DNS: A Safe Haven
For URLs and Internet Identifiers
This is a proposal to address issues that threaten to entangle the infrastructure of the Internet with political and policy issues. Updated02-Aug-2001

Please send comments and feedback to "Bob Frankston".

Updated August 2001 with comments the problem with names.

Note: Since this document was written, I've simplified the proposal into what I'm calling ".DNS" and will soon post the updated version. It turns out that people are increasingly turning to search engines rather than the DNS. This means we can focus on future mechanisms rather than worry about how to transition people.

It's Even Worse!

When this essay was first written, the problems with the "Dot-com" model of using the domain names as commercial handles were already serious. But I ignored a much more serious problem than the possible loss of one's “name” or DNS registration due to its being challenged by others. This loss is not only a problem for the owner of the name, all of society loses access to that knowledge.

The real problem is that the domain (“dot-com”) names have no permanence and one must be vigilant in order to keep the names valid. If one takes no action the name lapses and is either reused or simply becomes invalid. This can have serious and even tragic consequences. It's one thing to discover that the film stock used to make movies in the 1970's is deteriorating. It's another to entrust much of our knowledge and societal memory to a mechanism that is certain to decay. It is the inverse of copyright — after the name expires your work is effectively destroyed instead of being made more widely available.

We must provide a permanent naming system rather than the current DNS. The good news is that we can carve out a “safe haven” within the DNS for names that are guaranteed to never be reused and need never be invalidated.

The “safe haven” approach is a simple proposal with the modest goal of providing a work-around for some of the most serious problems with the current DNS. We can create semantically meaningless names, such as numbers, that can be used as permanent names. The current names can still be typed (among other mechanisms) but they would be saved using the permanent URLs within documents. This can be done within the existing DNS.

We simply cannot continue to use a mechanism that is not only subject to the whims of social and political policy, but is guaranteed to fall apart over time.

The DNS also has many other serious design flaws including:

  • Reuse of identifiers. It's bad-enough that a link becomes invalid but it's worse when it points somewhere else later. This is also true of phone numbers. News of a rape hotline number being reassigned to a phone sex number is not uncommon.
  • Slight errors are likely to result in reaching another site rather than being rejected. Phone numbers also illustrate this problem. If one misspells Operator and dials 1-800-OPERATER instead, you still get an operator but from a different service with different charges.

Executive Summary

We commonly refer to Internet companies as dotcoms. This is just like referring to newspapers, for examples, as rags. After all, we know that we don't really mean that they are made of cloth. But few people understand the Internet as well as the understand the newspaper. In fact, they confuse an expedient convention for a fundamental concept. The result is public policy that threatens our ability to continue the unfettered innovation that has given us the dotcoms and has the promise of doing much more.

The problem:

The Internet itself is very chaotic. The domain handle, such as those under ".com" are an essential part of assuring stable relationships. Note the use of the term "handle" rather than "name". The handle is the key we use to identify the DNS entry but avoids the semantic baggage associated with our common understanding of names. Projecting the our notions of names onto the technical services of the DNS threatens the stability of the linkages by subjecting them to the whims of political and social policy.

The solution:

The solution is very simple. Just separate the technical mechanism of the handles from their role as names. This can be done within the existing system by just assigning meaningless identifiers, such as numbers, instead of words. We already have the example of phone numbers that don't have any relationship to names.

But what about

The issues are addressed in more detail below but very briefly.

  • The Domain Name System (DNS) was created long before the Web as a means of housekeeping low level information such as how to connect to another computer and how to send mail. The names were a convenience so you could name your computer "Pluto" or "Mickey" instead of using a serial number. The Web simply took advantage of these names as a simple way to point to a given computer.
  • The ability to guess a name in the early days of the web avoided the need to wait till there were effective tools such as directory services. This seems to work very well because we tend to stick to what we know and we are treating the web as another broadcast medium where people are "eye balls" whose sold purpose is to be resold to advertisers. See the essay on "disconnnectivity" for more on this issue. But the Internet is more like the phone network where it is more important to call our friends and local merchants than a small number of large brand name companies. The difficulty of mapping the complex issues of trademarks into this flat space is just one symptom of the larger problems.
  • The effort spent in fixing a fundamentally flawed model of the "Internet as Television" is wasted in futility and compounds the problems by simply creating new crimes like "Cybersquatting". Instead, this effort can directed to removing the artificial scarcity engendered by this flawed view of the Internet and the Web. The phone books and other directory services are far more effective at handling names and the computers obviate the need to every type or even see the URLs.

