16 comments

[ 3.4 ms ] story [ 15.5 ms ] thread
Could Firefox's DoH promote OpenNIC somehow?
Better yet, setup something like the following:

- Answer queries for .org. By default, forward queries to the legacy (pillaged) registry.

- Allow administrators of domain in .org to "opt in" to being managed by Mozilla by placing special DNS records or the like.

- "Opting in" is no charge from Mozilla if the Mozilla-registry nameservers are setup to match the legacy registry

- At any time, a domain owner can stop renewing at the legacy registry. If the domain has been opted in to the Mozilla registry, its owner can pay Mozilla instead to continue their registration with Mozilla (and other onboard organizations/resolvers)

- If the user stops paying the Mozilla registry, it removes the opt-in and the ownership is up for grabs back at the legacy registry.

The idea being that .org sites, especially the ones we've all come to rely on as infrastructure, could register with Mozilla to claim ownership of their names outside of just the pillaged registry. Then if the looters raise fees too high they can individually make the decision to cast off the legacy registry after pointing their communities at the new resolvers, with no disruption to services.

> - Allow administrators of domain in .org to "opt in" to being managed by Mozilla by placing special DNS records or the like.

Wouldn't this effectively be a hostile takeover of .org by Mozilla? This seems like it could set a dangerous precedent.

E.g., what if Google decides later that some other registries are also untrustworthy and offers management on Chrome?

Yes. This is a terrible idea and would result in the bankruptcy of Mozilla from the inevitable lawsuits. The registry owner would sue them and they’d also doubtless face a class action from the registrants themselves.
(comment deleted)
They would have absolutely no grounds to sue. At all. There are already lying DNS servers, they haven't seen any legal threat for this exact reason. Tons of organizations also redirect DNS for their network.
Maybe I’m wrong. I’d expect that orchestrating a deliberate MITM attack would violate some relevant laws.
Creating a new name database that people can choose to use is not a "MITM attack".
It absolutely is. Alice registers with Mozilla for the same .org Bob registers with the official registrar and Mozilla sends traffic intended for Bob to Alice.
In your example, the traffic that goes to Alice is intended for Alice, because the initiators of that traffic have chosen to use the new database to direct traffic.

But also note that per my description, Alice can't just register a domain that Bob has already registered at the legacy registry. Rather, the conflict in your example can only happen if Alice is registered at the legacy registry and Mozilla, lets her registration lapse at the legacy, and then Bob comes along and attempts to lay technical claim to the name because it is not registered at the legacy.

> In your example, the traffic that goes to Alice is intended for Alice, because the initiators of that traffic have chosen to use the new database to direct traffic.

Is your proposal then that Mozilla doesn’t actually use this database unless individuals opt in? In that case it’s worthless.

> then Bob comes along and attempts to lay technical claim to the name because it is not registered at the legacy.

This is an entirely legitimate scenario. I don’t know why you’re being dismissive of this as if it doesn’t matter. You’ve described a scheme where Mozilla intentionally hijacks a registrar. Of course the original registrar is still relevant.

> Is your proposal then that Mozilla doesn’t actually use this database unless individuals opt in? In that case it’s worthless.

.org consists of many projects that themselves build Internet infrastructure. For example, Debian could ensure their ability to keep using debian.org in the face of "Ethos" shenanigans by making it so all their infrastructure used the new-world resolvers. And could even do the same for the repositories and apt, if they wanted.

> don’t know why you’re being dismissive of this as if it doesn’t matter

It's not that it doesn't matter, but that I see it is a good thing if there were competition between registries. In this scenario, what is actually happening is that Bob and the legacy registry are attempting to lay claim to a name that has already been claimed by someone else and recorded at the new registry. So Bob and the legacy registry can't claim the already-registered name in some universal sense - a registry of deeds does not own the plots of land that it keeps records on!

OpenNIC only uses unused tlds. But there could be an OpenNIC-only redirect in the legacy DNS record that would encourage users to migrate. Then the organization can look at traffic to decide when to switch.
I personally think a 10% annual price increase on .org domains is outrageous, considering the current price of a .org domain is $10. I know it's not a lot of money to an organisation, but it's a huge chuck of cash to the company that is getting paid across the millions of .org sites out there. It'll be interesting to see what they do with this windfall.

re: https://www.keypointsabout.org

It’s because people don’t see the 10% as a lot. They go: $10 to $11 is nothing without realizing that it compounds. Try it yourself: pow(1.1 [110%], 7.27) ≈ 2. Every eight years, the price will have more than doubled.

Ok, $10 to $20 isn’t a lot. But what about 3 decades down the line? That’s now $174. You maybe could afford the $10 (maybe even $40), but could you afford to pay that every year?