censored? corrected
NOTE: More than 8 hours have passed since I sent this text in plaintext directly to Cypherpunks without its being posted, so in this attempt I am sending it encrypted through ALUMNI remailer. - Gary Jeffers gjeffers@socketis.net INFO BLACKOUT From THE SPOTLIGHT newspaper's TECHNOLOGY & LIBERTY column by Clark Matthews - Nov. 06, 1995 issue. Powerful national security insiders have established effective control over the entrance gateways to Internet. Disturbing signs are now emerging that the "information superhighway" has been targeted for systematic sur- veillance and political dossier-building on Americans' opinions. This ominous news came in the first of a series of articles by investi- gative journalist Steven Pizzo in WEB REVIEW, an online magazine of cyber- culture and politics (http://gnn.com/wr/) published by Songline Studios of San Francisco. Pizzo is the author of INSIDE JOB, a groundbreaking expose' on the massive fraud and theft of insured deposits in 1980s savings and loan debacle. According to Pizzo, control of Internet "domain name registration" has passed into private hands-with the potential for serious mischief or worse. "Domain names" are the odd looking identifying names that are as- signed to individual computer systems that compose the Internet (logoplex. com, for example). Through a complex chain of licensing arrangements and corporate acqui- sitions detailed in Pizzo's article, this crucial control over Internet domain names has passed from the non-profit National Science Foundation to Network Solutions, Inc. (NSI) of Herndon, Virginia. Last May, amid growing public disbelief of Establishment media reports about the Oklahoma City bombing provocation, NSI was purchased by Scientific Applications Interna- tional Corporation (SAIC) of San Diego. SAIC is a $2 billion defense and FBI contractor with a board of direc- tors that reads like a Who's Who of the intelligence community. Board members include Admiral Bobby Ray Inman, the former director of the Na- tional Security Agency (NSA) and deputy director of the CIA; Melvin Laird, defense secretary under Richard Nixon; Donald Hicks, former head of re- search & development for the Pentagon; Donald Kerr, former head of the Los Alamos National Laboratory; and Gen. Maxwell Thurman (ret.), the commander of the U.S. invasion of Panama. Former members of SAIC's board include Robert Gates, the former CIA director under George Bush; current CIA director John Deutch; Anita Jones, Deutch's former Pentagon procurement officer, and William Perry, the pre- sent secretary of defense. The corporation also has a legion of computer network specialists and an entire division of computer consultants. SAIC currently holds contracts for re-engineering the Pentagon's information systems, automating the FBI'S computerized fingerprint identification system, and building a na- tional criminal history infomation system. The Internet is a marvel of computer software technology. It was de- signed to survive a nuclear attack on the United States-like the Post Office, it's literally smart enough to find a way to get the mail through, even if most of the network is missing. But control of Internet domain name registration means the ability to remove troublesome-or outspoken-computer systems from the network. Po- tentially, this control also confers the power to insinuate "phantom" domains into the network-for surveillance purposes, for example-or for real-time, automatic censorship. Furthermore, anecdotal evidence gathered by this author suggests that actual "truth control" is taking place on the 'net now. E-mail messages with controversial contents-including the details of the SAIC takover of domain names-have consistently disappeared as they travel across the net- work. News items concerning the Vincent Foster "suicide" investigation and allegations of NSA bank spying through compromised Inslaw software are being quickly and automatically canceled. And the cancellations are not by by their authors. CRACKDOWN With domain names under the control of secret government insiders, it is even theoretically possible that large parts of the Internet could be SHUT DOWN AND SILENCED at critical times. This could be accomplished by suddenly altering domain name registrations or interposing compromised "domains" at crucial points. These compromised systems could serve as "black holes" at critical times, stopping e-mail and important news from reaching the world-or the rest of the country. Exercises in "turning the Internet off" have already taken place in Taiwan and Hong Kong. In Taiwan, the 'net was successfully shut down. All network traffic-including news, opinions and e-mail sent by computer users-was successfully "bottled up" on the island and prevented from reaching the world. In Hong Kong, the Internet wasn't quite strangled, but the British authorities who control that colony managed to throttle free electronic speech with the rest of the world until everything was bottlenecked into a few little-known satellite links. These are alarming precedents and sure signs that powerful, shadowy forces are preparing to chop at the very roots of America's new Liberty Tree. The secretive people on the board of directors of SAIC are intell- igence professsionals skilled at manufacturing events-and then manufact- uring public opinion and consent by controlling the truth. Will Internet disinformation, censorship or "shutdowns" signal the next American crisis?
