[governance] host country agreement + "geostrategic innocence"

McTim dogwallah at gmail.com
Mon Oct 17 18:31:10 EDT 2005


Joe,

last mail 4 me tonight ;-)

On 10/17/05, Joe Baptista <baptista at cynikal.net> wrote:
>
> Ya that is an argument that could be made in some cases.  But let us not
> forget that in the case of ISC that does not necessarily apply.  The ISC
> may only have one root server like Anotomica and RIPE.  But there are many
> instances of those root servers at high speed data facilities outside the
> USA.  This gives these particular root operators control of a majority of
> root operation that are completely outside of USA control, ISC is one of
> the largest entities to which this applies.


So what I am hearing is:

The USG controls 6 nameservers.   They are vulnerable to an Act of
Congress/Presidential Order/ Vixie's martial law/very bad thing
changing the root zone file unilaterally.

There are other rootservers in the US, but since they anycast, they
are less vulnerable?  How's that work?  Don't the instances of "F"
serve the exact same file?  of course they do.

Are you seriously suggesting that if W declared martial law the ISC
would bend (by changing zone file served by "F" in the US) but not
"break" (by keeping old zone file on instances)???  Surely I have
missed smt.

>
> > > The remainder of the root server operators have no contracts with anyone
> > > and are completely independent operators.
> >
> > This doesn't bother me either, I think it is quite useful.
>
> It should bother you.  Should bother anyone who uses the

Really. Shouldn't.

Should make them feel warm and fuzzy knowing that many orgs operate
bits of the infrastructure independent of a central authority but in
close cooperation to accomplish goal of stability.

> not forget the big question - who uses the data collected by these root
> servers?

I do, and haven't yet had a problem.

mctim$ dig @E.ROOT-SERVERS.NET . NS

; <<>> DiG 9.3.1 <<>> @E.ROOT-SERVERS.NET . NS
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58935
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13

;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       518400  IN      NS      F.ROOT-SERVERS.NET.
.                       518400  IN      NS      G.ROOT-SERVERS.NET.
.                       518400  IN      NS      H.ROOT-SERVERS.NET.
.                       518400  IN      NS      I.ROOT-SERVERS.NET.
.                       518400  IN      NS      J.ROOT-SERVERS.NET.
.                       518400  IN      NS      K.ROOT-SERVERS.NET.
.                       518400  IN      NS      L.ROOT-SERVERS.NET.
.                       518400  IN      NS      M.ROOT-SERVERS.NET.
.                       518400  IN      NS      A.ROOT-SERVERS.NET.
.                       518400  IN      NS      B.ROOT-SERVERS.NET.
.                       518400  IN      NS      C.ROOT-SERVERS.NET.
.                       518400  IN      NS      D.ROOT-SERVERS.NET.
.                       518400  IN      NS      E.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET.     3600000 IN      A       198.41.0.4
B.ROOT-SERVERS.NET.     3600000 IN      A       192.228.79.201
C.ROOT-SERVERS.NET.     3600000 IN      A       192.33.4.12
D.ROOT-SERVERS.NET.     3600000 IN      A       128.8.10.90
E.ROOT-SERVERS.NET.     3600000 IN      A       192.203.230.10
F.ROOT-SERVERS.NET.     3600000 IN      A       192.5.5.241
G.ROOT-SERVERS.NET.     3600000 IN      A       192.112.36.4
H.ROOT-SERVERS.NET.     3600000 IN      A       128.63.2.53
I.ROOT-SERVERS.NET.     3600000 IN      A       192.36.148.17
J.ROOT-SERVERS.NET.     3600000 IN      A       192.58.128.30
K.ROOT-SERVERS.NET.     3600000 IN      A       193.0.14.129
L.ROOT-SERVERS.NET.     3600000 IN      A       198.32.64.12
M.ROOT-SERVERS.NET.     3600000 IN      A       202.12.27.33

;; Query time: 152 msec
;; SERVER: 192.203.230.10#53(192.203.230.10)
;; WHEN: Tue Oct 18 00:18:49 2005
;; MSG SIZE  rcvd: 436

13 yummy identical answers, just the way I want it.

>
> http://www.cynikal.net/~baptista/P-R/RSPC.pdf
>
> There unresolved privacy issues here.

I read it.  The exact same "privacy issues" are present in all the
alt-roots as well. it is the nature of the DNS (until crypto
extensions come into play).  I recall a few weeks ago that you were
sending messages about "Turkey's root being hijacked by criminals"
(paraphrasing).

I'll take the current system thanks just the same.

>
> > > So we can say 7 of the root operators are open for business.
> >
> > And the others are closed?
>
> The military controlled servers are out.

out of what?

> The rest would follow the herd.

I am sure they would all react as a herd if the USG ever tried to
"fiddle"  with the rootzone (likelihood approximating zero chance).
The herd would object to the point that the USG would back down.

>
> >
> > > I beleive there is no need.  ICANN's days are numbered.
> >
> > To be replaced by....???
>
> Good question.  The Public-Root seems like an appropriate choice?

Hmmm do you really think y'all can do the ports, protocols, IP
addressing, DNS, coordination, meetings, etc, etc that ICANN does?  If
so, then it is just a power play.

I prefer the "devil I know", thanks anyway.

--
Cheers,

McTim
nic-hdl:      TMCG

_______________________________________________
governance mailing list
governance at lists.cpsr.org
https://ssl.cpsr.org/mailman/listinfo/governance



More information about the Governance mailing list