Re: just a brief note about anycast
2003-12-08 12:50:41
At 17:05 08/12/03, Eliot Lear wrote:
Good documentation is also really important. It turns out there is some
for F, at least. See http://www.isc.org/tn/isc-tn-2003-1.html by Joe Abley.
No one denies the dedication of the root people. But this is the crux.
"some documentation" ... for one machine.
Where are the published approved and certified procedures, agreements,
insurance contracts, statistics, logger, budget, authorized people,
clearances, oaths, for every people, company, organization sharing into
root management. Where is the law concerning the root management issues and
impact. For example is a root failure legally considered as an act of God?
Is tempering the root a special crime? Due to the possible impact on the
life of people all over the planet, will it be judged by UN? Who is to
investigate? Root means life and death nowadays.
Either we need the root system and it must match the basic surety rules for
a critical infrastructure, or we just want to keep the fossil concept the
way it was designed 20 years ago. Then UN/ITU or private industry or a new
NGO or a new Gov technically and security certified type of operator is to
find, propose, test, and deploy another solution. I suggest them to read
carefully the very well crafted ICP-3 document. It correctly considers the
end of the single authoritative root file concept. And documents the way to
test new venues.
I am sorry to come again and again on this. I will do it until a special WG
is created or IETF transfers the concern to ITU.
Because we must realize that - even brilliant and resilient - a 20 years
old solution for an inter-university project designed for a single
authority to keep control, and to provide a centralized (hierarchical)
service, just cannot match today technical, legal and security
requirements. The way business is transacted, government operates, and
national defense is conducted have changed. These activities rely on a
complex interdependent network of information technology infrastructures we
may call "cyberspace" which includes Internet and different other
technologies. We must accept that if the IAB/IETF do not takes it the same
way as Govs, it will be removed from them. The world wants a new network
approach, more equal, more secure, more stable, safer, more innovation
oriented, respectfull of national digital independance and sovereignty and
IS actually switching.
http://www.nytimes.com/2003/12/08/technology/08divide.html?th=&pagewanted=print&position
Today, every nations need and must be permited a strategy towards a
national and global secure cyberspace IAB and IETF are to design and help
the implementation. It will provide a framework for protecting this
infrastructure that is essential to their economy, security, and way of
life. In the past few years, threats in cyberspace have risen dramatically.
The policy of governements is to protect against the debilitating
disruption of the operation of information systems for critical
infrastructures and, thereby, help to protect the people, economy, national
security and societal relations of their nations. We all must act to reduce
the vulnerabilities to these threats before they can be exploited - as it
is so easy today with the DNS cf. the recent threads - to damage the cyber
systems or polluting other portions of the DNS which support national
critical infrastructures and ensure that such disruptions of cyberspace are
infrequent, of minimal duration, manageable, and cause the least damage
possible.
Securing cyberspace is a difficult strategic challenge that requires a
coordinated and focused effort from the entire society?the government,
regional and local governments, the private sector, and the people. The
cornerstone of a nation's cyberspace security strategy should be
public-private partnership such as proclaimed by the WSIS. Only by acting
together from every nation can we build a more secure future in DNS and
cyberspace, our world of today. Also, the nations not sharing into the root
management must find sovereign alternatives to protect themselves, their
citizen and their economy from bad root management by the nation domining
it, whatever the reason, and from their practical inability to quickly
adapt in full and equal independance the portion of the root which may
concern their immediate local situation after such actions as war,
catastrophe, revolution, etc. and societal, cultural and legal rights. This
is certainly a technical challenge since the DNS was not designed that way.
In the world critical root system area, Govs actions should include:
forensics and attack attribution, protection of installations, indications
and warnings, and protection against organized attacks or against the
consequences of their international policy (political tensions, wars) and
the acts of God. They should also support research and technology
development that will enable the private sector to better secure the root
and the DNS, not leaving the core responsiblity to "SiteFinder Inc."
whatever the seriousness it puts into it.
Or more simply, may be kill the real time root servers concept and review
the DNS as a non God centralized system? If there was nothing to protect
because there would be nothing, we would risk far less from there.
Then?
jfc
|
|