Bobby Zimmerman says

    End result: Balkanization of the network. Multiple root servers, number space conflicts, lots of fun for all…

  23. says

    How I would rearrange DNS now-a-days:

    (1) DNS would be a Distributed Hash Table P2P operation a la "magnet links" in Bittorrent.

    (2) Every peer communicant on the "Backbone" of DNS would need a public key. This key would mostly be used for signing the transmissions. By this means a bad actor could be pseudo-banned by having his key banned (possibly along with his IP address). Sure, this isn't armor, but nothing is armored in P2P applications.

    (3) Each entry in the DNS system would have it's public key, that key's finger print, and as many of the related resource records as desired, all signed with the public key.

    (4) Only the public key, and to a lessor extent the key fingerprint, are known unique. Other names e.g. macdonalds etc., can be listed by as many people as care to construct and submit a well-formed block. The domain names become useful but not unique identifiers.

    Under this system:

    People would quickly adapt to the fact that names are not unique nor protected. "Robert White" isn't uniquely me, why should McDonalds be uniquely them? There just aren't enough words to go around this way on the internet. Names as unique keys just cannot keep up.

    Organizations could issue QRCodes or whatever on their business cards or on other important communications that contain their key or key fingerprint. Links in documents would also point to that info. So http://big-hex-number-here becomes the only way to know for sure you are getting a unique whatnot. Once you have gotten and bookmarked the right top level stuff you are golden, inside those documents they should be using the same kind of "I know who I am talking about" links, or on-same-page links.

    If you enter a name like "Pope Hat" (we don't need the .com or whatever any more) or "McDonalds" your browser would give you a list of all the sites that match, optionally preferring one you have bookmarked because it's already in your browser. Meanwhile if there are a bunch of detractors or even fans of "name" you get this self selected list of topical groupings.

    If someone is banned by you personally, you'd be blacklisting their key and after that it would hide _all_ their DNS listings till they went with another key.

    Keys could be revoked in the normal Public Key Infrastructure (PKI). DNS nodes would naturally drop any key that they found was revoked.

    Keys naturally expire in PKI anyway.

    Businesses like Register.com become impossible, as does domain squatting.

    The DNS system becomes its own distributed search engine type technology for core terms.

    The technologies are all well understood. Names wouldn't be assumed safe any more, but that's life isn't it…

  24. Allen says

    Given our national debt isn't China already a stakeholder in the US Dept. of Commerce?

    Hell, turn it over to the UN. Then we can all be Josef K and discover the process. Which is probably where we are headed anyway.

  25. Anonymous says

    When I hear the word stakeholders I reach für mein Browning.

    I literally have a document open right now with the filename "Stakeholders.txt"

  26. Cat G says

    Stakeholders is a dirty way of saying "nothing is really going to change". ICANN is currently running the Root Zone. This will not change anytime soon. When the DoC bows out, the "stakeholders" will come in – and I think you can name some of them. (Level 3, Google, Apple, Microsoft, etc.) I would imagine that ICANN is going to give them the same level of respect Clark would give to a fascist dictator espousing beliefs he disagrees with.

    The root zone servers themselves do not appear to be slated for any changes, and it's worth noting that no matter who is behind the wheel (theoretically) three of those servers are operated by the US government. (DISA, NASA, and the US Army Research Lab.) Two are US based colleges (USC, University of Maryland). Two are run by one company (Verisign).

    I don't see any of the above allowing themselves to be moved from the list without significant upheaval, and if I were going to bet, I would say they (and the other Root Zone servers) would properly be the best "stakeholders" – they have the responsibility to run the servers.

    And if all else fails, I hope none of you have dynamic IPs.

  27. Bob Brown says

    Do not forget that ICANN is also in charge of IP address assignments, a power which provides for at least as many opportunities for screwuppage as does their power over DNS.

    I am personally certain that The Government has nefarious motives at heart because the change was announced on a Friday afternoon.

