[LINK] Google Expands Control of Internet Architecture

jore419-links at yahoo.com.au jore419-links at yahoo.com.au
Tue Dec 22 06:37:21 AEDT 2009


"Providing an opt-in service is hardly exercising control."

Sure it is. Look at Google Search, Gmail, YouTube, etc...





________________________________
From: Kim Davies <kim at cynosure.com.au>
To: Roger Clarke <Roger.Clarke at xamax.com.au>
Cc: link at anu.edu.au
Sent: Tue, 22 December, 2009 5:00:17 AM
Subject: Re: [LINK] Google Expands Control of Internet Architecture

Quoting Roger Clarke on Sunday December 20, 2009:
| 
| Google joins at least two other companies offering free DNS
| alternatives, although Google is the first of these companies to also
| have so many other services in various layers of the internet
| architecture. By tradition, DNS is a distributed function, subject to
| an open standard-setting process and part of the generally distributed
| nature of the internet. A new authentication standard is in the works,
| called the Domain Name System Security Extensions (DNSSEC). 

| Google's DNS service does not use the new authentication standard, but 
| instead uses a proprietary security method.

I'm not really too sure what the point this article was trying to make,
but I think to say it is "expanding control" is rather over the top.
Providing an opt-in service is hardly exercising control. Further, they
appear to be doing it in a standards compliant way, which is in contrast
to some of the alternatives. Increasingly ISPs are monetising the DNS
caching resolver function by selling off DNS results - they will get
money in exchange for deliberately changing the content of DNS traffic.
Right now, usually this involves giving you ads via your web browser
(and breaking non-HTTP transactions) when you enter a non-existent
domain. Some DNS providers like OpenDNS actively rewrite the DNS results
of _existing_ domains, which is even worse.

As for Google "not using the new authentication standard", neither does
anyone else... yet. For it to be generally useful firstly requires
the DNS root zone to be signed. The completed roll-out of that is not
planned until June 2010. EPIC seems to be holding Google to one standard
and not explaining the alternatives are often worse.

| DNSSEC Official Site:
|      <http://www.dnssec.net/>http://www.dnssec.net/

As an aside, there is nothing official about that site.

kim
_______________________________________________
Link mailing list
Link at mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link



      __________________________________________________________________________________
See what's on at the movies in your area. Find out now: http://au.movies.yahoo.com/session-times/


More information about the Link mailing list