-----BEGIN PGP SIGNED MESSAGE----- On Thu, 2 Nov 1995 anonymous-remailer@shell.portal.com wrote:
NOTE: More than 8 hours have passed since I sent this text in plaintext directly to Cypherpunks without its being posted, so in this attempt I am sending it encrypted through ALUMNI remailer. - Gary Jeffers gjeffers@socketis.net
Shit happens.
INFO BLACKOUT
BWAHAHAHA!
From THE SPOTLIGHT newspaper's TECHNOLOGY & LIBERTY column by Clark Matthews - Nov. 06, 1995 issue.
The Spotlight's official classification in the UC and Stanford library databases is "Serials -- Anti-Semitic." I don't mean to offend anyone too much, but the Spotlight is generally regarded to be rather lunatic-fringe. Though the same is probably said of anyone on the cypherpunks list, hmm...
This ominous news came in the first of a series of articles by investi- gative journalist Steven Pizzo in WEB REVIEW, an online magazine of cyber- culture and politics (http://gnn.com/wr/) published by Songline Studios of
Spotlight tends to be rather vague in its sources for a reason. I found the article to which this apparently refers at http://gnn.com/gnn/wr/sept29/news/natl/index.html. It is rather less lurid, but might still be of moderate concern. See the October 13 followup. I'm copying this to Steve Pizzo. I'm sure he'll get a real kick out of being cited in The Spotlight, whose politics are a little different than his.
Through a complex chain of licensing arrangements and corporate acqui- sitions detailed in Pizzo's article, this crucial control over Internet domain names has passed from the non-profit National Science Foundation to Network Solutions, Inc. (NSI) of Herndon, Virginia. Last May, amid growing public disbelief of Establishment media reports about the Oklahoma City bombing provocation, NSI was purchased by Scientific Applications Interna- tional Corporation (SAIC) of San Diego.
This is semantically and logically equivalent to: Last May, amid growing public disbelief of Establishment media reports about the Oklahoma City bombing provocation [provocation?], Fred Rogers changed his shoes. Obviously, Mr. Rogers is part of the conspiracy.
SAIC is a $2 billion defense and FBI contractor with a board of direc- tors that reads like a Who's Who of the intelligence community. Board members include Admiral Bobby Ray Inman, the former director of the Na- tional Security Agency (NSA) and deputy director of the CIA; Melvin Laird, defense secretary under Richard Nixon; Donald Hicks, former head of re- search & development for the Pentagon; Donald Kerr, former head of the Los Alamos National Laboratory; and Gen. Maxwell Thurman (ret.), the commander of the U.S. invasion of Panama.
I know that at least part of this is true, at least in part. SAIC also designed the hull of the Stars & Stripes yacht that won the America's Cup. Obviously Dennis Conner is part of a conspiracy that involves the Bavarian Illuminati, the Pope (who visited San Diego once), and New Zealand. Isn't it suspicious that the last America's Cup was contested and finally decided by the New York Supreme Court, the seat of the World Jewish Conspiracy? Disclaimer: I was born in the San Diego area, and I know people who worked at SAIC, so I'm probably part of the conspiracy too.
The Internet is a marvel of computer software technology. It was de- signed to survive a nuclear attack on the United States-like the Post Office, it's literally smart enough to find a way to get the mail through, even if most of the network is missing.
