Re: [icann-eu] Letter to Dr. Vint Cerf

[Thomas Roessler <roessler@does-not-exist.org>]

On 2001-05-08 13:24:23 -0700, Kent Crispin wrote:

> The misconfiguration is in creation of a .biz in an alternate
> root system, and connecting that to the global Internet -- an
> action which exposes one to all kinds of problems, not just the
> one you outline.

I disagree.

The interesting question about Jefsey's scenario is how the message
gets to a mail server which uses the wrong root system - from the
sender's point of view.  (The argument is entirely symmetric under
exchange of canonical and alternative roots.)

1. The sender himself may have delivered the message to a relay
(smart host) which uses the wrong set of root servers.  In this
case, the user has either acted in a pretty stupid way, or he erred
on which root server is used by his preferred smart host.  Thinking
about a typical ISP setup, an Internet service provider may indeed
turn out to be liable when he is using the alternative root and
customers expect (as usual) that the canonical set of root servers
is used.

2. A server using the wrong set of root servers is acting as an MX
for the target domain, as seen in the right DNS hierarchy.  That is,
things are setup very badly.  This would most likely count as a
severe configuration error, and is something which should be sorted
out between the owner of the target domain and the MX operator.  It
basically just doesn't make any sense.


Thus, I don't think that connecting name servers with an alternative
root zone to the Internet is the really bad thing - but actually
using them may quickly turn out to be a very bad thing.

-- 
Thomas Roessler                          http://log.does-not-exist.org/