[72689] in North American Network Operators' Group
Re: VeriSign's rapid DNS updates in .com/.net
daemon@ATHENA.MIT.EDU (Eric Brunner-Williams in Portland )
Thu Jul 22 22:44:30 2004
To: nanog@mandarin.com
Cc: nanog@nanog.org, brunner@nic-naa.net
In-Reply-To: Your message of "Fri, 23 Jul 2004 01:19:55 GMT."
<20040723011955.CA4D4417F@z.spamhaus.org>
Date: Fri, 23 Jul 2004 02:44:35 +0000
From: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
Errors-To: owner-nanog-outgoing@merit.edu
Richard wrote:
> ... the return path provides ...
This was where I ended up also. As Barry and others have discussed on the
asrg, the write-side is throw-away assets. The "return path" is where the
persistence of the names used is greater and the value to the scheme is
realized.
and Randy wrote:
> all they need to do is register foo.bar
> with delegation to their dns servers, and change a third level
> domain name at will.
Yeah. But that's where registrars and registries can interpose on the
scheme. The static 2LD with a twinkling constelation of 3LDs is still
vulnerable. A run of twinkling 2LDs is harder for registrars and/or
registries to break, cross registries and registrars. There may be
fewer points of failure in the NS-set used for a particular campaign.
Eric