I believe this is the first time I have seen the Post Office favorably cited.
But control of Internet domain name registration means the ability to remove troublesome-or outspoken-computer systems from the network. Po- tentially, this control also confers the power to insinuate "phantom" domains into the network-for surveillance purposes, for example-or for real-time, automatic censorship.
Anyone capable of sending this message should have known that this was complete BS.
Furthermore, anecdotal evidence gathered by this author suggests that actual "truth control" is taking place on the 'net now. E-mail messages with controversial contents-including the details of the SAIC takover of domain names-have consistently disappeared as they travel across the net- work.
And now we have PROOF! For THIS VERY MESSAGE, sent to THIS VERY LIST only EIGHT HOURS AGO was MYSTERIOUSLY DISAPPEARED! Hide the women and children!
News items concerning the Vincent Foster "suicide" investigation and allegations of NSA bank spying through compromised Inslaw software are being quickly and automatically canceled. And the cancellations are not by by their authors.
I know that several people who have been spamming the net with Foster garbage have been UDP'd. Read back issues of news.admin.net-abuse.misc.
CRACKDOWN
With domain names under the control of secret government insiders, it is even theoretically possible that large parts of the Internet could be SHUT DOWN AND SILENCED at critical times. This could be accomplished by suddenly altering domain name registrations or interposing compromised "domains" at crucial points.
These compromised systems could serve as "black holes" at critical times, stopping e-mail and important news from reaching the world-or the rest of the country.
Exercises in "turning the Internet off" have already taken place in Taiwan and Hong Kong. In Taiwan, the 'net was successfully shut down. All network traffic-including news, opinions and e-mail sent by computer users-was successfully "bottled up" on the island and prevented from reaching the world.
In Hong Kong, the Internet wasn't quite strangled, but the British authorities who control that colony managed to throttle free electronic speech with the rest of the world until everything was bottlenecked into a few little-known satellite links.
Hmm, few specifics here. I wonder if they would care to elaborate. Nah. It is, of course, true that countries including Singapore, China, Vietnam, and Cuba control net access rather tightly, and there have been reprisals against online dissidents.
These are alarming precedents and sure signs that powerful, shadowy forces are preparing to chop at the very roots of America's new Liberty Tree. The secretive people on the board of directors of SAIC are intell- igence professsionals skilled at manufacturing events-and then manufact- uring public opinion and consent by controlling the truth. Will Internet disinformation, censorship or "shutdowns" signal the next American crisis?
Only the Shadow knows. - -rich llurch@networking.stanford.edu -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMJiap43DXUbM57SdAQHjBQP7BaaL0fgVCIpI5HDrTJ4TjtJgyjRWPWYU vr2PuFBEGNZffzijaf9MTtwgjsYvy8/cMBuUiaBVIyVQloI1wfQMlHX1tVfnI6JM hyT9zUJ4qovwsLCu+yX8JV1Ug2GtgyrW6AJJic+oFNohBJs8nQKxizwhVMa9AFrf eAtmHLE+wsE= =Qyen -----END PGP SIGNATURE-----
On Thu, 2 Nov 1995, Rich Graves wrote:
In Hong Kong, the Internet wasn't quite strangled, but the British authorities who control that colony managed to throttle free electronic speech with the rest of the world until everything was bottlenecked into a few little-known satellite links.
Hmm, few specifics here. I wonder if they would care to elaborate. Nah.
Don't waste your time with that idiot, he doesn't know what he's talking about. The 1-week partial black-out here in Hong Kong happened because some providers had ignored some licencing requirements, and has been quickly solved once they agreed to comply.
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 2 Nov 1995, Rich Graves wrote:
In Hong Kong, the Internet wasn't quite strangled, but the British authorities who control that colony managed to throttle free electronic speech with the rest of the world until everything was bottlenecked into a few little-known satellite links.
