[dns-operations] Perils of Transitive Trust, followup.
Stephane Bortzmeyer
bortzmeyer at nic.fr
Fri May 5 20:09:26 UTC 2006
On Fri, May 05, 2006 at 03:35:55PM +0000,
Suzanne Woolf <Suzanne_Woolf at isc.org> wrote
a message of 70 lines which said:
> The analysis of implementation bugs [...] it says nothing about the
> underlying issues of either protocol quality
I partly share your concern: the academic papers about CoDoNS are good
but the "executive summary" papers like the presentation at RIPE-52 or
the BBC paper (http://news.bbc.co.uk/1/hi/technology/4954208.stm) are
less strict and mix issues like protocol and implementation.
As far as I understand, the reasoning of the CoDoNS people is that
implementation bugs, something which exist on every program, are more
serious for the DNS because a byzantine server (wether it is 0wNed
through a bug, or simply managed by accomplices of the bad guys) can
change the data. I must confess that I did not understand how CoDoNS
deal with byzantine servers.
> Where is the protocol documented? I've read your web pages and your
> academic papers, but they're not the requirements analysis, the
> protocol design document or the specification. The architecture
> document on the CoDoNS website appears to be about a page.
The academic paper "The Design and Implementation of a Next Generation
Name Service"
http://www.cs.cornell.edu/people/egs/papers/codons-sigcomm.pdf is much
more than a page. But it is not a protocol specification like a RFC
is. It would be an interesting (although non trivial) exercice to
write an Internet-draft describing CoDoNS.
Also, to understand CoDoNS, you also need to understand the underlying
technologies, like Pastry
(http://research.microsoft.com/~antr/pastry/), the DHT system.
> (e.g. the description of the "home node" for a name doesn't tell me
> how "neighboring nodes" to be standby "home nodes" are chosen,
Excuse me but it seems here that you did not read the paper:
If the home node fails, the next closest node in the identifier
space [the Pastry identifier, randomly choosen and organized as a
circular list, so a node is the neighbour of the two nodes which are
the closest in that space, the details are in the original Pastry
paper], automatically becomes the new home node.
More information about the dns-operations
mailing list