[dns-operations] DNSSEC undoing independence of root-zone operators

Patrik Fältström patrik at frobbit.se
Wed Feb 16 07:20:27 UTC 2011

On 16 feb 2011, at 03.16, David Conrad wrote:

> If the Illuminati or the Unified World Governments (or the USG) decided to force an inappropriate change into the root, there would be an instant political "discussion" that would result in resolver operators being forced to choose which namespace they want to use, regardless of whether the root zone is signed or by whom.


The regulative force today is on the resolver operators in the world. Not the zone creators. And we see many many more "events" that we might not like regarding control of the resolvers today than the zones.

> Contrary to what you appear to believe, the root server operators are not and never have been the Root Zone Police.  Trying to put them into that roll is a waste of time.  There are (arguably) useful additional checks and balances that could be imposed into the root zone management process (at the cost of additional complexity and latency for changes) irrespective of DNSSEC, however attempting to push those checks and balances onto the secondary server operators is just broken: it ain't their job.

Well written. I do not have anything else to add.

Whatever problem you try to solve, you are not solving it.


More information about the dns-operations mailing list