The Registry environment is a funny old beast that sits in a corner that most people take for granted. Buy a domain name and you’re done. Of course, it’s not that simple. There’s a lot of politicking at the moment.
For example, with E-Bay buying Verisign’s payment processing unit, things may look slightly up in the war against phishing but what future ramifications could it have? Verisign run the dotCom and dotOrg registries albeit with cries of cronyism after ICANN railroaded Versign’s reapplication to run dotOrg was beset with a number of irregularities that it chose to ignore. With the PPU gone, they have the certificate and domain business more front and center. These go hand in hand with DNSSEC on the horizon. With phishing in E-bay’s court now, might Verisign and ICANN start ramping up the deployment of DNSSEC-capable servers to stamp out pharming? Unlikely in the near future. Despite the fact that Verisign was at the heart of the creation of the current and widely adopted registry-registrar protocol EPP, Verisign themselves do not support it, not having the will or urgency to build such a server or, more importantly, help its many thousands of registrars to make the change to support EPP exchanges. 2006 has been motted but who knows really? The latest set of ICANN contracts all stipulate Nov 2006 as a deadline for the provision of DNSSEC facilities to registries. Maybe it will also see all registries start down the road to shuck off other registry-registrar protocols such as RRP and CSC Payload 2.0.
For now, we’re watching the current attempts of the EU to wrestle away some control of the internet at large from the USA, with ICANN stuck in the middle and wondering if George W. Bush has an opinion on it other than wishing he could control what Americans read on it just like China does. If talks in Geneva do devolve power from a benevolent dictator model a la that of linux, what might be formed in the announcement’s wake? A United Nations for Internet Technologies (UNIT)? Would ICANN continue to work in the same way? Would it be held accountable for its more questionable actions (see above?) Time will tell, but it’s an interesting question.
On a techy level, the EPP v1 specifications have been revised recently, and the EPP extension for including DNSSEC information into requests moves slowly forward towards general acceptance, while ICANN look to be pushing IRIS as a replacement for the venerable WHOIS info server protocol. Nov 2006 is again the deadline for IRIS implementation in the new ICANN contracts. Who knows, perhaps by then the working group ICANN instigated to figure out how to remedy the problem that WHOIS contravenes many countries’ data privacy laws and can tell us how to fix IRIS as well.
Some useful links:
- The Register's Internet and Law Area
- Electronic Privacy Information Center
- EPP: RFCs 3730, 3731, 3732, 3733, 3734, 3735, 3915
- Internationalized Domain Names: RFCs 3490, 3491, 3492, 3454
- WHOIS: RFCs 812 (original), 954 (recent), 3912 (current)
- IRIS: RFCs 3981, 3982, 3983, 3288, 3080, 3081
- DNSSEC: Infosite, RFCs 4033, 4034, 4035