North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: The whole alternate-root ${STATE}horse

  • From: Todd Vierling
  • Date: Sat Jul 09 11:50:47 2005

On Wed, 6 Jul 2005 [email protected] wrote:

> > 1. Security ("man-in-the-middle").
>
> VPNs, SSH tunnels, etc. There are ways to solve
> this problem.

You would use a VPN or SSH tunnel to do what?  That's orthogonal to DNS
security issues, and illustrates that you haven't read DNSSEC and/or 2826.

> > 2. Common interoperability.
>
> We do not currently have common interoperability for a
> whole range of protocols.

So what?  DNS is one of the protocols where interoperability is not just
desirable, it's MANDATORY.

Businesses and individuals expect that when they publish an e-mail or Web
site hostname, that it be theirs and only theirs no matter where on the
Internet it is accessed.  FQDNs are considered fixed points of entry, and
alternate roots put that name resolution at risk.  (But if you had actually
read RFC2826, you would already understand this.)

Client side users, conversely, expect that published addresses by businesses
or individuals go to the intended party.  (But if you had actually read
RFC2826, you would already understand this.)

Introducing fragmented TLDs or the opportunity to supplant the common TLDs
places the DNS infrastructure at risk.  This is not just FUD -- DNS
hijacking in alternate roots has already happened.  (But if you had actually
read RFC2826, you would already understand this.)

> > 3. *Common sense.*  [Erm, oh yeah, perhaps I shouldn't feed the troll.
> >    After all, this is the same guy who thinks that resurrecting the
> >    long dead concept of source routed e-mail is scalable.]
>
> Since when did the NANOG mailing list become your personal
> venue for flinging personal insults at other list members?

Nope, not personal -- it's just good to make sure a troll is properly
labeled as such.  You know, like how cigarettes have bad-for-your-health
warnings.

> For the record, I have never suggested that source-routing
> is a good idea for email nor have I ever suggested that
> source-routing is scalable.

Okay, then, "forced arbitration" (which is interchangeably equivalent to
source routing if the arbitrators handle the mail as it transits).

Either way, it's been done and doesn't scale, and you didn't get the point
(in the same manner that your stubborn ignorance is preventing you from
understanding the basic tenets of DNS), so the troll label fits.

> > You really should read RFC2826 sometime.  It's quite short, as RFCs go.
>
> I have read it

In one eye and out the other, perhaps?  I wonder why I have such a hard time
believing this, considering that I've more or less rehashed its major points
right here.

> and I appreciate the IAB's comments, but it was written at a time when we
> didn't have as much experience with rootless networks as we do now.

The DNS is not a rootless network, so this is a pointless comment.

On the flip side, there was quite a bit of experience with alternate DNS
roots at the time RFC2826 was created -- AlterNIC, which was run and
advocated by people just as blinded by ignorance as you.

Oh wait, your name wouldn't *actually* be Jim Fleming, would it?

-- 
-- Todd Vierling <[email protected]> <[email protected]> <[email protected]>