ICANN/DNSO
DNSO Mailling lists archives

[ga-full]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] Net security's a losing battle


On Sat, Sep 29, 2001 at 03:10:05AM -0700, Rick H Wesson wrote:
> 
> Ross,
> 
> As one who sat on the ICANN Escrow committee I can state that the
> committee did create a final draft that specified escrow formats and how
> escrow would be done. The document was forwarded to ICANN and I have no
> clue why they didn't implement it.

Because they have to spend lots of time and money on other things, and 
time and money are in short supply.

> All ICANN need to do is publish their
> requirements on escrow, and start up their service, which they have had
> over 9 months to complete.

There have been other things with what were thought to be higher
priority going on, such as new TLDs.
> 
> Also if a registrar was to be "taken out," some service certainly would be
> disrupted but we would deal, I'm sure VGRS, as the other registries have
> too, a well defined disaster recovery plan. I believe such was required in
> their Registry proposal.

> Do you know each root server does not answer queries for at lease two
> hours twice a day? I am sure the impact of an outage would be less than
> what the financial industry felt when the WTC towers were demolished. I
> also suggest you read up on what happens when a backhoe severs a
> fiber, they happen all the time, some huge ones that will cut out large
> chunks of the net and one rarely hears about it.

I suggest that you are missing the point entirely.  It's not dns that is
the issue, it is registrant data.  If opensrs were taken out in a
WTC-type incident, the fact that ar.com was registered to you would be
lost, and you would have to go through some process to prove that it had
been registered to you, instead of one of the flock of cybervultures
that would instantly materialize.  If NSI registrAR were taken out the
ownership of every single domain they had registered would be unknown;
there would be no way to verify any domain modifications; no way to know
who the contacts were.  The effects wouldn't be immediate, but they
would be enormous. 

[...]

> to me 'security and stability of the naming system' means DNSSEC and
> 'security and stability of the addressing systems' means IPSEC and IPv6

There is more to it than that.

-- 
Kent Crispin                               "Be good, and you will be
kent@songbird.com                           lonesome." -- Mark Twain
--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html



<<< Chronological Index >>>    <<< Thread Index >>>