  28. ZarroTsu says

    Words hurt people, so if we remove the words people can't be hurt!

    Wait a sec…

    People hurt people. What if we removed all the people!?

  29. Hoare says

    from techdirt …

    The US government already had little to no actual say over anything that ICANN was doing. The organization has been almost entirely independent from the beginning, and this move really just helps to clarify things, while actually taking some pressure off of ICANN so that other countries can't whine and complain (incorrectly) that the internet is "under US control."

    https://www.techdirt.com/articles/20140314/15211626581/us-relinquishing-what-tiny-control-it-had-internet-if-un-isnt-allowed-to-take-over.shtml

  30. JTG says

    @Robert White

    With DNSSEC, we may already have part of your proposal, albeit in a rather cumbersome manner.

  31. JTG says

    I also wonder whether the set of "stakeholders" would include entities such as industry groups. One could make the argument that some of those, notably those related to intellectual property rights, can just as censorious as some of the countries noted above.

  32. says

    As long as ICANN is headquartered in the U.S., I suspect they will err on the side of free speech, despite being a contractor to "global stakeholders". And I doubt that group will be cohesive enough to ever try to fire ICANN, even if they are all pissed off at their lack of censorship.

  33. Elizabeth says

    Isn't the largest group of ICANN constituents the registrars? With more TLDs and many more domain registrations in the registrars' best interest, does this give ICANN a financial reason to keep the Internet "free"? (ICANN is a California non-profit, but between all its global meetings and new gTLDs, it is a profit generating machine.)

  34. cpast says

    @JTG

    IANA refers to whatever body is in charge of generally coordinating IP addresses and DNS; it's currently run by ICANN, but if someone besides ICANN took over the job, they would become IANA.

  35. Gabriel says

    and ICANN also does ASNs, which afford just as much internet-fucking potential as DNS and IP's if mishandled.

  36. says

    @Patrick: You mention SOPA in reply #2 as if it somehow supports your point, which I find a bit baffling as I can't think of a better example of why the US SHOULD give up its authority than Congress coming within a hair's breadth of handing control of the DNS spec over to Hollywood lobbyists.

    The system isn't broken? Tell that to the people who've had their domains hijacked without compensation or due process over spurious copyright claims.

    I don't think any single country should have that authority. You mention Australia as an acceptable alternative — really? The country that censors violent video games and won't allow flat-chested women to make porn movies?

    I share your concern for what could happen with UN control over DNS. I don't share your faith that the system we've got now is worth preserving.

  37. David C says

    I don't think any single country should have that authority.

    Someone has to have authority, though. Whether it's a country, or the Department of Commerce of a country, or Google, or a committee of various people, someone is going to have authority and therefore have the opportunity to abuse the authority.

    America isn't perfect, but it's a far better choice than Syria, or Turkey, or Russia, or China, or many other countries.

  38. Jason says

    A more appropriate video to make your point, that I suspect will be more accurate in the long run, would be the robot chicken parody of that scene from Empire.

  39. The Man in the Mask says

    " Time counts and keeps countin', and we knows now finding the trick of what's been and lost ain't no easy ride. […]"

    Gather 'round the fire, dear boys and girls, and let's go back to a time BEFORE the DNS system was organized. We still had a network and we still had hosts on it — lots of 'em. Do you know how we managed the mapping of hosts to IP addresses?

    We had a static file. It was maintained at a central location and was updated daily. In the wee hours of the night, our systems would wake up and poll that central location, downloading the latest version so that it'd be ready for the next working day.

    Crude? Sure. But there weren't so many hosts that it was unworkable, and there weren't so many changes that being a day behind was a big deal. And the file wasn't that big, even by the standards of the time.

    There were certain advantages to this: for one thing, no DNS system to attack. For another (to a decent first approximation) every host knew the address of every other host. And for another, we quickly worked out how to avoid downloading a broken version of the file and overwriting the perfectly good one that we had just a moment ago.