The concepts underlying the Internet are exceedingly simple. Policy making is rarely simple. It is no surprise that those creating mechanisms such as ICANN cannot take simple solutions seriously. It is like creating a committee to solve the complex issues of insufficient light rather than just buying a light bulb and screwing it in.

In 1979 Dan Bricklin and I wrote VisiCalc. This program took up less space on the computer than this essay does yet it helped launch the personal computer. In the 1970's a small group of researchers set forth a very simple principle called the "End to End Argument. The idea was very simple, put the responsibility for creating services at the edges of the network and reduce the network itself to transporting packets and sometimes even losing them. The result is the Internet.

We have a simple and solvable problem with the DNS. It is frustrating to see the effort going into exacerbating problems rather than solving them.

Preserving Innovation

The Internet has become an essential part of the global infrastructure and a major contributor to the world economy. It got there because it has served as a powerful platform for innovation, evolution, and growth. That innovation, evolution and growth is still going on today as strongly as ever, because the basic architectural principles of the Internet were designed to incorporate new applications and new kinds of interconnection at all levels of the network. Preserving those principles is essential to the hardiness and to the very survival of the Internet as a robust source of economic growth.

The Internet allows an idea to go from conception to deployment without the need for building expensive infrastructure and without the time to build a distribution system. It also provides immediate feedback allowing the innovations to evolve very quickly. Successful ideas can flourish. The immediacy of the feedback allows ideas that are not initially successful to be modified or retired.

The Domain Name System was created for the limited housekeeping purposes and to provide a simple naming system for email addresses and hosts. But the focus on the intellectual property issues associated with .COM threaten the stable links that rely on DNS names by introducing the instability of political and jurisdictional issues.

The "Safe Haven" proposal is an extremely simple way to preserve these essential functions by isolating the technical services from the policy issues. It also frees the policy discussions from the artificial constraints of ".com" names.


As the Web became popular, the "www.***.com" style of web names has created an artificial scarcity of commercially valuable domain names. The commercial value of the domain names has made the Domain Name System (DNS) the focus of trademark legislation and attempts to control content on the Internet. (See Dan Bricklin's essay for more discussion of the issues with trademarks.

ICANN is an organization with authority over domain name assignment (through its DNSO subcommittee). As such, it has inherited a central role in the current controversies over name assignment. It has also become the focus of governance issues that seem to stem from assigning identifiers such as domain names and IP addresses. This proposal is very simple - ICANN must separate the technical issues from the policy issues. It can focus on policy, while the DNSO can have a simple, nonpolitical task. There must be a strong separation between the two layers.

Making handle assignment political, threatens the basic "glue" of the Internet.

The strength of the Internet is its simplicity. Fortunately we can preserve the simplicity of domain names by creating a "safe haven" of DNS names that are not subject to the controversies being addressed by ICANN. This can be done within the existing DNS framework and without requiring that current users change their practices. To reduce confusion, we can use the term "handle" rather than "name" for these identifiers.

The problem is that in addressing the issue of the scarcity of commercially meaningful names has made the assignment of names a political rather than a technical process.

The solution is to create a "safe haven" of handles that have no semantics and thus assure that the process of assigning them is as simple as taking the next number.

This allows ICANN to focus on the apolitical function of assigning identifiers rather than issues of commerce and policy.

The problem with Names

Updated August 2001 with thanks to David Reed for helping to clarify this point.

