ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

RE: [ga] Re: Registries & Security Safeguards

  • To: "Gomes, Chuck" <cgomes@xxxxxxxxxxxx>, Stephane Bortzmeyer <bortzmeyer@xxxxxx>, Danny Younger <dannyyounger@xxxxxxxxx>
  • Subject: RE: [ga] Re: Registries & Security Safeguards
  • From: Hugh Dierker <hdierker2204@xxxxxxxxx>
  • Date: Sat, 16 Sep 2006 08:43:36 -0700 (PDT)
  • Cc: ga@xxxxxxxxxxxxxx
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=TZlXfH5ol/jvWJIkUuaI8X6482bSBQD/9iA6xvgLJ2zSgEoKiP5GN4nIdIvHFBa4Ds3MghPNsd40sLcId5A38bUhGcYDg2kbSc7sBiF1iZpfm5LwnXOo3TiGeCp3cFehkRlEHusq86p51qAYDw2RJDeEASegi2dWwL9R1R47euQ= ;
  • In-reply-to: <046F43A8D79C794FA4733814869CDF070179D61E@dul1wnexmb01.vcorp.ad.vrsn.com>
  • Sender: owner-ga@xxxxxxxxxxxxxx

Chuck,
  Thankyou for that clarification. Could you provide the poly background on that?
  Particularly; Was there resistance to such a schematic? How independent is it today?
  Compared to being dependent is it more expensive?
   
  I know some details cannot and should not be given but if you could answer in general it would be appreciated.
   
  e 

"Gomes, Chuck" <cgomes@xxxxxxxxxxxx> wrote:
  Stephane,

I appreciate your thoughtful response but would like to simply note one
clarification. ATLAS was not derived from BIND and shares no code
whatsoever with BIND. One of our goals in designing and implementing
ATLAS was to increase our DNS software diversity by eliminating any
dependency on or shared code with BIND.

Chuck Gomes
VeriSign Information Services



> -----Original Message-----
> From: owner-ga@xxxxxxxxxxxxxx 
> [mailto:owner-ga@xxxxxxxxxxxxxx] On Behalf Of Stephane Bortzmeyer
> Sent: Friday, September 15, 2006 4:42 AM
> To: Danny Younger
> Cc: ga@xxxxxxxxxxxxxx
> Subject: [ga] Re: Registries & Security Safeguards
> 
> On Thu, Sep 14, 2006 at 11:41:49AM -0700,
> Danny Younger wrote 
> a message of 25 lines which said:
> 
> > "An expert 
> 
> I may question the word "expert", regarding that document. There is a
> lot of FUD, and few technical details (and mostly wrong).
> 
> > report released today concluded that in proposals for the .com,
> > .biz, .info and .org registries, the Internet Corporation for
> > Assigned Names and Numbers (ICANN) has failed to ensure adequate
> > security safeguards."
> 
> Well, most readers of that list will be happy to learn that the DNS is
> at risk because ICANN takes "bottom-up representation" *too* seriously
> :-)
> 
> > The report, written by leading security technology expert Jerry
> > Archer
> 
> Sic
> 
> > entitled "DNS -- A System in Crisis" recommends that oversight,
> > planning and testing provisions be implemented in the proposals to
> > run these registries before they are finalized.
> 
> Basically, it suggests to move ICANN to a sort of security agency,
> exercizing a very close and detailed monitoring of registries. I do
> not even know if the US FAA monitors the airline companies as closely
> as the "expert" would like the ICANN to monitor the registries
> (including "on-site inspections").
> 
> Some stupid technical mistakes (the author seems to be very far from
> DNS server management):
> 
> 1) "ICANN has failed to develop competition or otherwise drive
> diversity into DNS development, creating a monolithic DNS subject to
> systemic attacks. DNS software is generally some version of
> BIND. VeriSign is the notable exception, having developed its ATLAS
> system in 2002."
> 
> [What, nsd or ANS do not exist? The "expert" does not even know that
> Atlas is derived from BIND.]
> 
> 2) Absolutely no mention of anycast (even when talking about the 2002
> attack on the root name servers, which triggered its massive
> deployment).
> 
> 
> 



 				
---------------------------------
Want to be your own boss? Learn how on  Yahoo! Small Business. 


<<< Chronological Index >>>    <<< Thread Index >>>