Re: national security
Paul Vixie <vixie@vix.com> Sun, 30 November 2003 19:12 UTC
Received: from asgard.ietf.org (asgard.ietf.org [10.27.6.40]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA08960 for <ietf-web-archive@odin.ietf.org>; Sun, 30 Nov 2003 14:12:49 -0500 (EST)
Received: from majordomo by asgard.ietf.org with local (Exim 4.14) id 1AQWeI-0004dU-TQ for ietf-list@asgard.ietf.org; Sun, 30 Nov 2003 13:50:26 -0500
Received: from ietf.org ([10.27.2.28]) by asgard.ietf.org with esmtp (Exim 4.14) id 1AQWbp-0004ZX-21 for ietf@asgard.ietf.org; Sun, 30 Nov 2003 13:47:53 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA08089 for <ietf@ietf.org>; Sun, 30 Nov 2003 13:47:39 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AQWbn-0002Qk-00 for ietf@ietf.org; Sun, 30 Nov 2003 13:47:51 -0500
Received: from sa.vix.com ([204.152.187.1]) by ietf-mx with esmtp (Exim 4.12) id 1AQWbn-0002Pp-00 for ietf@ietf.org; Sun, 30 Nov 2003 13:47:51 -0500
Received: by sa.vix.com (Postfix, from userid 716) id C962013974; Sun, 30 Nov 2003 18:47:10 +0000 (GMT)
To: ietf@ietf.org
Subject: Re: national security
References: <6.0.0.22.2.20031127212644.049baec0@mail.utel.net>
From: Paul Vixie <vixie@vix.com>
Date: Sun, 30 Nov 2003 18:47:10 +0000
In-Reply-To: <6.0.0.22.2.20031127212644.049baec0@mail.utel.net>
Message-ID: <g37k1hae35.fsf@sa.vix.com>
Lines: 52
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf@ietf.org
Precedence: bulk
i'm going to bend my own policy a bit and reply to a role account: info@utel.net (jfcm) writes: > ... The interest is not sites nor network protection layers, but nations > protection from what happens on or with the networks. This is in line > with the White House document http://whitehouse.gov/pcipb with the > addition of the risks created by the US (and every other national) cyber > security effort, and from not mastering the root. In most of the cases > the identified risks come from a centralized [root] which has to be made > distributed. this statement is akin to many others made in ignorance of what dns is. you are treating it as a mapping service. perhaps you have been successful at treating dns as a mapping service in some local context, and this may have led you to the impossible conclusion that dns itself is a mapping service. dns is a coherent, distributed, autonomous, reliable database. "distributing the root" as you claim to believe is necessary would create multiple domain name systems, not *a* domain name system with a distributed root. there is no way to have *a* domain name system with a distributed root unless we (ietf or other similar agencies) first defined what that meant. when you're ready to commission a multiyear study which would yield documents of the same size and scope as rfcs 1033+1034+1035+2181, then you'll have demonstrated that you have some understanding of what you're asking for here. and note that you would then have to "sell" the resulting system to the internet populance which includes end users, domain holders, registrars, registries, ISPs, and as you point out, nations. lots of luck, but "that ship already sailed." in no particular order, i'll address a couple of your other comments. > 5. the possibility of a redundant DNS system. Today the Internet has two > root files (the same file but presented on two main systems - DNS and FTP). > If one is hacked there is not reference. A redundant system would consist > in two or more root masters refereeing to different sets of TLD name > servers (all of them carrying the same files, but possibly of different > origins for security reasons). there is a reference. several references, actually. there is no possibility of a "hack" going undetected or uncorrected. but more important, if you had several "root files" which indicated different servers for some TLD's, you would have (by definition) several domain name systems, not a domain name system with high redundancy. until you demonstrate some understanding of that fundamental and definitional aspect of dns, you won't be taken seriously among the community who does understand those things. > Thank you for your comments. > jfc please learn the basics before you come in here and start making proposals. -- Paul Vixie
- AW: IETF58 - Network Facts Hans Peter Dittler
- national security jfcm
- RE: national security jfcm
- Re: national security Iljitsch van Beijnum
- Re[2]: national security Anthony G. Atkielski
- Re: Re[2]: national security Iljitsch van Beijnum
- Re: national security Jari Arkko
- Re[4]: national security Anthony G. Atkielski
- Re: national security Paul Vixie
- Re[2]: national security Anthony G. Atkielski
- Re: national security Jaap Akkerhuis
- Re: Re[2]: national security Spencer Dawkins
- Re[4]: national security Donald Eastlake 3rd
- Re: national security John Kristoff
- Re: Re[2]: national security Valdis.Kletnieks
- Re: Re[4]: national security Iljitsch van Beijnum
