Protecting the Internet's Domain Name System

[InfoSec News <isn () c4i org>]

Forwarded from: Bob <bob () globaldevelopment org>

Comments from "CaveBear", Karl Auerbach, who took legal action against
ICANN and won, and who has now been elected a member of ICANN's Board.

Bob
http://www.globaldisaster.org

-=-

Protecting the Internet's Domain Name System

ICANN is now taking a look at the actual stability of the net - this
is both refreshing and proper.  And it's about time.

Let us take a moment and ask ourselves: Why, on an Internet that was
originally designed to survive a nuclear holocaust, is this DNS thing
seemingly so vulnerable?

The reason is pretty obvious: Nearly every other part of the Internet
is based on the concept that the individual parts should be able to
operate independently.  But of all the parts of the Internet, the
Domain Name System has a clear heart, a singular point from which all
other parts radiate.  On most of the net, if one damages a part, the
rest of the net will remain and will function.  With DNS as it is
presently deployed, if one damages the heart, then the rest of DNS
becomes uprooted and lost.

(This note will come back to this singular vulnerability of DNS and
ask the question "why", but that will be a bit later.  In case you
need instant gratification - here's a preview: DNS could be more fully
distributed and its singular point of vulnerability eliminated.  The
deeper question will thus be: Are we intentionally refusing to
consider, much less adopt, a solution that could give to DNS the same
near invulnerability that adheres to the rest of the Internet?  Are we
captives of our own dogma and blinding ourselves to solutions?)

Full story at http://www.cavebear.com/rw/steps-to-protect-dns.htm



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.