<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [dssa] what topics are in-scope, and why
- To: Greg Aaron <gaaron@xxxxxxxxxxxx>
- Subject: Re: [dssa] what topics are in-scope, and why
- From: SM <sm@xxxxxxxxxxx>
- Date: Fri, 09 Sep 2011 16:48:29 -0700
Dear Greg,
Please note that the following is my individual opinion.
On 9/8/2011 10:11 AM, Greg Aaron wrote:
> As you say, it is not ICANN's role to fix protocols. However, we are
> chartered to point out relevant problems. Flaws in the DNS protocol are by
> definition intrinsic to the DNS itself. For example, the Kaminsky Bug
> allowed attackers to perform cache poisoning on most nameservers. A bug
> like that offers a widespread exploit of the DNS.
This group can point to relevant problems in DNS, e.g a flaw in the
protocol that has or may have operational impact. Fixes to the protocol
is better left to the relevant technical venue.
If we use wording such as "flaws in the protocol itself", we will end up
having to do a technical assessment of the protocol flaw and proposing
specific technical fixes. The wording you suggested is okay internally
but I would advise caution in using that in publicly accessible material.
> Regarding alternate roots: a fractured DNS means that the resolvability and
> predictability we currently enjoy would go away. Queries to a domain name
> could go to two or more registries each claiming to be authoritative for
> that name, etc. ICANN's core mission is about the uniqueness of identifiers
> at the root and TLD levels, and maintaining it. (See also: fast-track IDN
> TLDs, and the nTLD program.) So challenges posed to a unified root are in
> scope to discuss.
I agree that a fractured DNS is not a good idea as DNS name space was
designed to use a globally unique root. The fracture can occur if
people use alternative root zones or if the root servers do not serve
the same root zone.
DNS queries follow a referral. I don't view registries as being a
problem unless they are used for an alternative root zone. It is not in
their interest to do so anyway.
There has been challenges to a unified root. It does not have much to do
with security and stability unless you stretch that to include things
that are not in the interest of the various bodies participating in this
working group.
If the group takes on the problem of fractured DNS, it may end up having
to review ICANN contracts with registries if I follow what you said above.
> Are you swayed, or can you tell us more about your thinking?
See above. BTW, thanks for taking up the discussion on the mailing list
as it makes it easier for anyone to respond at their own time.
Regards,
-sm
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|