Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?

David W. Hankins David_Hankins at isc.org
Thu Jul 24 12:15:58 CDT 2008


On Thu, Jul 24, 2008 at 09:56:32AM -0500, Joe Greco wrote:
> MY move?  Fine.  You asked for it.  Had I your clout, I would have used
> this opportunity to convince all these new agencies that the security of
> the Internet was at risk, and that getting past the "who holds the keys"
> for the root zone should be dealt with at a later date.  Get the root
> signed and secured.  Get the GTLD's signed and secured.  Give people the
> tools and techniques to sign and secure their zones.  Focus on banks,

I admit readily that I am not one of the 'dns guys' around here, but
I have been watching with some interest for a few years now, and have
more or less become convinced that the players involved are willing to
tolerate, downplay, or even flat out ignore a great deal.

Except losing their own relevance.  This is cherished above all.  The
only times I have seen these parties move is when it has been
realistically threatened.

So in brandishing this world event as like a holy sword of fire to
smite some nefarious beaurocracy, there is no danger its strike will
drain any relevance.  The band aid fix is there.  Their relevance is
saved along with all of our businesses.  There is still plenty of time
to argue about who gets the keys.  Who gets nearly the entire pot of
this magical relevance ambrosia?

It wouldn't work.  Paul's booming voice would serve only to make him
hoarse.

The strike only lands for effect if you withold the band aid fix,
which simply can not be done in this case either.


I'm only really aware of two ways to reduce the relevance of the root
and its children (I did say I am not a DNS guy).  You can join one of
the alternate roots, which I do not recommend.  Or you can sign your
zones using a DLV registry.

If DLV registries became 'de rigeur', it would effectively halve the
root and by extension the GTLDs' relevance.  I do not believe they
will permit this to come to pass.  Provided they did, we would win
anyway, as signing zones itself would have become the norm.

-- 
David W. Hankins	"If you don't do it right the first time,
Software Engineer		you'll just have to do it again."
Internet Systems Consortium, Inc.	-- Jack T. Hankins
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20080724/64983bf3/attachment.bin>


More information about the NANOG mailing list