[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NO ROOT? (Re: Large Zone and DNSSEC)

To: "James Seng/Personal" <jseng@pobox.org.sg>, "Nathan Jones" <njones@connect.com.au>
Subject: NO ROOT? (Re: Large Zone and DNSSEC)
From: Harald Alvestrand <Harald@Alvestrand.no>
Date: Sat, 16 Dec 2000 12:42:25 -0800
Cc: <namedroppers@ops.ietf.org>
Delivery-date: Sun, 17 Dec 2000 08:32:02 -0800
Envelope-to: namedroppers-data@psg.com

At 15:10 15/12/2000 +0800, James Seng/Personal wrote:
>I was discussing this offline with some folk. But the general idea is if we
>were to do DNSng, and we got a chance to start all over again, Do we want to
>design a system which creates a monopolistic hierarchical structure again?
>
>I am not saying unique root is bad or suggesting alternative root. I am
>suggesting "NO ROOT". (Okay, I like to come up with bad ideas :-P).

a few philosophical thougths:

the central human question of naming is what happens when two entries wish 
to be known by the same name.

The alternatives are:
- Return data for both (search)
- Return data for one (lookup)
- Return data for none (hah!)

DNS provides a name-to-unique-entry mapping; no search.
So the first alternative does not work for the applications the DNS are 
used for.

Across the DNS, we have seen multiple ways to decide which to return when 
both want them:
- show reasonable proof that you are the rightful owner, then keep it
(.se, .edu)
- first asker gets it, and keeps it until evicted (.com)
- nobody gets it because we can't agree on the rules (.)
Specifying which decision mechanism to use is out of scope for the IETF 
(and most of the wars in ICANN have been over the "eviction" clause of .com)
But the DNS has a simple way of deciding who the current "tenant" is: 
follow the chain of authoritative delegations from the root of your choice.
(Specifying which root to use is also out of scope for the IETF; observing 
midly that the DNS is quite a bit less useful if there isn't agreement on a 
single "public" root is as far as we have gone.)

So - any new proposal needs to specify which mechanism to use to decide 
which of two claims for a name-to-info mapping to believe; saying "the 
answer that got to you first" is not quite a specification to inspire 
confidence.

A root is not the only answer. It's only the simplest (AFAIK).

--
Harald Tveit Alvestrand, alvestrand@cisco.com
+47 41 44 29 94
Personal email: Harald@Alvestrand.no

to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.

Prev by Date: Security comments re draft-ietf-dnsext-unknown-rrs-00.txt
Next by Date: Re: Security comments re draft-ietf-dnsext-unknown-rrs-00.txt
Prev by thread: Re: NO ROOT?
Next by thread: Security comments re draft-ietf-dnsext-unknown-rrs-00.txt
Index(es):
- Date
- Thread