[dns-operations] root? we don't need no stinkin' root!

Thomas, Matthew mthomas at verisign.com
Tue Dec 3 17:11:01 UTC 2019

Verisign has a long track record of working with trusted researchers, universities, and an array of partners to publish a significant amount of research and peer-reviewed work on the topic of name collisions, sharing insights from our unique observation space as a root server operator – see [1] for some examples. We’ve also invested extensively to collect and perform longitudinal analysis on various aspects of this data and make the findings available to the community for consideration, as illustrated in the long list of citations available at [1] on name collisions, as well as other more recent topics (e.g., to inform KSK roll planning [2]).  If you have technical concerns with that work, we welcome your feedback.

As Duane noted, we do NOT monetize root server data.

Conflating those things with the RZM function is not helpful in this context, and to the extent you want to access RZM-related data, ICANN / PTI has it and is very transparent with it already, IMO.

You’re certainly entitled to your opinion about the results of the studies we’ve worked on, but your comments about the motivation behind those studies are wrong, unsupported by facts, and frankly out of bounds.  We won’t have anything else to say on this matter.

Matt Thomas

[1] https://mm.icann.org/pipermail/ncap-discuss/2019-April/000008.html
[2] http://www.circleid.com/posts/20191126_recognizing_lessons_learned_from_the_first_dnssec_key_rollover/

From: dns-operations <dns-operations-bounces at dns-oarc.net> on behalf of Rubens Kuhl <rubensk at nic.br>
Date: Friday, November 29, 2019 at 8:38 PM
To: "dns-operations at lists.dns-oarc.net" <dns-operations at lists.dns-oarc.net>
Subject: [EXTERNAL] Re: [dns-operations] root? we don't need no stinkin' root!

The data could have monetary value.  Passwords that are otherwise
difficult to come by might be leaking.

Hi Florian,

I can assure you that Verisign does not monetize the root server data.  If
any other operators do, I'm not aware of it.

We do utilize root server data for research purposes from time-to-time.
Recent examples include the KSK rollover and name collisions.  Less recent
examples include understanding TTL/caching behavior and preparing for the
root ZSK size increase.  When DDoS attacks happen, we often analyze the
data to see if we can understand how and why it happened, and to be better
prepared for the next one.

Note that the two paragraphs above contradict each other. The current RZM is known to use root server data as anti-competitive measures against new TLD operators with the label of name collision studies, including making studies that other parties can't reproduce due to being limited to DITL data.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20191203/604d44a4/attachment.html>

More information about the dns-operations mailing list