Hi: I've recently noticed some discussion here on alt.roots. A topic of some interest to me. Don Stokes wishes they would go away, however i know they are here to stay. The ALT.ROOTS started as an experiment. The question was could the root be removed from DOC USG control (Department of Commerce, United States Government) and is it possible to expend namespace - and if so - what are the technical limitations. The experiment is now over. The ALT.ROOTS or expanded namespace works very well and the technical limitations to the growth of the root file are no different then the technical limitations seen at the .com zone file level. Now the ALT.ROOTS are experiencing a social experiment which seems to be working. They are co-ordinating the allocation of namespace in a reasonably open fashion. Some commercial ventures in fact now offer expanded root services. Certainly there have been some problems - but the expanded namespace is evolving at a rapid pace and i anticipate in excess of one million top level domains by next year. Much of this is due to various european ISP's who are activily co-ordinating local government resources to establish claims to namespace for specific and general purpose top level domains. I would actively encourage any ISP in NZ to participate. However - I advise some precautions when selecting a root provider or in listing your tlds on various root services. I speak from experience. I recently took control and shutdown about 80% of all root service traffic to the Open Root Server Confederation (ORSC). This affected organizations like znet.com - a large ISP in California, various University of California computer labs and sites, including the university president's office. Other affected parties included some ISP called Grasshoppernet, most of croatia (yes - i mean the country), and the Ministry of Education for the Grand Dutchy of Luxemburge. There were many others but these were the most interesting I found in my logs. My decision to shut down the roots was due mainly to bad planning on the part of the root operator. We enterted into an agreement with a Diebold Incorporated to provide arpa (network) infrastructure. During the period that Diebold used the arpas they made arrangements with the ORSC root operator to establish two roots on our networks. When our agreement expired we relocated our networks and examined them for traffic. We found alot of dns traffic for the old ORSC roots. As some of you may know - once a root is established it becomes a permanent fixture on the internet. Roots are pointed to using their internet protocol addresses. This put us in a sticky position. We were now in control of every answer to every question by every user attached to our infrastructure. As some of you may know a root service is a trusted service and the abuse of this trust can result in violation of a networks integrity. Our immediate concern was the what if question. What if a hacker who knew our sites once carried a root server - and understood the power of root - decided to break in and take over the root. They could essentially redirect traffic while capturing user password, names, addresses, credit card information - etc. etc. etc. This is a scary position to be left in and i'm sure you can all appreciate that. So as to avoid any potential liability we collapsed the root and redirected users attempting to access port 80 on any host to one web page which provided them with assistance on reconfiguring their computers or networks. So in picking a root I think it is very important to find one in which the infrastructure is captured by the root operator. This means that the IP numbers used to identify the root are stable and under the administrative control of the root operator - or secured by legal agreement. Many ALT.ROOT lack this. The ORSC has no legal obligation in place to provide service, they are not for profit, the ALTERNIC was established by a known felon and operate some of their infrastructure on @Home IP addresses, the OPENNIC is the same with network hardware addresses being outside their immediate control. So with roots operating on @Home infrastructure the possibility that an old but still active root can fall into the wrong hands is an uncomfortable probability. There is only one commercial root service - the largest of which is pacificroot and they have captured infrastructure. CINICS in france is building infrastructure for french governments and associations at various levels. So the push is on and the momentum unleashed. The only question is who do you trust when you don't have a report card on the players. And I include the USG root system in that question of trust. They have the same power to redirect users as I had when I made the decision to close down portions of the ORSC root infrastructure. And I find that power to be scarier in the hands of one government entity then i do in the hands of a nauty hacker. Those of you who want to explore alt roots can find more data at the Independent Root Operator's Network http://root-dns.org/ regards joe baptista The dot.GOD Registry, Limited The Executive Plaza, Suite 908 150 West 51st Street Tel: 1 (208) 330-4173 Manhattan Island NYC 10019 USA Fax: 1 (208) 293-9773 --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog