NNSquad - Network Neutrality Squad
[ NNSquad ] Re: ICANN helps China censor Internet. Root servers leak censored DNS replies outside Great Firewall
I
do argue that ICANN is aiding and abetting censorship by persisting in maintain
an architecture that is based on a central authority managing identity and
trust. Instead of a distributed approach in which we have devices talking among
themselves without a central authority we have IP addresses that must be given
by a provider and then we must rely on the DNS as a provider-managed mapping
between identifies and addresses – one that can easily abused. A
distributed approach using self-coined identifiers and not relying on path-dependent
addresses and with encryption the norm would be far more difficult to control. -----Original Message----- Joe, On Fri, Mar 26, 2010 at 4:45 PM, Joe Baptista
<baptista@publicroot.org> wrote: > I came across a very interesting article today. > > http://bit.ly/bZbkB1 We have been discussing this on DNS Ops. I
think that "I" operator has shut down that node until they can figure out what is
going on. I don't understand why you want to drag ICANN into this,
it's nothing to do with them. They are not aiding or abetting
anyone in China who is messing with DNS replies. -- Cheers, McTim "A name indicates what we seek. An address indicates
where it is. A route indicates how we get there." Jon Postel > > If the claims made in this article are correct then
this issue is > significant and raises some serious questions
concerning the conduct of > ICANN the U.S. government contractor for the
management of the root servers. > > First this is a serious violation of RFC 2826
"IAB Technical Comment on the > Unique DNS Root". RFC 2826 requires that global
networks like the Internet > have a globally unique public name space. That means
you provide the same > answers to a user in China as you do for a user in
the USA or anywhere else > in the world. In the case of facebook.com a root
server should only publish > the addresses of the .com name servers and not be
authoritative for the > domain itself. > > There are two issues here that immediately come to
mind. The first is > technical. And as has been reported users were given
incorrect answers. The > second issue is one of security and user privacy.
Users who were given > incorrect DNS information for facebook.com were
probably redirected to a > proxy site where their information could have been
collected. Thats a major > security issue. > > regards > joe baptista > |