IGP Blog :: Post Comment

Get IGP via RSS

Get IGP via Email

Follow IGP on Twitter

Twitter

Recent Comments

Re: Domain Names as Second-Class Citizens

Re: ICANN's DNSSEC root signing proposal d.o.a.?

Re: Open letter to the U.S. Goverment on domain name censorship

Re: ICANN's DNSSEC root signing proposal d.o.a.?

Month Archive

November 2007
October 2007
September 2007
August 2007
July 2007

Year Archive

2010
2009
2008
2007
2006
2005

Re: Re: The Politics of DNSSEC: The Light Begins to Dawn at IETF

by Anonymous

Thanks for pointing to this blog entry. You suggest DNSSEC deployment should not be subject to political debate. Great! I would like to be wrong, much like I would like to be wrong when I blame my teenager child for not cleaning up the mess in his bedroom. The way I see the politics intrusion in the DNSSEC deployment project is somehow reflected in the following four statements: (A) Stakeholder XYZ has political concerns about the current DNS root governance. (B) Stakeholder XYZ sees the configuration of DNSSEC trust anchors in resolvers as a strengthening of the causes of the political concern. (C) Those in charge in the current DNS governance arrangement feel a need to address stakeholder XYZ concern. (D) Those in charge in the current DNS governance arrangement have difficulties in bringing up a DNSSEC root trust anchor key ritual that would alleviate stakeholder XYZ concerns. Trying to understand your opinion, I suppose you would agree with (A) and (C) -- indeed the DNS root is currently subject to political debate and the DOC-NTIA and ICANN must act with caution -- and disagree with either (B) or (D) or both. If you disagree with (B), how do you convince every significant stakeholder XYZ that DNSSEC does not matter? Perhaps you can't and then disagree with (C); then I whish you a constructive debate over ICANN policy development. If you disagree with (D), then you can easily answer a few basic questions about trust anchor key management for the root: For how long should the unique DNS root trust anchor key be valid? What happens if those in charge of the private key experience a security breach prior to the above validity period? How does ICANN protects itself from the bad publicity likely to be caused be the above security breach? I.e. if you agree with (C), how should ICANN reply to the likely public outcry from stakeholder XYZ after a security breach? Thank you for reading these questions, they might allow some commentators, e.g. myself, to have a better understanding of your opinion. Definitely, a strong case for your view would facilitate DNSSEC deployment. - Thierry Moreau

Post comment:

Format Type:
	Convert newlines
	Receive comment notifications for this article
Subject:

Comment:

Comment verification:

Please enter the text you see inside the graphic to post your comment:

You are not currently logged in. If you would like your user information to be displayed with your comment, please enter your login information below.

Username:
Password:

If you would like to post contact information on your comment, please enter your information into the optional fields below:

Contact information:

Name:
URL:		example: http://yourdomain.com
Email:

Please note: email will not be displayed on the site, only for the blog owner. If logged in, URL will only be used.

Help support our work

Make a secure, tax deductible donation online today.

What we're reading

Upcoming Events

View all Events

Who's Reading IGP Blog?

Wowzio

grab this · technology blog