ICANN/DNSO
DNSO Mailling lists archives

[ga-full]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] Cyberspace Security and the Root(s)


The answer is obvious, Danny.  If you a single system and it fails, you lose 
it all.

The idea of multiple roots simply means that there are many systems out there 
that the community may use.  If one enitre system fails, there are others to 
which to point.  If some roots carry more information (TLDs) than others, it 
simply affords that much more for users.  It does not imply that any one root 
is better than another.

Of course cooperative "peering" is the best solution, where all roots carry 
all other roots' TLDs and everyone has the same information.  Unfortunately, 
that effort was permanently altered when ICANN duplicated one TLD and 
announced it would do so at any time it pleases.  However, the major roots 
have decided to discontinue resolving the original .biz tld, so they will be 
better able to alleviate the inherent problems with the duplication.  So that 
battle is now ended, but the precedent still must be reversed.  The community 
is not well served when one root system claims total authority for the entire 
internet.  It may well boil down to "who do you trust."  

For security purposes, the roots must all follow security measures for each 
server and cluster, but with a myriad of distributed root systems, there is 
little danger of having a catastrophic failure.  

I think at the end of the day, there will always be multiple root systems and 
people will use them.  It makes little difference who approves of them. It's 
a world wide choice available to all users.   No one country or entity will 
rule the net.

Leah


On Wednesday 18 September 2002 03:31 pm, DannyYounger@cs.com wrote:
> In reading the recently published "National Strategy to Secure Cyberspace",
> my attention was drawn to one particular remark:
>
> "To combat these vulnerabilities, the security of the infrastructure must
> not be dependent on a single layer, group or focal point, but rather must
> be found in multiple layers, distributed defenses, and the ability to
> recover quickly from any attack."
> http://www.whitehouse.gov/pcipb/cyberstrategy-draft.pdf
>
> Doesn't this seem to argue against the concept of the desirability of a
> single root?  From strictly a security perspective, can someone
> sufficiently knowledgable advise as to which is better -- having a single
> root or having multiple roots?

--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html



<<< Chronological Index >>>    <<< Thread Index >>>