Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

I'm not proposing ANY domain mirroring with this project.  This would be limited 
to DNS records pointing to the actual owners of of a website, especially where 
there has been no due process of law.  Now I certainly have no interest or 
desire to protect anyone peddling child-porn, but there are very strong laws in 
place which back up my moral beliefs in this matter.  On the subject of P2P 
sites, there has been no due process in the matter, only unexplained seizures 
with no charges filed and no explanation of what laws are believed to have been 
broken.  The last I heard, the government agencies were not even responding to 
demands of owner's rights to due process.  The disgusting thing in all of this 
(to myself) is that we are witnessing corporate manipulation of government 
entities to such a degree, that even those accused of child-porn are being 
treated with a greater respect by the law.

Regarding domain confiscations, I also believe that we will need to take the 
(sometimes unfortunate) stand of releasing our own DNS pointers back to the 
ICANN entries once there is a final and definite court ruling against the 
defense.  I think the above examples actually make a very good guideline for a 
simple set of rules we can follow in this matter...

- In the case of child porn, the website will be confiscated, but the 
operator(s) will immediately have charges filed against them.  (There is also 
the matter that it is unlikely anyone will put in a request here to have the 
original site DNS protected.)  Unless the charges are cleared in court, we have 
no reason to offer alternative routing to this site.

- In the case of most of these P2P confiscations, there have been no charges 
filed against the operators.  If there are no charges, then there are no legal 
proceedings preventing OpenNic from linking to the original servers, therefore 
we have no legal or moral restrictions from providing a way for users to connect 
to these sites.

I do like your idea of assigning a committee to handling the immediate matters 
of controlling access to various sites, and it would be no problem to have an 
automated email sent to the mailing list which details which sites are currently 
overriding ICANN control, what date we started the override, and any notes on 
the site (for instance, pending legal charges, or waiting for a court verdict).  
This would keep all members informed as to where we are sticking our noses, but 
still allow the committee to act quickly.

You also mentioned a method for the site operator to notify OpenNic of actual 
changes they are making.  I'm not sure if you were still thinking about a site 
mirror for this, but as I said above, mirroring was not the intent of this 
thread.  However, relating to DNS changes, this falls squarely under slave 
zones.  If a site wants to have official ties with OpenNic, we could have a 
server providing slave DNS services, and the slave zone information would then 
serve as official notification within the monitoring code as to what is legitimate.


On 03/06/2011 01:31 PM, Peter McCann wrote:
> You are essentially proposing that OpenNIC get into the domain ownership
> dispute resolution business.  Personally I think that's a fine idea
> and had assumed
> this sort of thing was one of the reasons OpenNIC was created.  You will be
> going up against court ordered domain confiscations and transfers, and
> publishing
> contradictory information to what ICANN is forced to publish by the
> legal system.
> Do you really want to hold a vote on every instance where a domain is
> confiscated?
> It might be better to elect some sort of judiciary with an appeals
> structure so that
> disputes could be resolved quickly.  I would think you would want to create an
> acceptable usage policy (do you really want to be protecting all the child
> pornographers?).
>
> I don't think you actually need to mirror the whole protected zone,
> just return a
> delegation point that points at the IP address(es) of their preferred
> nameserver.
> I think most of the domain confiscations have redirected the DNS queries to
> government-controlled nameservers and you just need to prevent that.
> You would need a secure way for the real domain owner to update this
> information,
> so as you outline I think you would need a positive affirmation that the owner
> wants this protection service before you would start providing it.  If
> the owner ever
> needed to make a change and forgot to update OpenNIC it might create a 
> problem.
> Some mechanism to agree on authentication information for these updates would
> be needed.
>
> What is OpenNICs strategy with respect to DNSSEC?  I assume that eventually
> the OpenNIC root will need to be signed with some key and some group of people
> will need to be responsible for that.