Hmm, few specifics here. I wonder if they would care to elaborate. Nah.
Don't waste your time with that idiot, he doesn't know what he's talking about. The 1-week partial black-out here in Hong Kong happened because some providers had ignored some licencing requirements, and has been quickly solved once they agreed to comply.
That's one way to look at it. Of course since the "license requirements" had to do with some obscure administrivia that nobody thought would apply to ISP's, none of the 6 or so ISP's in Hong Kong had thought to apply for it. One has to wonder why the gov't pulled the plug on 5 of them without so much as a warning, much less a chance to comply. Did I say 5? Oh yes. The largest HK ISP-- and the one with closest ties to the government-- had gone ahead and applied for the license just a couple of weeks before the blackout. Corruption is the modus operandi in HK, so I wouldn't be at all surprised if that one ISP got a special favor by being warned of the impending black-out, or even if it had a hand in instigating it. I'm sure you'll correct me if I've got any of my facts wrong. (c'punks relevance: (parts of) the Net is still vulnerable to governmental blackout. Is this relevant? Well, hardly, but perhaps interesting. And at least I flagged it.) Regards, Bryce signatures follow "To strive, to seek, to find and not to yield." <a href="http://ugrad-www.cs.colorado.edu/~wilcoxb/Niche.html"> bryce@colorado.edu </a> -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01 iQCVAwUBMJmy8PWZSllhfG25AQHUygP/QKCwtGlzRRaJtCANUgiJgt+noq0RJKWe zpthAqKRJEa0kP1/zZBkk0Qkj/+HJWAJZ1+i/9R887cDkyD8JZSu2XJ4pXB4mpsv 9rgxH4ffj8oxvy9e313/Z7C2zm7x1O3dwvnkKDojg8LuUBCTvHxZo5iwKXNqExYv w/B0Fxbv0V8= =BPjm -----END PGP SIGNATURE-----
On Thu, 2 Nov 1995, Bryce wrote:
That's one way to look at it. Of course since the "license requirements" had to do with some obscure administrivia that nobody thought would apply to ISP's, none of the 6 or so ISP's in Hong Kong had thought to apply for it. One has to wonder why the gov't pulled the plug on 5 of them without so much as a warning, much less a chance to comply.
Did I say 5? Oh yes. The largest HK ISP-- and the one with closest ties to the government-- had gone ahead and applied for the license just a couple of weeks before the blackout. Corruption is the modus operandi in HK, so I wouldn't be at all surprised if that one ISP got a special favor by being warned of the impending black-out, or even if it had a hand in instigating it.
Look: I've followed very closely all that sad story, as I routinely participate to the meetings between the Government's Telecom regulator (OFTA) and the representatives of the IT industry regarding ISP regulations and the difficult relationships with the telephone carrier (in the role, incidentally, of a strong advocate of de-regulation). The cutoff was determined by an initiative of the Police's Commercial Crime Bureau, tipped by complaints from that provider you're mentioning (HK Supernet). The initiative was taken without any pressure from above, and actually the CCB had to backpedal very hurriedly after the intervention of several legislators (I assisted to an embarassing panel meeting where one of them scolded the chief of the CCB and advanced the hypothesis of a possible lawsuit by the providers agaist the Government for unlawful action, due to a few clumsy procedural "faux pas" by the police). In other words, the whole matter looked more like "Inspector Clouseau vs the ISP's" than a perfidious conspiracy to suppress the freedom of speech. In any case, before Perry (rightly) send us stern reminders of the scarce crypto relevance of this thread, let's take it out of Cypherpunks and, if someone is interested, let's continue by e-mail. Cheers -- Enzo
Rich Graves <llurch@networking.stanford.edu> said: RG> On Thu, 2 Nov 1995 anonymous-remailer@shell.portal.com wrote:
But control of Internet domain name registration means the ability to remove troublesome-or outspoken-computer systems from the network. Po- tentially, this control also confers the power to insinuate "phantom" domains into the network-for surveillance purposes, for example-or for real-time, automatic censorship.