Ever wonder why so many people are called Smith or Miller? The answer has a lot to do with the current confusion over what to do with the DNS. Once upon a time, people's surnames were their occupation - it was a simple way to sort out the Johns and Thomases from each other, and also served as a cheap form of marketing. But eventually, the use of surnames as a distinguishing mark faded because it became more important to have stable names that didn't change when a family member took up a new occupation.

The stability of names becomes necessary when you are dealing with groups much larger than a village the name you know someone by can be passed along to friends, and with that name goes the implied trust that you pass along with it.

As the Internet has grown from a village to vast anonymous cyberspace, stability of DNS names has become increasingly necessary it is the "glue" that enables links between websites to remain stable over time. These names become handles rather than descriptions.

But this stability is in conflict with the idea of names as tradeable property whose value is in what they "advertise". It is as if top-level domain names such as ".miller" or ".smith" must somehow be tied to "real" people who mill corn or hammer iron.

So instead of migrating to a system of relatively meaningless handles (as surnames have done), the whole DNS community seems bent on a foolish errand to make the DNS namespace a repository of meaning, to go head-to-head with the search engines who do a much better job of capturing meaning.

Rather then being a simple registry, using simple mechanisms like "First come first served", the DNS names have been turned into assignable "property rights". Speculation about what DNS names may be worth continues well past the dot-com crash. And lawyers, presuming that names ought to be valuable, try to craft legal frameworks that impose that value system on the rest of us.

Can this be prevented? Not as long as we insist on the meaning of the names rather than their role as a stable handle. But in this "fools gold rush" it is important to ensure that there is still a "safe harbor" of stability, where a name cannot be usurped merely at the whim of a plaintiff who can convince a court. In the long run, the valuable names with be those that are compatible with intelligent search strategies, but to preserve the stability of the underlying Internet information and processes, we must make sure that inexpensive stable names are available to glue together such things as the World Wide Web and our digital relationships.

A Safe Haven

The DNS is a simple system serving a vital purpose. Each registry stores information records. There are records for providing the IP address of a system with a given handle, records that specify mail delivery routes, other records that can transfer authority to named subdomains, etc. See the technical backgrounder for more details.

Just like an animal threatened with extinction because of its valuable pelt, the DNS is threatened because the identifiers can have commercial value as names. While we cannot save tigers by painting them green, we can preserve the DNS by creating a safe haven of handles that do not have commercial value. Thus, instead of Frankston.com, one may have 123-3.1231.zzz.

These names are just like phone numbers. To avoid confusion, we can refer to these as domain handles.

Just as with phone numbers, one would use a directory service to translate a descriptive name into a handle. Unlike the problems associated with the scarcity of .COM names, the mapping of names into phone numbers is a well-established process within an existing legal framework.

The use of directory services works even better with computers. With current browsers one can type a name directly into the address line and be presented with likely alternatives. The choice can be stored in one's address book.

We can go one step further and allow the phone numbers themselves to be used as handles in a .phone.int domain, though phone numbers themselves are not currently long-term identifiers.

Current Issues

The simple function of assigning names and numbers has been complicated by a focus on the intellectual property issues associated with commercially valuable domain names. These issues are only a side effect of the use of the English alphabet for DNS identifiers. Unfortunately, the result has been to expand ICANN's charter into a role of trying to control the use of the Internet. This threatens the fundamental mechanisms that have allowed the Internet to become the economic engine of the 90's and beyond.

The power of the Internet is in the ability to create infrastructure without a separate wire for each connection. Connections are made using handles such as IP addresses and DNS keys. Making handle assignment political threatens the basic "glue" of the Internet. ICANN can revoke handles and thus invalidate the linkages (such as URLs) that hold the Web together.

In fact, there is no "Internet" as such. The term is applied to the collection of systems that use common protocols and handles. Thus the assignment of handles is a vital function. IP addresses provide the fundamental links between systems. Services, such as the World Wide Web and Email need a permanent handle in order to assure stable and long term linkages.

The difficulty of defining the boundaries of the Internet exacerbates the problem of legitimizing the authority of ICANN thus creating additional controversy.

