"Unilateral action" = we're gonna do this whether you like it or not.
But you know what, the Chinese already have the means to do this. Just block anything that doesn't end in ".cn", and block port 53 on all foreign DNS servers. Then what's the point of this internet draft? Just something that somebody can cite later to lend an appearance of support when China does break away from the internet?
We probably should have foreseen this and fixed our system earlier. I remember being at Interop back before it was cool, think industry at Gopher not Mosaic (more 'People Sometimes Need Data Processing', and not so much of the 'All'). Anyway, even then I was flabbergasted at the way networking was being implemented. The truth is, there ARE really good reasons to have a multiple DNS roots. We probably SHOULD have thought about languages with non latin alphabets. It is also true that we SHOULD have considered allocating more internet addresses to China than we allocated to, say, Stanford University. And, yes, the list goes on and on.
Having mentioned all that, I am inclined to try to fix the internet we currently use. And, to be fair, even the Chinese will concede that we have been TRYING to do just that. These things take time though. No one, (and by no one I mean Governments), really has the motivation to be very proactive in the attempts to fix a lot of these issues. This is just one manifestation of the diverging interests.
That might actually have been a good justification for China being in control of its own addressing scheme (which the draft proposes) if we didn't have IPv6. But now there is no need, since the cost of implementing a nationwide NAT (sort of) might rival, if not exceed, the cost of transitioning to IPv6.
The proposal is needlessly complicated, notwithstanding the poor quality of writing. The authors' rationale is to "realize autonomy", yet AIP suffixes are globally namespaced and still need IANA assignment, which is really no different to the current situation in relation to TLDs. It breaks backwards compatibility when applications need to cross AIP networks and also introduces the issue of conflicting AIP network-internal names. The authors make no attempt to discuss these obvious issues or any others, and also blindly wave off security considerations, saying "there is no additional security requirement".
Also, the authors are on Yahoo/QQ free webmail addresses, which isn't very professional.
Par for the course in China, really. I know very few businesspeople here who don't use a free email service.
I assume it's because you can't have unicode email address? (can you?) And there are only a hundred or so different names (in pinyin without tone marks)...
My instinct tell me that's not correct. So I did the calculation:) From the ancient Chinese surname document "百家姓" , there're more than 500 hundreds surnames listed. And by removing the tone marks, I got 295 unique surnames in pinyin. But these are just surnames commonly used thousand years ago. Multiple by thousands unique first names, I believe that there're at least hundreds of thousands different names in pinyin.
Of course this is still far less than the number of different names in western countries. But it's not the main reason that some people in China use number style email addresses.
Maybe with tech guys. They certainly go very down very well with politicians and corporations.
The politics alone would disqualify it.
It is, of course, contrary to the fundamental principle of the internet.
I've actually done what this RFC proposes twice before simply by configuring my DNS server carefully. Once I left an open wifi AP at a tradeshow that served our company's website regardless of the domain entered. The other time I specified that all hosts used the address of our proxy-filter so that there was no need to configure a proxy server on your computer.
I'd have to think it through a bit but I think these techniques would work on a larger scale (like a country). Perhaps I'll write an article about these unorthodox DNS configurations if people are interested.
Is it legal to discriminate in hiring based on English skills? It seems like it would necessarily have a disparate impact based on national origin, which I believe is a protected class. But to forbid hiring on the basis of English skills would seem very strange in an English-speaking company, where English is critical to communication.
This doesn't have any "teeth" unless they also blocked non-Chinese DNS servers. But they could do that already, even today. I just don't get why they're coming to the table trying to convince the rest of the Internet to do something, when they seem to already have the tools they need to do this themselves.
Probably China is trying to show the way, even the technical way, on how to apply internet-wide censorship to other "freedom loving" countries. I think China may also be seeking some kind of official recognition of the fact they are not the only bad guys in town, that other countries are implementing the same measures, although with much less bad public reaction. If other countries will reference that Internet Draft in their (leaked) technical manuals or even participate in the discussion of it, China could much more easily justify its actions.
They've thought of that problem already.
True democracy... (Is that like a true scotsman? ... Who has a true democracy?)
Nationalism, or merely, wanting control over your own country, is also at play, here.
Americans think every other country should be OK with them having control over the internet, what with ICANN, Google, Twitter, Facebook et al. Proposals such as SOPA, PIPA, etc, or the MegaUpload arrests, make it more evident why this is not the case.
With that in mind, let us examine the flaws in the proposal at hand.
* 1. Lettered roots
This proposal puts the existing DNS root under a lettered virtual root above it, with implicit resolution to the local AIP. The existing DNS root locations are ALREADY indexed by letter, so this is a recipe for confusion. Even more importantly, this system _will not scale_: There are 26 possible letters, if drawing from the ASCII set only, which permanently restricts the number of autonomous zones. What happens then?
This could be resolved by using a unique suffix scheme that does not conflict with the existing or requested TLDs, but would make it that much harder to type an external DNS address. yahoo.com.extdomA for general use would be quite unfortunate.
* 2. Who hands out the AIP designations?
If every AIP must have a single unique designation, there must be an organization handing them out. The ICANN would be the obvious choice, but that brings us back around full circle.
* 3. Ownership conflicts
As rfc2826 points out , the internet is built on the assumption that domain names are unique. With multiple implicit zones, either the same entity must be able to control their domain within each or we will end up with conflicts. If yahoo.com resolves to the 'Yahoo' corporate entity in most AIDs, but is controlled by Baidu in one, can they claim it? If not, what about the user confusion that would entail?
