CIRA election mess

Thank for the replies. I received 27 replies… this linkedin thing is actually useful. Although there was no way for me select people who were in Canada, and therefore likely to own a .ca domain. I had to go through my linked in contacts and select things one by one… so I might have picked a couple of people by mis-click of mouse.

This email is just generated normally. Here is a summary of the pain which is CIRA, but first some quick answers.

You do need to be the admin-c for a .ca domain to vote. Further you need to have elected to be a member of CIRA in order to vote. You get one vote per person. Sorta of. It’s one vote per unique admin-c, so if you have three domains, two of them with ad the admin-c, and one with, then you can vote twice.

One of the things that I would like to change at CIRA is this silly process. It should either be one vote per person, or one vote per domain. One vote per person is actually difficult to enforce, because there are big ISPs that would just list different people for each domain.

A second thing that I am concerned about it the complexity and difficulty in dealing with CIRA. Their emails are not sent reliably (many people I’ve talked to complain about this), and there are both too many useless emails, and still, too little visibility into what they are actually doing.

A third thing is the elections and AGM process. Many of you couldn’t figure it out, and neither could I. See below. CIRA has finally adopted a reasonable threshold of 20 endorsers to be on the slate (as recommended by an ICANN committee and I think also, WISC). Their AGMs are not well attended, and their attempts to webcast it have been dismal failures. Some of you will remember that CIRA decided that they had to enforce having Java+Javascript on in order to let you vote, and had no concerns whatever for our rights to keep our computers secure.

A fourth concern I have is the abandonment of the munipical domain system, and the rampant squatting in the top-level zone. I would have much preferred to keep reserved for organizations that could demonstrate some kind of national trademark (such as, for instance, a federal incorporation), as that would have kept the squatters out. Once someone squats on, say,, the rules don’t permit, say, a cycling group in Ottawa to have, while one in Calgary has Not only does this permit more logical zone names (ones you probably can guess… imagine!), but it also permits more groups to be members. I would have proposed that longer names would have lower prices. This could be done by making the registration good for more than one year, so as not to increase the overhead costs of processing the payments. You may not agree with me, but CIRA never asked you, that’s part of the problem.

A final thing is technology. CIRA is not ahead, and they are not leveraging things properly. On the one hand, they spend big chunks of money on an Oracle license (to keep the list of zones in), and on the other hand, they spend no money on a bind9 maintenance agreement, because, they can get bind9 for free. They don’t run the IETF standard provreg EPP system (at least they didn’t last I checked), which means that your registrar has to run custom software to talk to CIRA. Different software than to talk to .com. This also means that CIRA is simply unprepared for securing DNS, something that Sweden, Germany, Brazil, Porto Rico, and soon, .gov is doing. (The latest attack on the unsecured protocol takes 10 packets to impersonate your zone…)

Why you can’t show support for me!

Their process is supposed to go like this: a) you get nominated. b) at the end of the nomination period, the nominated get a login to finish filing out some forms, i.e. to make sure you are a real person, and haven’t been bankrupt, etc. c) people show support, you need 20 endosers to be on the slate. d) then there is an election.

As far as I could tell, there was a step between (a) and (b), where CIRA would review the name, and having thrown out silly ones, would contact the nominated. Apparently not. The email with the password goes out immediately. (Why I need another password is beyond me. I think that owning a CIRA zone should be a prerequesite for being a board member!)

CIRA doesn’t try very hard in their email system in my opinion, and on July 20, having not received any password from them, or any link to their system which would re-send my password, I contacted them. The deadline was Monday July 23, 6pm. I exchanged a number of emails with their coordinator, and finally, at 5:50pm, I got a new password (I was in Chicago, at IETF, in meetings). I wasn’t fast enough to get in before 6pm. I complained more. They spent a WEEK thinking about it, and then said that they couldn’t adjust their software, because their software was SO secure and it would mess it up.

Frankly, the above behaviour is one of the reasons I think the organization needs a kick in the pants. The boards have featured at most one pseudo-techie, and essentially no people with actual technical Internet management experience. Instead, it has been lawyers and bad marketroids, and the result has been excessive bureaucracy, and little actual progress on the real technical things that matter.

So, that’s my story.

If you want to get involved, I would urge you to read the other nominated candidates profiles and “show support” for them. Don’t vote for the nominations committee list of members. Boot them all out.