Re: [ga] Re: Registries & Security Safeguards

[Martin Hannigan <hannigan@xxxxxxxxxxx>]

A
t 04:41 AM 9/15/2006, Stephane Bortzmeyer wrote:
> On Thu, Sep 14, 2006 at 11:41:49AM -0700,
>  Danny Younger <dannyyounger@xxxxxxxxx> wrote
>  a message of 25 lines which said:
>
> > "An expert
>
> I may question the word "expert", regarding that document. There is a
> lot of FUD, and few technical details (and mostly wrong).
>
> > report released today concluded that in proposals for the .com,
> > .biz, .info and .org registries, the Internet Corporation for
> > Assigned Names and Numbers (ICANN) has failed to ensure adequate
> > security safeguards."
>
> Well, most readers of that list will be happy to learn that the DNS is
> at risk because ICANN takes "bottom-up representation" *too* seriously
> :-)


Not really. They've been pretty hands off if you look at the
results, at least in the root operators realm. I did a presentation
probably not as detailed as that one, but this fit into a 10 minute
window and seemed quite informative:

http://www.nanog.org/mtg-0606/pdf/lightning-talks/1-hannigan.pdf#search=%22root%20dns%20jurisdiction%20hannigan%22

The largest problem in the root DNS is that there are not
enough of them, both servers and operators. You could
improve this situation by urging carriers to operate their
own root servers, a-m, and simply use the routes outside of
their borders as backup. This would provide a far better
security mechanism as well as a superior user experience
over all root servers except perhaps VeriSign J-ROOT. I'd
call the VeriSign J a good argument for commercialization of
the entire root to be honest.

Sorry about the translation for some. It was created on a MAC
and doesn't copy well to Windows. One of those projects I'll
"get around to".


-M<