RG> Anyone capable of sending this message should have known that this RG> was complete BS. Is it? This is the _one_ thing in the article (is that term giving it too much legitimacy?) that I whought was barely true. Whoever controls the root level DNS servers effectively controls the Internet. I postulated a couple of months ago about how the US Govt might attempt to censor the rest of the world: "Remove lurid.porno.site.other-country from your DNS system within 72 hours or we will remove references to your DNS servers from the root level servers.". (I also speculated that if the US Govt tried doing this, that an 'underground' DNS system would form almost immediately.)
Furthermore, anecdotal evidence gathered by this author suggests that actual "truth control" is taking place on the 'net now. E-mail messages with controversial contents-including the details of the SAIC takover of domain names-have consistently disappeared as they travel across the net- work.
RG> And now we have PROOF! For THIS VERY MESSAGE, sent to THIS VERY LIST RG> only EIGHT HOURS AGO was MYSTERIOUSLY DISAPPEARED! Hide the women RG> and children! At least, it was allegedly lost. If I were wanting to hype it, I'd just _claim_ that it was lost. Sten -- #include <disclaimer.h> /* Sten Drescher */ To get my PGP public key, send me email with your public key and Subject: PGP key exchange Key fingerprint = 90 5F 1D FD A6 7C 84 5E A9 D3 90 16 B2 44 C4 F3
-----BEGIN PGP SIGNED MESSAGE----- On Thu, 2 Nov 1995, Sten Drescher wrote:
Rich Graves <llurch@networking.stanford.edu> said:
RG> On Thu, 2 Nov 1995 anonymous-remailer@shell.portal.com wrote:
But control of Internet domain name registration means the ability to remove troublesome-or outspoken-computer systems from the network. Po- tentially, this control also confers the power to insinuate "phantom" domains into the network-for surveillance purposes, for example-or for real-time, automatic censorship.
RG> Anyone capable of sending this message should have known that this RG> was complete BS.
Is it? This is the _one_ thing in the article (is that term giving it too much legitimacy?) that I whought was barely true. Whoever controls the root level DNS servers effectively controls the Internet. I postulated a couple of months ago about how the US Govt might attempt to censor the rest of the world: "Remove lurid.porno.site.other-country from your DNS system within 72 hours or we will remove references to your DNS servers from the root level servers.". (I also speculated that if the US Govt tried doing this, that an 'underground' DNS system would form almost immediately.)
I stand corrected. SurfWatch already allows people and organizations to do this voluntarily for anything that mentions sex. I am sure that certain sites are blocked by China, Vietnam, Singapore, and Fortune 1000 Corporations, for both "moral" and political reasons. But it's not the DNS you need to control -- it's the routers. Which are still rather distributed. BBN is part of the Eastern Elite, though... - -rich -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMJkNVY3DXUbM57SdAQG0ywQAiSlU7f1AujiaWQumqQmoIK8dyDoV32+Z IlBYOxTG9uksIWPdGvQAkqcpPIx6OqOY2iA5FsX/YgjZNKjMjyrSf/cnopAM7GY3 SKDqc1thwMNAVmTFZn7emNafZ5bvwR86V340xdvH+/n396UXF9KeuqcIKk8yvKPI QCOeBTmJ1RE= =3Yeq -----END PGP SIGNATURE-----
Is it? This is the _one_ thing in the article (is that term giving it too much legitimacy?) that I whought was barely true. Whoever controls the root level DNS servers effectively controls the Internet. I postulated a couple of months ago about how the US Govt might attempt to censor the rest of the world: "Remove lurid.porno.site.other-country from your DNS system within 72 hours or we will remove references to your DNS servers from the root level servers.". (I also speculated that if the US Govt tried doing this, that an 'underground' DNS system would form almost immediately.)
