[ISN] Protecting the Internet's Domain Name System

From: InfoSec News (isnat_private)
Date: Sat Oct 26 2002 - 04:38:11 PDT

  • Next message: InfoSec News: "Re: [ISN] INFOSEC: Certifiably Certified"

    Forwarded from: Bob <bobat_private>
    Comments from "CaveBear", Karl Auerbach, who took legal action against
    ICANN and won, and who has now been elected a member of ICANN's Board.
    Protecting the Internet's Domain Name System
    ICANN is now taking a look at the actual stability of the net - this
    is both refreshing and proper.  And it's about time.
    Let us take a moment and ask ourselves: Why, on an Internet that was
    originally designed to survive a nuclear holocaust, is this DNS thing
    seemingly so vulnerable?
    The reason is pretty obvious: Nearly every other part of the Internet
    is based on the concept that the individual parts should be able to
    operate independently.  But of all the parts of the Internet, the
    Domain Name System has a clear heart, a singular point from which all
    other parts radiate.  On most of the net, if one damages a part, the
    rest of the net will remain and will function.  With DNS as it is
    presently deployed, if one damages the heart, then the rest of DNS
    becomes uprooted and lost.
    (This note will come back to this singular vulnerability of DNS and
    ask the question "why", but that will be a bit later.  In case you
    need instant gratification - here's a preview: DNS could be more fully
    distributed and its singular point of vulnerability eliminated.  The
    deeper question will thus be: Are we intentionally refusing to
    consider, much less adopt, a solution that could give to DNS the same
    near invulnerability that adheres to the rest of the Internet?  Are we
    captives of our own dogma and blinding ourselves to solutions?)
    Full story at http://www.cavebear.com/rw/steps-to-protect-dns.htm
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Sat Oct 26 2002 - 07:24:06 PDT