techno-politics was Re: [governance] Bloomberg - The Overzealous
Karl Auerbach
karl at cavebear.com
Mon Jan 21 03:39:40 EST 2013
On 01/20/2013 10:48 PM, David Conrad wrote:
> In order to maintain a coherent (that is, non-conflicting) namespace,
> the DNS protocol itself requires a single root. Really.
Yes, and yet even with that "yes" it does not matter. That is because
you are conflating an algorithm specification (the DNS protocols) with
use of that algorithm on a concrete data structure. You may as well
argue that because an textbook algorithm to descend a binary tree
requires a single root to that tree - which is true - that therefore all
binary trees everywhere must descend from one global, singular root
node, which is decidedly not true.
When you choose your root you get your name space.
When I chose my root I get my name space.
Consistency means that those name spaces give the same answers to the
same queries, at least with respect to queries that are based on TLDs
that are found in both of the roots being compared.
As it turns out the DNS protocol machinery allows delegated-to name
servers to operate the same no matter whether the delegation comes from
your root or my root.
DNSSEC adds an interesting twist. But fortunately for the way DNSSEC
works it is agnostic in the sense that for you to use your root you
prime your resolving tools with your root keyset and I prime my mine
with my root keyset. The DNSSEC above-the-cut/below-the-cut
relationship is such that it you still can get proof that you are
getting a valid zone image no matter which root you started with.
If DNS/DNSSEC technology were so fragile that would crumble if people do
what people can easily do - which is to set up their own roots - then
that technology would be unsafe and open to trivial denial of service
attacks.
Fortunately DNS/DNSSEC is not unsafe in the presence of competing roots.
--karl--
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
governance at lists.igcaucus.org
To be removed from the list, visit:
http://www.igcaucus.org/unsubscribing
For all other list information and functions, see:
http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
http://www.igcaucus.org/
Translate this email: http://translate.google.com/translate_t
More information about the Governance
mailing list