The US govt. doesn't run the root nameservers, nor are all the root nameservers within US jurisdiction. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer@c2.org
sameer <sameer@c2.org> said:
Is it? This is the _one_ thing in the article (is that term giving it too much legitimacy?) that I whought was barely true. Whoever controls the root level DNS servers effectively controls the Internet. I postulated a couple of months ago about how the US Govt might attempt to censor the rest of the world: "Remove lurid.porno.site.other-country from your DNS system within 72 hours or we will remove references to your DNS servers from the root level servers.". (I also speculated that if the US Govt tried doing this, that an 'underground' DNS system would form almost immediately.)
s> The US govt. doesn't run the root nameservers, nor are all the s> root nameservers within US jurisdiction. Granted, the US Govt doesn't run the US-based root servers. But, if an Internet 'Decency' law was passed, they certainly could try to threaten the US-based root server maintainers to make the cascading threats. And, as I understand the way DNS resolution works, address requests go down to your root domain then up from the other root domain, i.e., for me to find out what c2.org's address is, my system requests from: NS mpd.tandem.com NS tandem.com NS com NS org If this is correct, if the com NS has the entry for the org NS, I won't be able to resolve those names. Of course, explicit IP addresses and /etc/hosts entries would still work. -- #include <disclaimer.h> /* Sten Drescher */ To get my PGP public key, send me email with your public key and Subject: PGP key exchange Key fingerprint = 90 5F 1D FD A6 7C 84 5E A9 D3 90 16 B2 44 C4 F3
shields@tembel.org (Michael Shields) said: MS> If the InterNIC yanked your domain, this would *not* affect your IP MS> connectivity -- your ability to be reached by any Internet protocol MS> via IP address. The InterNIC has nothing at all to do with that. I never disputed that subverting the DNS system would affect the ability to use numeric IP addresses, just IP names. But knowing that there are multiple 'root' DNS servers makes me a bit more comfortable. But only a little bit - despite my being one of what is generally referred to as the 'religious right', the pro-censorship tendencies of the political 'leaders' pandering to it makes me very uncomfortable (the "and when they came to censor me, no one was left to protest" concept [with apologies to the writer of the original version referring to the Holocaust]). -- #include <disclaimer.h> /* Sten Drescher */ To get my PGP public key, send me email with your public key and Subject: PGP key exchange Key fingerprint = 90 5F 1D FD A6 7C 84 5E A9 D3 90 16 B2 44 C4 F3
Sten Drescher opined:
sameer <sameer@c2.org> said:
Is it? This is the _one_ thing in the article (is that term giving it too much legitimacy?) that I whought was barely true. Whoever controls the root level DNS servers effectively controls the Internet. I postulated a couple of months ago about how the US Govt might attempt to censor the rest of the world: "Remove lurid.porno.site.other-country from your DNS system within 72 hours or we will remove references to your DNS servers from the root level servers.". (I also speculated that if the US Govt tried doing this, that an 'underground' DNS system would form almost immediately.)
s> The US govt. doesn't run the root nameservers, nor are all the s> root nameservers within US jurisdiction.
Granted, the US Govt doesn't run the US-based root servers. But, if an Internet 'Decency' law was passed, they certainly could try to threaten the US-based root server maintainers to make the cascading threats. And, as I understand the way DNS resolution works, address requests go down to your root domain then up from the other root domain, i.e., for me to find out what c2.org's address is, my system requests from: NS mpd.tandem.com NS tandem.com NS com NS org
If this is correct, if the com NS has the entry for the org NS, I won't be able to resolve those names. Of course, explicit IP addresses and /etc/hosts entries would still work.