Separating Politics from Technology

We can separate out the controversial political issues of ICANN from the basic function of assigning names and numbers (handles) by addressing the artificial scarcity. There is no shortage of domain names, just a shortage of ones that have commercial value. ICANN need only assign the next integer for second level domain names. Most domains will be below these so there shouldn't even be a large demand for such names.

These second level registries would be similar to the current top level registries except that there would need be no arbitrary limits such as allowing only one per country. Anyone who has a registered domain can create additional domain registrations at lower levels. These registries have no cost and be easily created and abandoned (if the owner chooses) thus facilitating innovative use of these handles.

The other artificial scarcity is the IPV4 address. This must be addressed in order to provide end point identifiers for the billions of devices that will be connected using Internet protocols. The details of how to implement this are still being worked out with IPV6 being the current specification. But the result must be to make the process of assigning new addresses a clerical operation and the issues of how to route messages a technical issue.

The complex issues of trademarks and intellectual property are not new and have nothing to do with the operation of the Internet. They are only "Internet" issues because of the focus on .COM to the exclusion of other directory mechanisms. Issues of copyright protection and intellectual property are exacerbated by the increased connectivity but are not Internet issues per se.


The "safe haven" approach of creating noncontroversial domain names is remarkably simple and can be implemented within the existing DNS framework. Doing so won't remove the controversies associated with existing names but it will assure that they do not threaten the basic mechanisms of the Internet.

The Safe Haven doesn't require any technical changes to the DNS; it just opens one new top level domain and a small number of second level domains to ease the technical and managerial burden on the DNSO.

Appendix: Q&A

ICANN was created by Congress to address trademark and other issues. Why is this proposal directed at ICANN?

One reason is that the DNSO, which manages the DNS, reports to ICANN so it does have responsibility. This proposal gives ICANN a way to assure the technical viability of the IP Infrastructure by providing leadership and drawing a line between the technology and the policies.

This proposal does nothing to resolve the issues with .COM. People will still want their vanity names.

True. But the problems with .COM are fundamentally intractable. They do not, for example, reflect the use of geography and industry classifications that are vital to resolving names. Guessing a .COM name doesn't hint at other's who might have the same business name. .COM is simply unable to provide easy-to-guess names for individuals whose names are not unique. Instead, this proposal is the basis for a cleaner approach that doesn't inherit from .COM.

How do I tell someone my URL if I can't give them a simple name?

We've already developed many ways to deal with this for phone numbers. If you can't get a person (or company) phone number directly, you go to one of the directory services. The growth of national directory services in the US (and, eventually, world wide) demonstrates the improved capabilities for providing such services. These can handle URLs just as easily. Even better since the same technology obviates the need for retyping the URL. If one looks up the number online the URL is already on the computer and can be automatically stored in the local address book. Try typing a name into a recent browser. If it's a company name, you'll see a proposed first choice and other likely choices. It's as easy as typing the .COM name with the added advantage of identifying alternatives. Without the bias towards .COM there can be an effective marketplace for such services. Specialized services would do a better job in their areas of expertise such as business-to-business, school friends, genealogical searches etc.

How does this new "Safe Haven" actually work. Will there be a massive registry will billions of entries?

While a single massive directory might work, it isn't necessary and is probably not a good idea. Instead, the DNSO can make it easy for others to provide the services. Any organization (or individual) requesting an entry in the new hierarchy (or Top-Level Domain) would be assigned one. Each name would be of uniform length, perhaps a mixture of letters and digits. One question is whether there should be any requirements of performance or an escrow mechanism so that those who register with these registrars would have some assurance of permanence. But there is no need to extend such governance to additional levels.

But typing this new names will be difficult since they will be hard to remember and hard to type.

There should be little reason to type a URL. It's already the case that many URLs are long. The favorites mechanism and, of course, clicking obviate the need for typing. As noted, one can type a name rather than the URL on the address line in the browser. The same search tool can be made available wherever it is useful to type a URL. One other refinement is to integrate the local address book and favorites list into this search. These are technologies that are already available and just need to be refined.

