On Jun 19, 2011, at 9:51 AM, Jay Ashworth wrote:
----- Original Message -----
From: "Paul Vixie" <vixie@isc.org>
David Conrad <drc@virtualized.org> writes:
I believe the root server operators have stated (the equivalent of) that it is not their job to make editorial decisions on what the root zone contains. They distribute what the ICANN/NTIA/Verisign gestalt publishes.
yes. for one example, see:
http://www.icann.org/en/announcements/announcement-04jan08.htm
other rootops who have spoken about this have said similar/compatible things.
Just to clarify, since I'm responsible for that particular red herring, I had at the time forgotten that the TLD zone don't actually *live* in the root -- I know; silly me, right? -- and that the root wouldn't be affected by the sort of things that previously-2LD now TLD operators might want to do with their monocomponent names...
which as someone pointed out, a 3-digit RFC forbids for security reasons anyway.
My point is that there is a relatively small group of root operators and I consider them generally clueful and likely to comply with RFCs other than through accidental violation. OTOH, I can easily see $COMPANY deciding that $RFC is not in their best interests and find the http://microsoft construct not at all unlikely. I realize that no responsible software vendor would ever deliberately do something insecure or contrary to a security-oriented RFC, but, history has shown that not all software vendors are responsible. Now imagine the number of corporate IT departments that can't even spell RFC, but, they run web servers and DNS servers... Yeah, under the coming circumstances, the expectation that said 3-digit RFC will remain anything more than a novel collection of bits on an FTP server somewhere is, well, optimistic at best. Owen