.MS: Alternate Root and Monoculture as Good Things
why shouldn’t there be a .Sunshine tld? why not one for microsoft? this post is not about alternate roots or why they are bad, this post is about something else. we do need to go over some background (from my perspective) very quickly though.
icann has a steel-fist control over what happens in the dns realm. they decide what is allowed, and who gets money from it. whether it’s verisign for .com or any registrar for the domains they sell. they decide if .Sunshine should exist or not.
they decide if i can have .גדי (which if encoded correctly on your pc you can see as .Sunshine in hebrew), which would be a tld in hebrew.
there is a very good reason ‘why not’. it would be circumventing what is currently known as the dns. the root servers, the tld servers, and so on, creating confusion and chaos online, according to some (and to a level, me).
yet with the united states via icann controlling that system, kicking the rest of the world out, and with other countries such as china, creating their own as a result.. i see no reason why microsoft, as an organization, can’t.
microsoft in this case was an arbitrary choice by me, as an example, much like .Sunshine was.
this has been discussed to death, and in my opinion, the us has been self-marginalizing itself looking at short-term income and control over long-term separation and kick in the nuts from the rest of the world.
what i am here to discuss is why microsoft, as a non-arbitrary choice this time, indeed, of all the world, should kick it aside, creating an alternate root while at the same time not disturbing the world’s dns. they are the only ones in this world with the muscle to do it. monoculture can also be a good thing for security.
.ms – montserrat
it already exists as a cctld. shame.
they could, in all likelihood, get .msft if they tried hard enough, in the current root system. i don’t see why they should even try.
what they can do, for a rather low cost, is add something to their next operating system and web browser (vista and ie 7) to recognize .msft, and act accordingly.
there is a wonderful legacy creation, predating dns, called the hosts file. using this file, users and malware can input names to be resolved. as an example, my hosts file has an entry for the following host:
so that whenever i try to resolve localhost, i get to 127.0.0.1 which is my loopback address. the same could be done to www.google.com, pointing it to whatever address the user or malware wants it to be pointed to. this happens quite often in the malware world.
there are phishing sites and dns hijacking is also known to happen, why risk it? why risk the root servers going down? why not create a site (at the very least) for users to be able to safely go to, regardless of what’s happening outside of their computer on the dns? whenever a user tried to go to .msft, the tld would be recognized as one belonging to microsoft, and a microsoft dns root server would be contacted. microsoft.com would still be under the control of the dns, so that wouldn’t work as well.
you could have: live.msft or msrc.msft, msn.msft, etc. microsoft could also create other tlds, and why shouldn’t they?
or just, even:
regardless of how far they could take this, they won’t be messing with the global root system as hey, icann is not about to add a .msft tld, right? microsoft is everywhere, and they would be serving windows users. their own clients. to their own ip addresses.
i say they should go for it. they won’t be breaking any laws nor stepping on icann’s feet. they could call it something else if dns is too loaded a word.
security and more importantly, business-wise, this can be a very cool and relatively easy “feature” to implement.
naturally, once compromised, a machine could be fooled to go elsewhere even if microsoft were to embed this deeper than the hosts file, but it would be really neat for all other, related, network-based attacks. it would help microsoft’s network security as well and not just their users, depending on how they may implement this.
a monoculture with windows machines everywhere is dangerous, potentially, one bug or one bad patch and we are done for. why not use it for good and business while it’s here, as it is not going anywhere?
why not cisco next for their routers?
why not ebay? whether via microsoft’s new system as clients, or on their own, adding an address to the hosts file (hoping some malware doesn’t change it, and one would).
think about it.
even if it never does get implemented, it’s a pretty neat idea, in my completely unbiased opinion.