NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information

 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Re: ICANN helps China censor Internet. Root servers leak censored DNS replies outside Great Firewall

I do argue that ICANN is aiding and abetting censorship by persisting in maintain an architecture that is based on a central authority managing identity and trust. Instead of a distributed approach in which we have devices talking among themselves without a central authority we have IP addresses that must be given by a provider and then we must rely on the DNS as a provider-managed mapping between identifies and addresses – one that can easily abused.

A distributed approach using self-coined identifiers and not relying on path-dependent addresses and with encryption the norm would be far more difficult to control.

 

-----Original Message-----
From: nnsquad-bounces+nnsquad=bobf.frankston.com@nnsquad.org [mailto:nnsquad-bounces+nnsquad=bobf.frankston.com@nnsquad.org] On Behalf Of McTim
Sent: Friday, March 26, 2010 12:30
To: Joe Baptista
Cc: nnsquad@nnsquad.org
Subject: [ NNSquad ] Re: ICANN helps China censor Internet. Root servers leak censored DNS replies outside Great Firewall

 

Joe,

 

On Fri, Mar 26, 2010 at 4:45 PM, Joe Baptista <baptista@publicroot.org> wrote:

> I came across a very interesting article today.

> 

> http://bit.ly/bZbkB1

 

We have been discussing this on DNS Ops.   I think that "I" operator

has shut down that node until they can figure out what is going on.

 

I don't understand why you want to drag ICANN into this, it's nothing

to do with them.  They are not aiding or abetting anyone in China who

is messing with DNS replies.

 

--

Cheers,

 

McTim

"A name indicates what we seek. An address indicates where it is. A

route indicates how we get there."  Jon Postel

 

 

 

> 

> If the claims made in this article are correct then this issue is

> significant and raises some serious questions concerning the conduct of

> ICANN the U.S. government contractor for the management of the root servers.

> 

> First this is a serious violation of RFC 2826 "IAB Technical Comment on the

> Unique DNS Root". RFC 2826 requires that global networks like the Internet

> have a globally unique public name space. That means you provide the same

> answers to a user in China as you do for a user in the USA or anywhere else

> in the world. In the case of facebook.com a root server should only publish

> the addresses of the .com name servers and not be authoritative for the

> domain itself.

> 

> There are two issues here that immediately come to mind. The first is

> technical. And as has been reported users were given incorrect answers. The

> second issue is one of security and user privacy. Users who were given

> incorrect DNS information for facebook.com were probably redirected to a

> proxy site where their information could have been collected. Thats a major

> security issue.

> 

> regards

> joe baptista

>