We republish below an astounding post by VeriSign's DNS expert, Dr. Phillip Hallam-Baker, made on the IETF list. In it, he incisively describes the political implications of signing the root using DNSSEC, something we at IGP have been trying to do for about a year now. He also calls for sharing the signing authority, as IGP has also been doing. When we do this, we are sometimes accused of needlessly "politicizing" the issue. Wonder what they'll say now. Let's put Hallam-Baker on that IGF panel on "critical Internet resources" maybe, and see if his candor survives the glare of publicity?
- Begin post -
I think that some folk besides myself have to do some wargaming to consider what the political consequences of signing the root might be. Consider that this is an infrastructure which needs to be robust over a timescale of several decades if not centuries. Consider also the likelihood that whoever is in charge of the root might perform an action that some party might consider a defection over such an extended timescale.
For example, a small but vocal group of voters in the western southern peninsular of state A consider themselves to be political exiles from state B, an island in the vicinity of the peninsular. State A has a particular position of influence over the root and said voters lobby for the exclusion of state B. If such a thing were to happen today the result would be a temporary fracture of the root followed by the rapid emergence of an alternative root structure that was not subject to abusive influence from state A. The parties have authority but not power. If the root is signed by a unitary entity, that entity has absolute power. A defection cannot be countered by a fracture of the root. Today scope for defection is kept in balance by the lack of security. The root is ultimately defined by the location to which a particular network provider directs UDP packets with the root server IP address. After signing the root will be defined by the knowledge of the private key corresponding to the widely distributed embedded public key.
Consider the fact that Europe is currently planning to duplicate the GPS satelite system at a cost of several billion dollars despite the fact that the sole point in doing so is to prevent a similar defection on the part of the US. The idea that control of the DNS root will not be subjected to even more considerable geo-political pressure is naïve. In 1995 deployment could have taken place without attracting undue attention, that is not the case today.
So no, I don't think that there will be a unitary signer. The architecture is inherently flawed. Rather than have a single party sign the root we should probably look to a situation where there are multiple signer entities.
Subject: RE: Last Call comment on draft-weiler-dnssec-dlv-iana-00.txt
From: "Hallam-Baker, Phillip"
Date: Thu, 30 Aug 2007 05:04:33 -0700
- End post -
