Exploit for DNS Cache Poisoning - RELEASED

Paul Vixie vixie at isc.org
Thu Jul 24 20:58:30 CDT 2008


"Tomas L. Byrnes" <tomb at byrneit.net> wrote:
> The problem is, once the ICANNt root is self-signed, the hope of ever
> revoking that dysfunctional mess as authority is gone.

that sounds like the kind of foot-dragging that could be holding this up.

> Perhaps the IETF or DoC should sign the root, that way we have a prayer
> of wresting control from ICANN, as opposed to paying a tax, in
> perpetuity, for registration services to an unaccountable, unelected,
> and imperious body?

apparently when the internet was invented nobody gave any thought to all
kinds of stuff including classful addressing (how were we going to route
16 million class C's anyway?), settlements (aren't AS701 and LVLT also
somewhat imperious?), unwanted traffic (spam, DoS), address space longevity
and/or conservation, routing table bloat and churn, traffic source
authenticity (UDP, SMTP, syslog, ICMP, you name it)... and now you're
trying to say that we don't know how to govern it long-term either?

> Some of us don't think the UN/EU/ITU are good models for governance.

probably most of us.  however, there are certain things that can only get
done that way (country code assignments in postal and telephony space for
example) and i try to keep this in mind and continually forgive those who
mistakenly believe that IP addresses or domain names are like that at all.

> IE: Separation of powers. ICANN/IANA is granted (interim) authority to
> operate, but some other governing body signs.

the other party would have to sign every change.  probably that's what will
happen, IANA will edit, USG will hire some beltway bandit to hold the keys
and do the signing, and then the rootops will publish.  and i'm ok with
that except that it's taking too long to get it going, and i can't seem to
find the person whose desk it's sitting on so that i can offer them my help.
(noting that they may not need or want my help, but i'd rather offer my
help than just sit back and complain.)

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.





More information about the NANOG mailing list