Re: [ga] Cyberspace Security and the Root(s)

[Marc Schneiders <marc@fuchsia.bijt.net>]

On Wed, 18 Sep 2002, at 22:23 [=GMT-0400], Allan Liska wrote:

> A single root is infinitely more secure than multiple roots.  The
> primary goal of information security is to maintain the integrity of
> information.

I would say that another primary goal is the availability of the
information.

> Having multiple roots makes it much more difficult to
> maintain the integrity of the information -- the root namespace.  Just
> as a company would not have multiple customer databases, a court
> system would not keep multiple criminal records or a doctor would not
> keep multiple records for a patient.

True, any one doctor should not keep multiple databases. But we are not
talking about the database of one physician, but about the database of
databases. It would be a bad thing, if we could only locate a doctor over
a single top entry point for the whole world. Such is the case with DNS.
If the root fails, it doesn't work at all anymore.

Several independant sets of rootservers are better than just one.
Naturally these sets do not have to have different information. Ideally
they carry identical data.

For an attempt to replicate the ICANN root (with which I am NOT in any way
affiliated) for exactly the reasons given above, see:

http://orsn.org/


--
Marc@Schneiders.ORG

http://www.bijt.net/

"I find it bizare that we are talking about hypothetical applications
of enum in Andora..."

Phillip Hallam-Baker
(http://ops.ietf.org/lists/namedroppers/namedroppers.2002/msg01632.html)


--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html