Same answer to both questions: Yes, of course there has to be an
administrative override, but it too has to be protected. A key ceremony
is the accepted method. A sufficient set of people from a sufficient
set of places. Needed to initiate key assignment, revoke, restore, etc.
I just don't see any plausible way to come up with a reset process that
can't be subverted by guys with guns. The best I would expect would be a
root perhaps with broken DNSSEC that most of the world used, and a
relatively small set of people using a "real" root created outside the
compromised process.
If you remember back to the Sitefinder fiasco, there were patches to turn
the wildcard result back into NXDOMAIN which I used but I don't think a
lot of other people did.
R's,
John
On Nov 13, 2025, at 9:42 AM, John R Levine <[email protected]> wrote:
On Wed, 12 Nov 2025, Steve Crocker wrote:
If the change to each TLD's portion of the root zone required the active
participation of the TLD operator, and if the entire root zone were signed,
it would then be impossible for the USG to force a change to the (signed)
root.
If a poorly managed ccTLD loses its key, what happens? Either their delgation
is frozen for all eternity, or there is some recovery scheme to make changes
without that key. We several decades of blockchain failures to tell us why the
first option is out of the question.
You argue the USG could require the USG root operators, E, G and H, to
simply not respond to queries for .ru, .su, ."rho phi" or the USG could
force distribution of a modified root zone that would be unsigned or have
an invalid the signature. But I think everyone would quickly ignore the
unsigned or invalidly signed root zone and remove the E G and H roots from
their list of root servers.
I have less confidence that people pay that much attention to what they're
seeing, but I also think that the question is ill formed. There's always going
to be an administrative override.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
