Curtis, On Sep 13, 2009, at 5:15 PM, Curtis Villamizar wrote:
Maybe they'd be OK with this because they are already dependent on DNS where their parents, grandparents, great-grandparents, etc. in the [hierarchy] potentially could, [screw up].
The DNS model is somewhat different than what I understand is being proposed here. The folks who manage the top-level (under contract to the US government) can merely make requests to change the top-level, they do not actually control it. There are also explicit statements that the national level resources (that is, ccTLDs) are considered sovereign and the top-level manager can not (under terms of the contract with the USG as well as by practices and polices that require in-country representation) do anything not explicitly requested by the representatives of the nation (more or less -- who the representatives are is a bit grey). The folks who actually control the top-level (an independent party to the manager, again under a USG contract), are explicitly prohibited from making any change that isn't explicitly requested by the manager. And then there are the folks who actually publish the changes who are yet another independent party.
In other words, there is no single entity with 'skin in the game' that has control over the top-level.
With SIDR, again as I understand it (and I'm looking forward to being corrected), the idea is to have 1 or 5 or 6 trust anchors that are administered by the allocating authorities who both manage the top- level as well as control the top-level. There isn't a clear national- level analog (that is, there aren't national-level blocks), and the only parties being discussed as being involved in administration are non-governmental.
Let me simplify this by trying a scenario to see if I understand things. Suppose the UK government decides it is inappropriate (for whatever reason) to pay the RIPE fees associated with maintenance of 51/8 (for sake of argument, assume such fees exist). In the world of SIDR, with certificates which can be used to (at least) derive filters of good vs. bad blocks of addresses, RIPE can now cause 51/8 to be filtered out from any ISP's routing configuration (assuming they auto- generate filters from SIDR-based information).
Is this scenario accurate?
Are you expecting a new round of conspiracy theories?
Expecting: most definitely. But more to the point, experiencing already: yes.
Regards, -drc _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