Regardless of the answer to this question, I expect in an AID world everyone would start using external domains for the stronger guarantees they provide. So Yahoo would be permanently yahoo.com.A. Which is complicated by...
* 4. Blocking.
If AIPs start blocking resolution of specific external domains, what happens? Obviously China would like this, but for the internet at large, having siloed intranets would likely be a huge problem. Every time someone misconfigures BGP and one region of the internet cannot talk to another, things break. A shifting set of resolvable domains would likely cause exactly the same headaches, only they wouldn't go away with the next BGP update.
* 5. Proxying and scale.
The AIP DNS are required to proxy requests to external domains (3.2 from the draft). Presumably this is to facilitate blocking, but it would also impose significant load issues and key bottlenecks. Note that right now the only equivalent is the root DNS, and it only handles resolution for the TLDs. Something far larger would need to be set up to be able to handle the load of proxying all external requests.
Overall, this proposal has far too many foundational issues to be seriously considered. I am personally happy it was drafted - work to break the One True Root should be done in the open with all relevant parties involved. But this draft isn't going to cut it.
 http://tools.ietf.org/html/rfc2826 (IAB Technical Comment on the Unique DNS Root)
Here is the map of current root servers: http://en.wikipedia.org/wiki/File:Root-current.svg
http://en.m.wikipedia.org/wiki/DNS_root_zone has some details.
I've got an idea; let's use two-letter ISO country codes...
That trailing dot is never used in a web browser, but it most certainly does exist.
ccTLDs are a great idea, but somewhere around 60% of the top million websites in the world are run off of .com domains; there's no guarantee that a country could block an entire gTLD or ccTLD and successfully limit all questionable content.
> * 3. Ownership conflicts
> ...network A, B and ... are AIP networks; Domain node "www.yahoo.com" in network B is expressed as "www.yahoo.com.B" for its external domain name.
It mean that www.yahoo.com can co-exist in AIPs A and B. The "external domain names" will be www.yahoo.com.A abd www.yahoo.com.B. Would HTML documents be linked using local names or external names? Local only names are not going to work across APIs unless www.yahoo.com maintains same document hierarchy in all of them!
On the other hand, they already have access to a ".B" suffix, and it's called ".cn". For exampe, www.yahoo.com.cn.
When an external (out of china) domain is visited from within china (for the first time), it is blocked. It is then later unblocked.
I've experimented with this a few times, and it always happens like that.
For example, lets say an entrepreneur develops a new product and wants to have it manufactured by an outsourced company. Searches for it on Google, but thanks to this RFC the results from China either don't show up, or don't load at all. The entrepreneur therefore opts for a manufacturing company in Des Moines, Iowa.
I guess perhaps the same could happen if only China adopts this RFC, i.e. business people in China who don't know better launch their website on a Chinese only DNS system and wonder why nobody from the rest of the world calls them.
This can NOT be a real effort... can it?
In order to realize the transition from Internet to Autonomous Internet, each partition of current Internet should first realize possible self-government and gradually reduce its dependence on the foreign domain names, such as COM, NET et al. Then to each AIP network, we can establish a new autonomous DNS, or Upgrade one part of current Internet DNS (core part or non core part) to a new autonomous DNS.
Go right ahead guys, anybody can configure their name resolvers that way if they want to. The part that they're not saying is that in order to force this upon their users they will have to block DNS packets from traversing across their border.
I can't imagine the IETF is going to go for this.
There are even 'members' (large numbers) of the party who do not agree/encourage the party agenda.
I suppose bitcoin mining might suffer.
Can it be a fallout from the SOPA fiasco? Assuming best intentions :)- It seems like running your own autonomous root DNS enables them to stay up even if the domain name is taken down by domain hosts.
«The main rules of the Autonomous Internet DNS are defined as following:
* Rule 1: Each AIP network itself has a complete set of Domain Name System, which support traditional domain name resolution within the AIP.
* Rule 2: Each AIP network has its own numbered name that is different from the others. The numbered name is taken as the default domain name suffix when the internal domain name of this AIP network is cited by external AIP network. And any IP node's external domain name is consist of its internal domain name and its AIP network default domain name suffix.
* Rule 3: When communicate between AIP networks, the access to IP node of external AIP network must use the IP node's external domain name.»
See how it's ALWAYS about politics and never about technology?
I say that for hackers that believe that political action doesn't matter, and that technology will just liberate us every time, because we can always "find workarounds for closed systems, surveillance technologies, DRM" etc...
Will it do much good for you to be able to use some obscure technical workaround, when 99% of your country's population cannot or fears to get to the outside "internet", including all your friends and relatives?
Not to mention, that would only work for your private computer use. I mean, let's say (a contrived example) your country forbids standard SMTP. OK, you can still use it over SSL, over a proxy, etc. But would you be able to use the same workarounds also in your business? Would you be able to give your employees the same ability? What if one of them rats you out to the police?
For those on the go, here's a direct link to the podcast of said column: http://archive.org/download/Cory_Doctorow_Podcast_229/Cory_D...
In WWDC'12, Apple introduced many features for chinese in the same reason.
As to the features Apple announced: There are multiple parts that play into this: First the completely different character set, which requires it's own input system and secondly that the Chinese government try's to cut foreign Internet services off and encourages local solutions it can control/manipulate. Those two issues require to address this market separately. Similar things, however might be true for other markets as well (maybe for different root causes) like let's say in Japan or North Korea. However, these markets aren't big enough to warrant effort on this scale. So I see this as a bad indicator to substantiate separating the world this way. If there was higher monetary value for Apple in this, weight see theworldseparated into Butan andtherest, with the same argument.