Don't we get the same problem with Real Names and the other new services?

Some of the providers will do a better job than others and some will seek advantage by tactics such as getting their names embedded in URLs. But unlike the stranglehold of .COM, a marketplace for such services will serve to limit the degree to which one player can recreate the current dominance of .COM

What about cybersquatters, pirates and child pornography?

Cybersquatting becomes moot in the absence of this artificial scarcity. The other issues are associated with how the Internet is used. The traffic on the network itself consists of bits that have no meaning. Controlling illegal behavior is indeed a societal issue. But it cannot be addressed by building "smarts" into the Internet. The only effect is to frustrate those trying to enforce rules and, worse, make it difficult to use the Internet for other purposes. Appeals to protect children must be viewed with suspicion Not because protecting children is not vital (it is indeed important) but because such appeals can be used to mask bad policies and hidden agendas.

Isn't it too late to do any of this?

No. This proposal doesn't require any new mechanisms and it doesn't require changing current behavior. What it does is assure that there is a reliable system for stable handles. The issue of resolving .COM conflicts still exists but is no longer critical. It is possible to create new and better solutions. By taking the pressure of .COM, the problems won't get worse and can become less important in the face of much better alternatives.

What if one company becomes dominant and thus has the same control as .COM

It's a very big world (and not just the United States) with lots of players competing. We see examples in the search engine and directory services. The big opportunity for competition is in moving beyond simple naming services to matches based on other criteria such as how close a store is or what other products it sells. In the worst case, it's still a much better situation than we have now since that provider will not still not control the underlying linkages and will not have official authority over the naming system. Thus the dominance can be challenged without damaging the underlying infrastructure.

Isn't the IP address more appropriate as a technical handle?

The IP address cannot serve as the handle for applications because it is associated with a system rather than applications. One can create a DNS name for each application. The URL is more appropriate, but it still is dependent upon the DNS name. In practice, the IP address is more problematic since it is generally considered to be owned by the access provider and is frequently reassigned as the Internet routing changes.

Why not just create .SHOP and .PIZZAWITHANCHOVIES as top level domains in order provide for more names and remove conflicts?

Because it makes things even worse. It means that each business must declare the type of business it is in an unambiguous taxonomy that doesn't reflect the complexities of the real world. Nor does it remove conflicts between Joe's Pizza in Cleveland and the one in Singapore. What is the domain for the sandwich shop/dry cleaning business (a real example). And it doesn't do anything for the "John Smith" problem. This proposal is part of what is most frightening about mixing social policy with technology. It builds a naive and short-sighted "solution" into the infrastructure and exacerbates the problem. This is part of the reason why it is so vital that we create a "safe haven". This of .good and .bad why they can't work.

How can I start using these new "meaningless" URLs without waiting for it to be fully implemented?

Browsers and servers generally support redirect capabilities. You can still advertise a simple public name such as http://www.myeasyname.old and have it translated into http://188828281282232.numbers/MyEasyName. This user won't have to type the new names but it will be provided by the browser in response to the simple name for future connections. You can include a descriptive name as part of the path so that can understand the URL even if it is hard to remember.

What Else?

This document is a "work-in-progress" as I discover more issues and improve my understanding. Rather than rewrite this document, the goal is to work with others to produce an implementation proposal.


This is the point mode in the "It's even Worse!" section. The problem is exacerbated because URL's are used in many contexts. For example, they are used to create unique namespaces for XML as well as provide the definitions and presentation templates for XML.

Mistyped names!

After typing http://www.microsoft.com or other variations, the problem confusion of the DNS with a directory service is even more evident. Trademark law protects not just the exact name but other names that could be confused. Thus Lexus the car and Lexis the search service went to court to resolve their issues. Eventually both were allowed because they were in different industries. In the DNS neither problem is addressed. Theft by similarity is rife and there is no concept of "different industry". Creating the crime of "Cybersqautting"is a clumsy attempt to address the similarity issue.