- Re[4]: national security Anthony G. Atkielski
- Re[5]: national security Anthony G. Atkielski
- Re[4]: national security Anthony G. Atkielski
- Re[6]: national security Anthony G. Atkielski
- Re: Re[4]: national security Valdis.Kletnieks
- Re[6]: national security Anthony G. Atkielski
- Re: national security jfcm
- Re[2]: national security jfcm
- Re[3]: national security Anthony G. Atkielski
- Re: Re[3]: national security Valdis.Kletnieks
- Re[3]: national security jfcm
- Re: Re[3]: national security jfcm
- Re: Re[3]: national security John C Klensin
- Re: national security Paul Robinson
- Re: national security vinton g. cerf
- Re: national security Karl Auerbach
- Re: national security vinton g. cerf
- Re: national security Karl Auerbach
- Re: national security vinton g. cerf
- Re: Re[3]: national security jfcm
- Re: national security vinton g. cerf
- Re: national security jfcm
- Re: national security Bill Manning
- Re: national security Paul Vixie
- Re: national security jfcm
- Re: national security Dean Anderson
- Re: national security Valdis.Kletnieks
- Re: national security Karl Auerbach
- Re: national security J-F C. (Jefsey) Morfin
- Re: national security Karl Auerbach
- Re: national security Masataka Ohta
- Re: national security vinton g. cerf
- Re: national security Paul Vixie
- Re[2]: national security Philip J. Nesser II
- Re: national security Michael H. Lambert
- Re: national security John C Klensin
- Re: national security jfcm
- Re: national security Michael Froomkin - U.Miami School of Law
- IPv6 addressing limitations (was "national securi… Keith Moore
- Re: IPv6 addressing limitations (was "national se… Anthony G. Atkielski
- Re: IPv6 addressing limitations (was "national se… Keith Moore
- Re: IPv6 addressing limitations (was "national se… Iljitsch van Beijnum
- Re: Re[6]: national security Kurt Erik Lindqvist
- Re: national security Kurt Erik Lindqvist
- Re: Re[3]: national security Kurt Erik Lindqvist
- Re: IPv6 addressing limitations (was "national se… Iljitsch van Beijnum
- Re[2]: IPv6 addressing limitations (was "national… Anthony G. Atkielski
- Re[2]: IPv6 addressing limitations (was "national… Anthony G. Atkielski
- Re[8]: national security Anthony G. Atkielski
- Re: IPv6 addressing limitations (was "national se… Masataka Ohta
- Re: national security Franck Martin
- Re: national security Kurt Erik Lindqvist
- Re: IPv6 addressing limitations (was "national se… Bob Hinden
- Re[2]: IPv6 addressing limitations (was "national… Anthony G. Atkielski
- Re: national security Dean Anderson
- Re: Re[2]: IPv6 addressing limitations (was "nati… Iljitsch van Beijnum
- Re[4]: IPv6 addressing limitations (was "national… Anthony G. Atkielski
- Re: Re[4]: IPv6 addressing limitations (was "nati… Valdis.Kletnieks
- Re: IPv6 addressing limitations (was "national se… Masataka Ohta
- Re[6]: IPv6 addressing limitations (was "national… Anthony G. Atkielski
- Re: IPv6 addressing limitations (was "national se… Masataka Ohta
- Re[2]: IPv6 addressing limitations (was "national… Anthony G. Atkielski
- Re: IPv6 addressing limitations (was "national se… jfcm
- Re: national security jfcm
- Re: national security jfcm
- Re: national security Kurt Erik Lindqvist
- Re: national security Kurt Erik Lindqvist
- Re: IPv6 addressing limitations (was "national se… Masataka Ohta
- Re: IPv6 addressing limitations (was "national se… Masataka Ohta
- Re: national security Franck Martin
- Re: national security Franck Martin
- Re: national security Paul Vixie
- Re: national security Dean Anderson
- Re: national security jfcm
- Re: national security Franck Martin
- Re: national security Kurt Erik Lindqvist
- Re: IPv6 addressing limitations (was "national se… Masataka Ohta
- Re[2]: IPv6 addressing limitations (was "national… Anthony G. Atkielski
- Re[2]: IPv6 addressing limitations (was "national… Anthony G. Atkielski
- Re: national security Iljitsch van Beijnum
- Re: Re[3]: national security jfcm
- Re: national security Dean Anderson
- Re: Re[3]: national security John C Klensin
- Re: Re[3]: national security Kurt Erik Lindqvist
- Re: national security Matt Larson
- Re: national security jfcm
- Re: national security Iljitsch van Beijnum
- Re: national security Harald Tveit Alvestrand
- Re: Re[3]: national security jfcm
- Re: national security jfcm
- Re: national security Dean Anderson
- Re: Re[3]: national security vinton g. cerf
- Re: national security Iljitsch van Beijnum
- Re: national security Jaap Akkerhuis
- Re: national security Bill Manning
- Re: national security Paul Vixie
- Re: national security Iljitsch van Beijnum
- Re: national security Franck Martin
- Re: Re[3]: national security jfcm
- Re: national security Dean Anderson
- Re: national security Joe Abley
- Re: national security Joe Abley
- Re: national security Masataka Ohta
- Re: national security Masataka Ohta
- Re: national security Joe Abley