nanog mailing list archives
Re: The whole alternate-root ${STATE}horse
From: "Jay R. Ashworth" <jra () baylink com>
Date: Sat, 9 Jul 2005 13:34:25 -0400
On Sat, Jul 09, 2005 at 11:46:11AM -0400, Todd Vierling wrote:
On Wed, 6 Jul 2005 Michael.Dillon () btradianz com wrote:1. Security ("man-in-the-middle").VPNs, SSH tunnels, etc. There are ways to solve this problem.You would use a VPN or SSH tunnel to do what? That's orthogonal to DNS security issues, and illustrates that you haven't read DNSSEC and/or 2826.2. Common interoperability.We do not currently have common interoperability for a whole range of protocols.So what? DNS is one of the protocols where interoperability is not just desirable, it's MANDATORY. Businesses and individuals expect that when they publish an e-mail or Web site hostname, that it be theirs and only theirs no matter where on the Internet it is accessed. FQDNs are considered fixed points of entry, and alternate roots put that name resolution at risk. (But if you had actually read RFC2826, you would already understand this.)
I'm going to dive in one more time here. It's not the *root* operators that are the problem -- it's the *TLD* zone operators.
Introducing fragmented TLDs or the opportunity to supplant the common TLDs places the DNS infrastructure at risk. This is not just FUD -- DNS hijacking in alternate roots has already happened. (But if you had actually read RFC2826, you would already understand this.)
"infrastructure at risk". Justify this *far-reaching* statement, please. Show your work.
and I appreciate the IAB's comments, but it was written at a time when we didn't have as much experience with rootless networks as we do now.The DNS is not a rootless network, so this is a pointless comment.
That response appears to assume facts not in evidence in his comment.
On the flip side, there was quite a bit of experience with alternate DNS roots at the time RFC2826 was created -- AlterNIC, which was run and advocated by people just as blinded by ignorance as you. Oh wait, your name wouldn't *actually* be Jim Fleming, would it?
<chuckle> Cheers, -- jra -- Jay R. Ashworth jra () baylink com Designer Baylink RFC 2100 Ashworth & Associates The Things I Think '87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system administrator. Or two. --me
Current thread:
- Re: The whole alternate-root ${STATE}horse, (continued)
- Re: The whole alternate-root ${STATE}horse Tony Finch (Jul 06)
- Re: The whole alternate-root ${STATE}horse Todd Vierling (Jul 06)
- Re: The whole alternate-root ${STATE}horse Michael . Dillon (Jul 06)
- Re: The whole alternate-root ${STATE}horse Todd Vierling (Jul 09)
- Re: The whole alternate-root ${STATE}horse John Palmer (NANOG Acct) (Jul 09)
- Re: The whole alternate-root ${STATE}horse Valdis . Kletnieks (Jul 09)
- Re: The whole alternate-root ${STATE}horse Stephen J. Wilcox (Jul 09)
- Message not available
- Re: The whole alternate-root ${STATE}horse Jay R. Ashworth (Jul 09)
- Message not available
- Re: The whole alternate-root ${STATE}horse Jay R. Ashworth (Jul 09)
- Re: The whole alternate-root ${STATE}horse John Palmer (NANOG Acct) (Jul 09)
- Message not available
- Re: The whole alternate-root ${STATE}horse Jay R. Ashworth (Jul 09)
- Re: The whole alternate-root ${STATE}horse Todd Vierling (Jul 09)
- Message not available
- Re: The whole alternate-root ${STATE}horse Jay R. Ashworth (Jul 09)
- Re: The whole alternate-root ${STATE}horse Todd Vierling (Jul 09)
- Re: The whole alternate-root ${STATE}horse John Palmer (NANOG Acct) (Jul 09)
- Re: The whole alternate-root ${STATE}horse william(at)elan.net (Jul 09)
- Re: The whole alternate-root ${STATE}horse John Palmer (NANOG Acct) (Jul 09)
- Re: The whole alternate-root ${STATE}horse Valdis . Kletnieks (Jul 09)
- Re: The whole alternate-root ${STATE}horse James R. Cutler (Jul 09)
- Message not available
- Re: The whole alternate-root ${STATE}horse James R. Cutler (Jul 10)