    I'm not reciting this bit of history to suggest that this is the way going forward. Oh, it would work, more or less, for the top 10K or 100K or 1000K domains because we could encapsulate their primary DNS information in a file, sign it cryptographically, and drop it into a torrent. Then we could play whack-a-mole with countries like Turkey that are trying to block certain social networks.

    No, I'm reciting this because I want to make the point that alternatives to DNS exist and others will no doubt be developed. If there is sufficient pressure applied to the system to annoy the braintrust — which ranges all over the political spectrum but is united in its contempt for politicians putting their fingers into places where they don't belong — will deploy one or twenty of them. And given the migration to IPv6 which is happening as you read this (albeit slowly), the would-be censors of the world are going to find themselves facing problems that are intractable, in an engineering sense.

    (e.g.: we publish 100 addresses for hot-popehat-lawyers-in-spandex.com, and the government of Elbonia blackholes them in their perimeter routers. Fine, we say. The next day, because we can, we publish 500,000, nearly all of which aren't really the web site, but HTTP proxies that gateway to it — and we have 500K because we know a kajillion people who love popehat (in spandex) and they all have /64's because that's what everyone has.)

    There are other ways as well. Many ways. I think that attempts
    to bend the DNS system to the will of governments and corporations are likely to accelerate the experimentation with and deployment of those. Some will flop. Some will work. But the spice must flow! Oh, wait, sorry, wrong movie.

    For my part, I have watched (as Lauren Weinstein puts it) the domain-industrial complex deploy an array of bogus, worthless, useless TLDs as cash cows for the registrars (e.g., .xxx). I've made it a point to use DNS RPZ (response policy zones) to make them disappear from my view of the Internet. Those same RPZ have other uses as well. Many uses. As some governments are about to learn.

  40. NI says

    Man in the Mask, I'm not tech-savvy enough to know if what you're telling us is right, but the immediate first question that comes to mind is this: If the braintrust can bypass politicians as easily as you claim, then why has China been so successful at censoring the internet?

  41. azazel1024 says

    Obviously we need to appoint Mr. Universe as the curator of the DNS system.

    Problem solved.

    Or easier, just everyone learn to memorize their favorite websites' IP addresses.

    I mean seriously, how hard is it to remember 74.125.228.0

    2607:f8b0:4004:807::1007 is almost as easy to remember.

  42. Kratoklastes says

    OP shows far too much faith in the cesspit that is the US political system, and far too little faith in the chops of the cypherpunks. (Not to mention a childish and naive faith in 'democracy' – a system that Arrow showed can not possibly work… Google "Condorcet Paradox" or "Arrow Impossibility Theorem" to see why democracy does not reliably reflect 'the will of the people' or whatever flowery Rousseauean-nonsense trope you prefer).

    OpenNIC is already a thing; P2P-based, signed, non-centraslly-administered DNS will be a thing. And if shit gets more real, some bright group of folks will create something even more betterer, and it will be free.

    .gov might waste vast amounts of tax revenue playing whack-a-mole, but eventually it will lose.

    In fact the feeb attempts of .gov.cn's minions to control internet content in The China are a case in point: they've perfected it such that certain bits of the internet are completely unavailable to citizens of The China who fail to spend 5 minutes finding out how to circumvent the Great Firewall.

    Getting 'non-approved' web content in The China is kinda like getting a drink during 1920s Prohibition, or getting some bud during The War On Some Drugs.

  43. cpast says

    Arrow's Paradox doesn't say "democracy can't work", it said "any system that ranks a finite set of outcomes based only on a finite number of ranked preference lists must violate Pareto efficiency, independence of irrelevant alternatives, or non-dictatorship". Taking non-dictatorship as necessary, and Pareto efficiency as "any system without this can't be taken seriously" (violating it means that everyone can prefer option A to option B, and the system then pops out that the group prefers B to A), what you're left with is that no reasonable ranked voting system has independence of irrelevant alternatives – if the group prefers A to B, and you add option C, they may now prefer B to A. In real terms: Gore wins the election without Nader, Bush wins it with Nader.

