July/August 2019 issue of acmqueue The July/August 2019 issue of acmqueue is out now

Subscribers and ACM Professional members login here


  Download PDF version of this article PDF

Error 526 Ray ID: 5276d2dbbc29925e • 2019-10-18 01:43:50 UTC

Invalid SSL certificate








What happened?

The origin web server does not have a valid SSL certificate.

What can I do?

If you're a visitor of this website:

Please try again in a few minutes.

If you're the owner of this website:

The SSL certificate presented by the server did not pass validation. This could indicate an expired SSL certificate or a certificate that does not include the requested domain name. Please contact your hosting provider to ensure that an up-to-date and valid SSL certificate issued by a Certificate Authority is configured for this domain name on the origin server. Additional troubleshooting information here.


Originally published in Queue vol. 9, no. 7
see this item in the ACM Digital Library



Aleksander Kuzmanovic - Net Neutrality: Unexpected Solution to Blockchain Scaling
Cloud-delivery networks could dramatically improve blockchains' scalability, but clouds must be provably neutral first.

Jim Waldo - A Hitchhiker's Guide to the Blockchain Universe
Blockchain remains a mystery, despite its growing acceptance.

Yonatan Sompolinsky, Aviv Zohar - Bitcoin's Underlying Incentives
The unseen economic forces that govern the Bitcoin protocol

Antony Alappatt - Network Applications Are Interactive
The network era requires new models, with interactions instead of algorithms.


(newest first)

Doug Mauer | Thu, 23 Feb 2012 23:49:17 UTC

The scariest thing about all of this is how small the number of people who are aware of these standards and the ramifications of changes in policy must be that Paul feels the need to express and educate on these issues?

McTim | Tue, 30 Aug 2011 05:51:07 UTC

@Chris Jacobi,

I think you are conflating routing and DNS. Routers don't cache DNS information, (some) DNS server do that.

The bottom line is that many people want to monetise the DNS, so that's why we have new gTLDs.

Paul Vixie | Mon, 29 Aug 2011 23:59:37 UTC

ARS Technica has today published an article that refers back here. My reply in the comments thread is as follows:


I think you've misunderstood ARIN's position. ARIN has a designated transfer policy which allows for private trading in IPv4 number resources. Potential sellers and buyers (and even brokers) can register with ARIN to use our listing service, or they can meet up by way of e-Bay. When it's time to consummate a transaction and register the resources under the buyer's name, ARIN has a process for that. We did this to ensure that IPv4 number resources would be maximally utilized and so that the Whois records would remain accurate -- because this is what the ARIN community decided via the public policy process. Some have criticized ARIN's transfer policy because it requires that the buyer demonstrate a short term need for the number resources they are receiving, but the ARIN community chose to prevent its transfer policy being used for hoarding and speculation so those complains might be coming from potential hoarders and speculators.

Of greater interest to me is the question: "and then what?" That is, let's imagine that ARIN's transfer policy becomes widely used and all IPv4 number resources reach what the economists call their "highest and best use". Would we simply stop growing the internet at that point? Or would the value of these number resources continue to increase, with people who can renumber into NAT clouds gradually and forever doing that in order to free up address space for those whose network growth is not compatible with NAT? To me that's an unattractive future because we'll all be spending out time and energy learning how to traverse multilayer NAT. So to me the need for a global transition to IPv6 remains inevitable no matter what happens in the IPv4 number resources market. IPv4 is just too small no matter how efficiently the world learns to use it. Perhaps some investors (and perhaps some speculators) would be well served by lengthening the lifetime of IPv4 by a few more years, but the bigger the IPv4 network gets the harder it will be to pull it through the knothole of the IPv6 transition.

In summary, ARIN has a transfer policy and ARIN stands ready to record the results of private party transactions in IPv4 numbering resources. But the real game in the long run is deploying IPv6, not adding a few years of life or a lot of layers of NAT to the IPv4 network.

Tom Vest | Thu, 11 Aug 2011 18:14:41 UTC

Following up on the comments by Dashworlds and Karl S., in some cases the utility of "competition," "copycatting," etc. -- as well as the possibility of constructive, pro-adaptive "evolution, innovation, and improvement" is bounded by the intrinsic nature of the service domain in question. To illustrate, Karl's watch example suggests a "value proposition" in which the utility of investing in a timepiece varies inversely with the "authority" of the device. The primary motivation for having such a device is to facilitate coordination with other individuals who also recognize and accept the same basic time measure and use that metric as a framework for scheduling and, when necessary, coordinating their own distributed, independent activities. This suggests that the individual and/or collective "value equation" for a coordination standard takes the form:

value = utility of coordination / number of competing reference standards, or [v = c/n]

By implication, an individual who owns two timepieces that give consistently divergent views of the time would be less capable of coordinating their own actions with others, and this would reduce the utility of not only that individual's investment in timepiece(s), but also the value of the overall time-based coordination regime for every other timepiece user who ever benefited or might benefit -- in the past, present or future -- from more effective coordination with the two-timepiece owner.

The main thrust of Paul's argument is that *if* an aspiring new reference standard provider believes that they would profit by offering an alternative view of an established coordination reference standard -- even though that would shift the denominator in the standard's value equation from one to two -- then the aspiring new entrant should also anticipate the near certainty that additional new entrants will also arrive at the same conclusion, and also seek to become competing providers for the same reference standard. Thus, because the overall authority and value of the standard itself varies inversely with the number of divergent, directly competing alternatives, the critical question for the first new entrant is *not* "what share of this particular 'reference standard market' can I expect to capture given [v = c/(n=2)]?" but rather, "what do I stand to gain given [v=c/(n=3,4,5,6...)]?."

Of course, aspiring new entrants and "standards competition" advocates should also recall that previous experience (c.f., the IRRs after RADB) suggests that once n > 1 or 2, the standard's overall utility -- both as a coordination mechanism for the universe of "standards consumers," and as a revenue generator for the much smaller number of competing "standards providers" -- falls steeply if asymptotically toward zero.

Dashworlds | Fri, 22 Jul 2011 11:34:17 UTC

From such a well respected author, the proposition that certain competition should be classed as arrogance comes as a surprise to say the least.

The world is no longer a Pangaea; it fragmented some time ago (when I was a lot younger). The one stop shop Pangaea has become a group of competing countries with various agenda, all contactable using the same telephone numbers, but of course via different country codes.

The DNS will follow the same path. Competition is to be expected, yet the aim is not always to smash the opponent. Sometimes its there to add intrinsic value (whether or not the other side chooses to see it that way). With the DNS for example, as well as Dotcoms, there are now Dashcoms.

Yes, success breeds copycats. It has also been known to breed evolution, innovation and improvement.

Karl Siegemund | Fri, 22 Jul 2011 00:03:02 UTC

Basicly the argument boils down to: A man with a watch always knows the time. A man with two watches never can be sure.

Chris Jacobi | Thu, 21 Jul 2011 21:34:20 UTC

I really agree. I could not understand why on earth we keep adding top-level domains.

Saying what you say in simpler words: The current domain-name structure is hierarchical. Having arbitrary top level domains makes that structure flat.

Social The small benefit of the big "microsofts" of this world is payed by every ISP with routing overhead. Also, the mental picture of a small number of top level domains (orthogonal to company names) will be lost, subjecting everyone to some confusion.

Technical Caching: Every router might have to cache every domain... How are changes propagated?

Security Can no more be "delegated" to top level domains (including country names); chaos will happen. Forgive me for just blowing the same horn, but I agree with you. Chris

Leave this field empty

Post a Comment:

© 2019 ACM, Inc. All Rights Reserved.