DNSO Archives: [ga]

ICANN/DNSO DNSO Mailling lists archives

[ga]

<<< Chronological Index >>> <<< Thread Index >>>

Re: [ga] Cyberspace Security and the Root(s)

To: ga@dnso.org
Subject: Re: [ga] Cyberspace Security and the Root(s)
From: Allan Liska <allan@allan.org>
Date: Wed, 18 Sep 2002 22:23:05 -0400
In-Reply-To: <1bc.db5417a.2aba2e9a@cs.com>
References: <1bc.db5417a.2aba2e9a@cs.com>
Reply-To: Allan Liska <allan@allan.org>
Sender: owner-ga@dnso.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

Hello DannyYounger,

Wednesday, September 18, 2002, 3:31:38 PM, you wrote:

Dcc> Doesn't this seem to argue against the concept of the desirability of a
Dcc> single root?  From strictly a security perspective, can someone sufficiently
Dcc> knowledgable advise as to which is better -- having a single root or having
Dcc> multiple roots?

A single root is infinitely more secure than multiple roots.  The
primary goal of information security is to maintain the integrity of
information.  Having multiple roots makes it much more difficult to
maintain the integrity of the information -- the root namespace.  Just
as a company would not have multiple customer databases, a court
system would not keep multiple criminal records or a doctor would not
keep multiple records for a patient.

There has to be a single reliable source from which other sources pull
their information.  Using the example of a company database, there
should be a single customer database that can be used by other
databases, such as the customer service database or the billing
database.  Have you ever dealt with a company that maintained multiple
databases?  Customer service has one set of information, billing has
another, and there is no way to reconcile that information.
Maintaining multiple root would ultimately dissolve into that type of
chaos -- and therefore it is less secure.

The current root system actually meets the criteria outlined in your
quote.  The root servers are maintained by different organizations
dispersed throughout the world, properly configured recursive name
servers have the ability to query all of these servers making the root
system very robust.


Hope this helps.


allan
- --
Allan Liska
allan@allan.org
http://www.allan.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUAPYk1C3+n87oa5a9VAQEyxwP+MWzPjguHdpPKdupwM4I2MS7AA2+mmDs4
AXdqwAn84gML9NbXftnWNuWI0nHulodMF+ZLWRLv4Be4OG5O3/Fh/tXZpR4Sn+uK
Du2yEJhI7zG7w14o07xrfymd4gQwAxYqQ4s0lKVl21vSwNLjKNFAb6G1M0O7gKGN
NbYcGuW68xU=
=lnkx
-----END PGP SIGNATURE-----

--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html

Follow-Ups:
- Re: [ga] Cyberspace Security and the Root(s)
  - From: Marc Schneiders <marc@fuchsia.bijt.net>
- Re: [ga] Cyberspace Security and the Root(s)
  - From: steinle@smartvia.de

References:
- [ga] Cyberspace Security and the Root(s)
  - From: DannyYounger@cs.com
- [ga] Cyberspace Security and the Root(s)
  - From: DannyYounger@cs.com

<<< Chronological Index >>> <<< Thread Index >>>