Hi Robert, On 9 Oct 2024, at 03:27, Robert Story via rssac-caucus <rssac-caucus@icann.org> wrote:
David's reference to golden addresses was and idea he had in 2008, and has not been proposed in the Changing RSO addresses document. What has been proposed is that RSO service address should be 'special'. The idea being to prevent a Former Service Address (as defined in the document) that has been returned to a RIR from being reallocated to someone other than an RSO.
This is little more than a single example of the risks of allowing identifiers to be reused by untrusted third parties when they are associated with services that have security requirements. The more general problem is also illustrated in situations such as people letting domain names lapse so they can be registered by others, nameserver hostnames used as glue whose parent domains are claimed by others (as described nicely and somewhat recently by Gautam Akiwate and others), and reuse of individual addresses assigned for use in cloud providers that provide opportunities for reputation colouring or access through ACLs. We see signs of this in the defensive posture that online services take around email addresses used as identifiers and associated restrictions about email hosting, too. There are lots of examples. Considering the implications of identifier reuse is just sensible practice at this point. I don't think the root servers are that special in this regard. I agree that we expect RSOs to follow best practices but I would hope nobody needs to write that down in order for it to happen. Joe