We all know that an alternative DNS structure would rapidly appear, and perhaps even a second US (black) Internet - with links between the old and new fully automatic and transparent. However, perhaps a good cypherpunks project would be to create and test a contingency plan and start an alternative DNS system in parallel with the government run ones. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
(Hopefully someone will correct me if any of this is wrong. But it would be nice if the thread ends.) Here's how it works, politically. IANA is the ultimate custodian of the namespace. IANA has delegated administrative control of the six traditional top-level domains (TLDs) to the InterNIC. The InterNIC is a building in my zipcode. It's in a mundane industrial park they share with PSI. It is operated by NSI, which is owned by SAIC, and funded by an NSF grant and the new domain charges. Here's how it works, technically. Your nameserver, if it doesn't know how to jump into the middle of the tree (via cached data, or the preconfigured servers for the local domain and the root), will start at the top of the tree and walk down. The root nameservers are run by volunteers. There are nine. One is at the InterNIC, but it need not be. The others are at ISI, PSI, UMD, NASA, UUNET (ISC), DDN, the Army Research Lab, and NORDUnet (in Sweden). (The most central point is actually Paul Vixie, maintainer of BIND, the software used for almost all nameservers, including the roots. UUNET funds BIND development.) If the InterNIC yanked your domain, this would *not* affect your IP connectivity -- your ability to be reached by any Internet protocol via IP address. The InterNIC has nothing at all to do with that. I'm much more worried about a lack of competency at NSI than I am about the FBI asking them to pull the plug on troublemakers, especially since it would be taken very seriously if you had a legitimate complaint about unjust termination (and some people, upset at having to pay for their domain(s), are looking for any reason to tear into the InterNIC's reputation). And *especially* since the evil government types could just call up Bell Atlantic, who they are already friendly with, and have them make my line unusable. That's what I'd do, were I an evil government type. And if anyone wanted to subvert your domain at a small fraction of the sites, DNS is easily spoofable.... So keep a sense of perspective. -- Shields.
Sten Drescher writes:
sameer <sameer@c2.org> said:
The US govt. doesn't run the root nameservers, nor are all the root nameservers within US jurisdiction.
Granted, the US Govt doesn't run the US-based root servers. But, if an Internet 'Decency' law was passed, they certainly could try to threaten the US-based root server maintainers to make the cascading threats. And, as I understand the way DNS resolution works, address requests go down to your root domain then up from the other root domain, i.e., for me to find out what c2.org's address is, my system requests from: NS mpd.tandem.com NS tandem.com NS com NS org
If this is correct, if the com NS has the entry for the org NS, I won't be able to resolve those names. Of course, explicit IP addresses and /etc/hosts entries would still work.
It isn't correct. First, your host is immediately looking for a namserver for c2.org, by querying it's configured default server (say, piaget.mpd.tandem.com) for it. If the server already has the answer cached, it's returned immediately. If not, a bit in the query tells it whether the client wants it to find the answer or return an "I don't know" answer -- most want it to find an answer. Piaget.mpd.tandem.com probably already knows enough to bypass queries to the tandem.com and com domains, since it's probably already resolved at least one org query. It can then go directly to a server for org to get the c2.org information the client requested. The other confused point you have is that there isn't just *one* server for org. There are at least a dozen interchangeable root nameservers which handle all of com, org, edu, net, mil, gov, and the country domains (us, uk, de, etc). It's been a matter of policy for quite some time now that to register a sub-domain under one of the top level domains (i.e., to register c2.org under org) you must demonstrate two accessible nameservers for the new domain. I note, for example, that mpd.tandem.com has *four* nameservers. To eliminate "tandem.com" from the DNS, all of the dozen or more root nameservers, which are in different jurisdictions, must be compromised. Even then, sub-domains of the top level generally offer very long expiration periods for cached data. It could be years before the data left the cache from some of the second level servers, assuming they stayed up that long. It would almost certainly be long enough to get a judge to slap an injunction against the action. Once again, the net interprets censorship as damage and routes around it.
participants (9)
-
anonymous-remailer@shell.portal.com -
Bryce -
Enzo Michelangeli -
fc@all.net -
Rich Graves -
sameer -
Scott Brickner -
shields@tembel.org -
Sten Drescher