[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers
Edward Lewis
Ed.Lewis at neustar.biz
Thu May 22 12:32:35 UTC 2008
At 14:10 +0800 5/22/08, Joao Damas wrote:
>if DNSSEC was in use then the origin of the data wouldn't matter, and
>that includes the root zone.
During the incident, the data returned was coherent with the rest of
the root servers, so the origin wasn't an issue. (Harking back to
why DNSSEC wasn't the solution to this incident.)
>stating that a system has certain properties does not imply some other
>system can not have the same properties, so your statement above can not
>imply that some other system can not guarantee good working order
I never said that bureaucracy was the only way to go, not any
guarantee. And no email could ever contain a complete analysis
recommending an approach - I am sure that there are many details I
omitted. Heck, bureaucracy is seen in a negative light because many
set ups have been corrupt (political machines).
(My thoughts here are triggered by comparisons of the current and
previous IP address allocation system. Currently we have in place
the RIRs and the formal agreements they require. Compared to the Jon
Postel informal agreements that now come to haunt us - and this
incident being tied to the uncertainty of that era - the formalism of
IP address assignment is a big win.)
Based on my knowledge of world history though, the trend is away from
benevolent oligarchies and towards stodgy public institutions.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
Never confuse activity with progress. Activity pays more.
More information about the dns-operations
mailing list