Photo Op: You too can have your picture taken with reply

Richard Forno rforno at
Fri Nov 16 04:17:08 UTC 2001

(warning: former netsol employee):

Politicos like flashing lights and such. When we gave VIP a-root tours at
NetSol, it was so they could reach out and 'touch' the server and become one
in spirit with the box. From a marketing (or lobbying!) perspective, this
was a very big draw for us, and for politicos it was like going to the
Vatican to experience the "laying on of hands" only in cyberspace.

In some rare cases, there were some politicos that actually GOT IT and
understood what the reality of things were.....but most gave things their
token nod of approval as if to thank us for a catered meal and chance to get
outside the Beltway away from the office for a while. There were some
Senators that visited us so many times I was ready to issue them employee
badges and get them a desk outside the data center - fortunately these two
were the more 'informed' of the group and asked a lot of "right questions."

But in the grand scheme of things - VRSN or anywhere else in any industry -
seeing guards in starched shirts and being told that biometric controls
prevent unauthorized access are only part of the total security picture, yet
that image gives the uneducated the warm fuzzy feeling that all is secure.
The equivalent is assigning the National Guard to patrol the airports, when
in reality, they do little if any real good to improve the security posture's just public relations. The earlier post by someone that said
the DNS security issues are outside of the DC area is probably a fair
statement, too.

While VRSN has their own fair share of issues elsewhere, as far as the
Registry side of their business goes, they have their act pretty squared
away, and have been on top of things since becoming a standalone business
unit. I always felt the Registry team really cared about security issues -
both managers and techies - and things actually got done that led to
generally-effective security and operational success. They didn't just pay
it lip service. (Of course, if and how ICANN's new "anti-terror" agenda will
factor in is anyone's guess.)

As to why politicos go there every time, it's probably a "ceremonial" thing
more than anything else - the so-called "center of the internet" isn't at
AOL, MCI, or anyplace else, and besides, VRSN purports to be a security
company, so why not spin that angle up in today's post-0911society?

(former netsol employee)

> From: Sean Donelan <sean at>
> Date: Wed, 14 Nov 2001 19:15:16 -0500 (EST)
> To: Daniel Golding <dgolding at>
> Cc: nanog at
> Subject: RE: Photo Op: You too can have your picture taken with
> On Wed, 14 Nov 2001, Daniel Golding wrote:
>> Interestingly, this revolving photo op with the A root name server has been
>> going on for several years. To those who are not very technical, there is
>> something uniquely reassuring about the idea that the internet has a
>> "center" or a "brain". It is difficult to say why, but I speculate that the
>> idea that the internet is easier to cripple or destroy helps government
>> officials sleep at night, because it maintains the illusion of control.
>> Distributed systems are much harder to control, and are disconcerting to
>> those who's task is control of systems rather than their perpetuation.
> I'm more annoyed at the politico's than verisign.
> The Department of Commerce issued a press release announcing their
> trip.  There are more root name servers around washington dc than any
> where else in the world.  With all the choices, if they are concerned
> about security why do they always go to the same place?
> Touring Verisign to learn about the security of the Internet is about
> as useful as visiting the NASDAQ marketsite near Times Square in New
> York City to examine the stability of the US market system.  It has
> pretty visuals, flashing screens, and a fake button.
> If the politico's wanted to see how well the Internet is really protected,
> they would visit the non-show places.  Security usually depends on your
> weakest link, not your fanciest show place.
> The "roots" are a huge distraction.  Most of the problems with DNS are
> outside the root name servers.
> I have to admit ICANN was an eye-opening experience for me.  The parts
> of DNS I care about are in relatively good shape (compared to other
> utilities).  But there are other parts which are scary. I don't know if
> Darwin will prune that part of the tree in time.

More information about the NANOG mailing list