On Sat, 9 Jul 2005, Jay R. Ashworth wrote:
"infrastructure at risk". Justify this *far-reaching* statement, please. Show your work.
AlterNIC overriding .COM and .NET listings, one of the issues leading to its demise. (This was done in addition to the more memorable cache poisoning attacks against INTERNIC.NET.)
To the extent that you don't call that a criminal aberration -- one that could as easily have happened to one of the root servers currently *taking* the ICANN root zone -- it only affected people who were resolving off that root. That's a pretty small number, and, IMHO, doesn't rise to the level of "placing the infrastructure [of the entire net] at risk".
Such a "small" detail is such a big problem because entities using the alternate root end up seeing a different view of what should be fixed data, and the details of why they see a different view is normally *hidden from the end user*. So end users are caught unaware of the fact that their communications may be going to someone completely different than intended.
The risk is uncertainty of name resolution, as the root zone can in fact override N-level records simply by posessing a more specific name. Root servers are queried for the full host (but respond with the NS glue delegation), not just the first component, which allows for such overriding.
And that possibility is any different in the n-root case than in the 1-root case... why?
Besides the end user visibility problem above, the 1-root case has a legal and tecnical accountability advantage: if someone were to mess with ".", a LOT of people would notice, and the offending person or entity could be prosecuted (or at least isolated from the net) more quickly and easily. As much as the Utopian ideal of an entity without accountability (such as an alternate root) may sound pleasing, even to me, lack of accountability actually decreases security by the very same means that AlterNIC was able to override 2LDs. -- -- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>