NNSquad - Network Neutrality Squad
NNSquad Home Page
[ NNSquad ] Re: ICANN helps China censor Internet. Root servers leak censored DNS replies outside Great Firewall
I do argue that ICANN is aiding and abetting censorship by persisting in maintain an architecture that is based on a central authority managing identity and trust. Instead of a distributed approach in which we have devices talking among themselves without a central authority we have IP addresses that must be given by a provider and then we must rely on the DNS as a provider-managed mapping between identifies and addresses – one that can easily abused.
A distributed approach using self-coined identifiers and not relying on path-dependent addresses and with encryption the norm would be far more difficult to control.
On Fri, Mar 26, 2010 at 4:45 PM, Joe Baptista <firstname.lastname@example.org> wrote:
> I came across a very interesting article today.
We have been discussing this on DNS Ops. I think that "I" operator
has shut down that node until they can figure out what is going on.
I don't understand why you want to drag ICANN into this, it's nothing
to do with them. They are not aiding or abetting anyone in China who
is messing with DNS replies.
"A name indicates what we seek. An address indicates where it is. A
route indicates how we get there." Jon Postel
> If the claims made in this article are correct then this issue is
> significant and raises some serious questions concerning the conduct of
> ICANN the U.S. government contractor for the management of the root servers.
> First this is a serious violation of RFC 2826 "IAB Technical Comment on the
> Unique DNS Root". RFC 2826 requires that global networks like the Internet
> have a globally unique public name space. That means you provide the same
> answers to a user in China as you do for a user in the USA or anywhere else
> in the world. In the case of facebook.com a root server should only publish
> the addresses of the .com name servers and not be authoritative for the
> domain itself.
> There are two issues here that immediately come to mind. The first is
> technical. And as has been reported users were given incorrect answers. The
> second issue is one of security and user privacy. Users who were given
> incorrect DNS information for facebook.com were probably redirected to a
> proxy site where their information could have been collected. Thats a major
> security issue.
> joe baptista