Home / Blogs

Unclear on the Concept, Sanctions Edition

John Levine

United Against Nuclear Iran (UANI) is an advocacy group that, among other things, tries to isolate Iran by pressuring businesses and organizations to stop doing business with Iran. This week they turned their attention to ICANN and RIPE to try to cut off Internet access to Iranian organizations. Regardless of one's opinion about the wisdom of isolating Iran (and opinions are far from uniform), this effort was a bad idea in an impressive number of both technical and political ways.

Their letter to ICANN demanding that they:

1. Terminate its relationship with and deny any Iranian entity or person that has been sanction-designated by the United States, the European Union and the United Nations access to and revoke previously assigned Domain Name System ("DNS"), Internet Protocol ("IP") addresses, space allocation, protocol identifier assignment, generic ("gTLD") and country code ("ccTLD") Top-Level Domain name system management, and root server system management functions;
It lists a variety of web sites of sanctioned organizations, including http://www.mut.ac.ir/ http://www.cbi.ir, http://www.bankmaskan.ir, http://www.bmi.ir, http://www.banksepah.ir, and http://www.khatam.com that they want ICANN and IANA to cut off.

Technically, this is ridiculous. Even if IANA wanted to block or disable individual domain names, they can't, because the DNS doesn't work that way. They manage the top level delegation to .IR and .COM, but the internal structure of those domains are managed by the Institute for Studies in Theoretical Physics and Mathematics in Teheran (which is not on the sanctions list) and Verisign, respectively. Politically, cutting off a top-level domain from the root is a complete non-starter. Even though the US government has had its thumb on the root zone since the day the DNS first went live, it has never interfered with countries' management of their ccTLDs, even countries like Cuba and North Korea that the US really doesn't like. Were the US to try to disable .IR, it would provoke a huge international outcry, and not just from countries sympathetic to Iran.

Their letter to RIPE is no better. It demands that RIPE:

1. Terminate its relationship with and deny any Iranian entity or person that has been sanction-designated by the United States, the European Union and/or the United Nations access to and revoke previously assigned internet number resources, including Internet Protocol ("IP") addresses, domain names, and Autonomous System Numbers ("ASNs");

They go on to cite the same web sites they do in the ICANN letter.

Again this is ridiculous for both technical and political reasons. The technical problem is that a web site is not a network, and all the web sites they list are on networks shared with other entities not on the sanctious list. Furthermore, a registry like RIPE just does bookkeeping, and doesn't control anyone else's network. Even if RIPE hypothetically revoked the allocations, the Iranian networks could just keep using them, because each network decides what IP addresses they use, and the only way to keep a rogue network from using someone else's addresses is for other networks that connect to the rest of the net to refuse to route traffic to those addresses. (Of course, if the connecting networks were so inclined, they could block traffic regardless of what RIPE did.)

Politically, RIPE has allocation rules, and again, if they didn't follow them, an international incident would ensue. While it would probably be fine with UANI to cut off all the other entities that share the IP and other allocations used by their target organizations, it would not be fine with RIPE or RIPE's other members and clients.

UANI appears not to have done even the most rudimentary research to find out whether their demands to ICANN and RIPE were reasonable. One theory was that it was deliberate, they're PR hounds, and it worked since the letters got them a mention in the New York Times (see the last three paragraphs.) Another is that it just didn't occur to them that they didn't understand what they were asking for. Personally, I think the second explanation seems a lot more likely.

By John Levine, Author, Consultant & Speaker. More blog posts from John Levine can also be read here.

Related topics: ICANN, Internet Governance

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


To post comments, please login or create an account.

Related Blogs

Related News


Industry Updates – Sponsored Posts

IBCA Presentation to ICANN GAC on Protection of Geographic Names in New gTLDs

Season's Greetings - 2014 End of Year Message from DotConnectAfrica

Domain Name .Africa Faces Hurdles - Q&A with Sophia Bekele

ICANN Los Angeles Recap Webinar

Afilias Director Wins ICANN's 2014 Leadership Award

Auctions Update: MMX Wins .law and .vip

DotConnectAfrica Contributes at the 9th IGF in Istanbul, Turkey

DotConnectAfrica Trust Responds to ICANN 50 GAC Advice, Updates on .Africa Application IRP Status

Video Interviews from ICANN 50 in London

ICANN London Recap Webinar

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

Sophia Bekele Weighs in on Obama's August US-Africa Leader Summit at the NYF Africa

Victorian Government & ARI Agree to Long-Term .melbourne Partnership

DotConnectAfrica's Expert Selected to Attend the Hague Institute of Global Justice

DotConnectAfrica Delegates Attend the KHRC Internet & Human Rights Breakfast Roundtable in Nairobi

Internet Business Council for Africa Participates at the EU-Africa 2014 Business Forum, Brussels

Afilias Chairman Appointed to Domain Name Association Board

SPECIAL: Updates from the ICANN Meetings in Singapore

DotConnectAfrica Statement Regarding NTIA's Intent to Transition Key Internet Domain Name Function

Afilias Joins Internet Technical Leaders in Welcoming IANA Globalization Progress

Sponsored Topics



Sponsored by


Sponsored by
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines

DNS Security

Sponsored by