    First, that's a far cry from "doesn't work". Second, it only applies to ranked systems. Third, although IIA is necessary for rational decisions, humans are irrational, and there's evidence that humans are affected by irrelevant alternatives – in some cases, giving someone choice C *does* affect their preference between A and B.

    Also, there's no such country as "The China".

  44. cpast says

    Only if you think "will of the people" must be unanimous. I think most people would agree that it's the will of the people that people walking on the street should not be shot and have everything on them taken by the person who shot them; yet, this needs enforcement.

  45. Grifter says

    On a side note, out of curiosity, in the headline….

    What is the "it" meant to refer to? Every time I read it, I get confused for a moment.

    Is it:

    "Does The Internet Need A United Nations When The Internet Doesn't Have A First Amendment?"

    or

    "Does The Internet Need A United Nations When A United Nations Doesn't Have A First Amendment?"

  46. OrderoftheQuaff says

    "Stakeholders" is one of those words that makes me cringe. If you have fleas or intestinal parasites, aren't they stakeholders too?

  47. Leon Wolfeson says

    Kratoklastes – Well yes, which is why governments like the UK and Australia's are now doing things like trying to ban financial dealings to their citizens for broad categories of websites.

    Given the virtual duopoly of payments in the first world (inferior, ironically, to much of the third world – heck, the Bristol Pound (a local currency) has FAR superior payment options), this will likely be more effective.

    The US can't talk either, given the whole internet gambling thing.

    Given DNSSEC, I expect there to be a second, free-software-driven distributed DNS system within a not so many years anyway. (Yes, I'm an anarchist – a mutualist, why do you ask?)

  48. cpast says

    I'm not sure what you mean by "free-software-based alternative DNS." DNS, as well as damn near the entire underlying suite of protocols used on the Internet, is *already* an open standard, freely available to everyone (as opposed to, say, ISO standards, which cost money), and BIND (the most common implementation, which is also the reference implementation) is free software.

    And how does DNSSEC have anything whatsoever to do with a distributed DNS system? For a record to be validated by DNSSEC, the nameserver's key has to be validated by another nameserver, whose key must be validated, and so on, down to a trust anchor whose key is preloaded in the client's resolver. By default, the trust chain follows the DNS chain: ns.sub.example.com's key is validated by ns.example.com, which is validated by the .com nameserver, which is validated by the DNS root, which is preloaded into a resolver. A resolver can have whatever anchors you want preloaded, but as with SSL certificates, in practice there will be a very restricted set commonly preloaded, and a chain not going to one of them won't be validated by most systems.

  49. GoddersUK says

    Trusting the UK with governance of the internet would be incredibly foolish. Look up Claire Perry, for instance. The same would be trued with most other European states. It's a sad fact that the only country in the world that I'm aware of that has the necessary legal protections for the internet to function is the US (not sad because I dislike the US, sad because I want more countries, mine included, to have those protections).

  50. Ole Juul says

    I may have missed it in the comments, so I'm not sure that people know that the US will not relinquish control of ICANN. I agree with many, that the solution (if there is a problem) is not clear, but to suggest that this is anything but US propaganda seems wrong. I'll just leave a quote from an article by Michael Geist about this:

    "in 2009 the U.S. and ICANN entered into an agreement that institutionalized "the technical coordination of the Internet's domain name and addressing system." That document included a commitment for the U.S. to remain involved in the Governmental Advisory Committee (GAC), the powerful body within ICANN that allows governments to provide their views on governance matters. It also contained an ICANN commitment to remain headquartered in the U.S., effectively ensuring ongoing U.S. jurisdiction over it."

  51. says

    Why should anyone trust the US wrt the internet given the revelations about the NSA and how it abused the US's position on the INTERNET?

Trackbacks