On Sat, Jul 09, 2005 at 01:51:46PM -0400, Todd Vierling wrote:
On Sat, 9 Jul 2005, Jay R. Ashworth wrote:
It's not the *root* operators that are the problem -- it's the *TLD* zone operators.
Oh, I can certainly agree with that; we've seen some gross abuses of TLDs documented in gory detail right here on the NANOG list.
Of course, that too is orthogonal to who provides the delegations in "." -- except that perhaps some misguided souls are, as is relatively common, confusing the two realms.
Indeed.
"infrastructure at risk". Justify this *far-reaching* statement, please. Show your work.
AlterNIC overriding .COM and .NET listings, one of the issues leading to its demise. (This was done in addition to the more memorable cache poisoning attacks against INTERNIC.NET.)
To the extent that you don't call that a criminal aberration -- one that could as easily have happened to one of the root servers currently *taking* the ICANN root zone -- it only affected people who were resolving off that root. That's a pretty small number, and, IMHO, doesn't rise to the level of "placing the infrastructure [of the entire net] at risk".
The risk is uncertainty of name resolution, as the root zone can in fact override N-level records simply by posessing a more specific name. Root servers are queried for the full host (but respond with the NS glue delegation), not just the first component, which allows for such overriding.
And that possibility is any different in the n-root case than in the 1-root case... why?
Oh wait, your name wouldn't *actually* be Jim Fleming, would it?
<chuckle>
Well, at least some folks remember. 8-)
Whoa, yeah. My Linux boxes all run IPv8. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Designer Baylink RFC 2100 Ashworth & Associates The Things I Think '87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system administrator. Or two. --me