Re: [dns-privacy] Root Server Operators Statement on DNS Encryption

Bill Woodcock <> Thu, 01 April 2021 12:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C01683A0E27 for <>; Thu, 1 Apr 2021 05:29:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id t1Jiliyz9oVa for <>; Thu, 1 Apr 2021 05:29:22 -0700 (PDT)
Received: from ( []) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8B3663A0E2E for <>; Thu, 1 Apr 2021 05:29:20 -0700 (PDT)
X-Footer: cGNoLm5ldA==
Received: from [] ([]) by (Kerio Connect 9.2.7 patch 3) with ESMTPS (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)); Thu, 1 Apr 2021 05:29:18 -0700
From: Bill Woodcock <>
Message-Id: <>
Content-Type: multipart/signed; boundary="Apple-Mail=_FC23A8FB-5159-44A8-8B73-1CDCD8B9F783"; protocol="application/pgp-signature"; micalg=pgp-sha256
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.\))
Date: Thu, 1 Apr 2021 14:29:15 +0200
In-Reply-To: <>
To: Brian Haberman <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3654.
Archived-At: <>
Subject: Re: [dns-privacy] Root Server Operators Statement on DNS Encryption
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 01 Apr 2021 12:29:28 -0000

> On Apr 1, 2021, at 2:08 PM, Brian Haberman <> wrote:
>>> On Mar 31, 2021, at 11:49 PM, Stephen Farrell <> wrote:
>>> The real issue IMO is not querying the root servers but the TLDs. There are still performance issues to consider of course but the business model and the value to the person somewhere behind the recursive are quite different. I really wish we could stop all mixing up the roots with the TLDs in this discussion.
> The WG seems to fluctuate between wanting to treat all authoritatives
> the same and thinking of the root as being different from TLDs. If you
> recall during our interim meeting last year, we tried to keep them
> separate and some folks complained.
> I (with no hats on) would take the Root Server Operators statement as a
> strong indication that they believe the root does need to be considered
> separately from the TLDs.

That would be my preference.  And, to be clear, this is not a DNS technical issue, this is an Internet governance issue.  There is one, unitary root, which we all, perforce, share.  Which means that it has to work for everyone, all the time, and serve all purposes reasonably well.  It’s a common, shared resource, and so needs to be governed very carefully, very conservatively, and with a very light touch.

TLDs come in all shapes and sizes and flavors to suit all purposes.  If you don’t like one, try another.  They’re also governed in different ways…  some legacy, some under binding ICANN agreements, some country-code.  Although we’re in danger of all future stuff being homogenized into the “binding ICANN agreements” category, which has been the worst and most restrictive form of governance of the three.

So they’re definitely different, with different purposes and needs.

The standards-making process needs to recognize that, and not tar them with the same brush, just because they use (some of) the same protocols and are complementary parts of the same system.