IGP Blog

The U.S. Congress and “free speech principles on the Internet” [cough]

Milton Mueller — Sun, 11 May 2008 17:57:36 -0400

Amidst growing concern about the future independence of ICANN, the subcommittee of the U.S. Congress on Telecommunications and the Internet has expressed opposition to any move by the Commerce Department to alter its unilateral oversight of ICANN. Representative Edward J. Markey, the supposedly liberal Democrat from Massachusetts who chairs the Subcommittee, was joined by rightwing conservative Charles Pickering and 14 other members of the committee in the May 6 statement. The Congresspersons expressed their opposition to “any change that threatens the important U.S. role in promoting U.S. commercial and free speech principles on the Internet,” and implied that free speech principles would be threatened if NTIA “abandoned” its role “now or in the near future.”

The subcommittee members who drafted and signed this statement are badly misinformed – about ICANN, freedom of expression, NTIA oversight, and global Internet governance. We attempt here to set the record straight.

Will ARIN Establish a Gatekeeper?

Milton Mueller — Fri, 09 May 2008 00:11:32 -0400

If you’re reading this within an hour after it was posted, you’ve got about 17 hours to comment on an important change being proposed at ARIN, the manager of Internet Protocol addresses for the North American region. ARIN is proposing a new “Policy Development Process.” (Sound familiar?) A step by step description of the proposal can be found here. The essence of the change is that the ARIN Advisory Council would manage and dispose of all policy proposals. The new PDP proposal is an example of the increasing formalization of IP address policy making. This trend, which is probably inevitable, will continue. Everyone interested in Internet governance needs to understand that and be attuned to the consequences. ARIN’s Advisory Council will become more of a gatekeeper for policy proposals.

.ORG pushes forward with DNSSEC

Brenden Kuerbis — Fri, 25 Apr 2008 14:58:31 -0400

In early April, Public Interest Registry (PIR) submitted a service proposal announcing its intention to begin offering secure DNS extensions in the 4th quarter of 2008, and seeking to amend its registry contract with ICANN. If approved by ICANN, .ORG would likely be the Internet’s first secure production gTLD zone. One interesting wrinkle is PIR's proposed language regarding data escrow of DNSSEC related data, specifically key material. PIR's request is another testament to the strength of a distributed, and not centralized, approach to DNSSEC.

Net neutrality debate spreads to Europe

Milton Mueller — Thu, 17 Apr 2008 18:39:25 -0400

Thursday I spoke in Brussels at a well-attended seminar on "Net Neutrality and the [EU] Reform Proposals for the Electronic Communications Sector." The event had a number of sponsors, including two Belgian Universities (Namur and Leuven) the ISP Association of Belgium and some consultancies. It appears that the neutrality norm for internet governance is becoming widely discussed in Europe and is influencing the European Commission's implementation of its sectoral reform efforts. Indeed there is a Principle proposed in Article 8 that end users should be able to access and distribute content and use the applications of their choice.

Chris Boam of Verizon was there and made some interesting comments. One was that Verizon has no interest in Deep Packet Inspection technologies and has rejected the idea of implementing them. The other was that Verizon's Open Development Initiative, which supposedly loosened up its vertical leverage over wireless handsets on its network, was "not a change in policy" but simply a re-packaging and more aggressive public promotion of its prior policy, which was that any handset manufacturer or developer could approach Verizon and be approved if they met some basic criteria. Hmmm...

NTIA Shrugs

Milton Mueller — Wed, 02 Apr 2008 23:23:33 -0400

The NTIA has released a short announcement about the mid-term review of ICANN. The announcement tells us very little except that the administration hasn't changed its position on anything important regarding its supervisory relationship to ICANN. The US is reasonably comfortable with the status quo and won't move until someone makes them very uncomfortable. Nothing they heard in February did so. Clearly, NTIA was not looking for information about what needs to be done, but seeking confirmation of its prior tendency to do nothing. It will leave to a future Presidential administration the issue of whether to continue to be the unilateral "ruler of the root"

Network Solutions pre-emptively takes down website Dutch parliament member Geert Wilders

Michel van Eeten — Thu, 27 Mar 2008 07:17:00 -0400

The website of Geert Wilders' upcoming film has been taken down by registrar Network Solutions, while they are “investigating whether the site’s content is in violation of the Network Solutions Acceptable Use Policy.” That message has been up for about five days now. One wonders how long it takes to investigate six words and a single picture.

Rather than deciding whether Network Solutions acted appropriately, the more interesting question is: Why did Network Solutions suspend Wilders’ website, given that it, so far, has not hosted offensive content and given that they do not suspend websites that are clearly more offensive? Why are they seemingly volunteering to take on the enormous task of policing the huge number of websites that are registered through them?

Judge Says We Can't Look Inside US .XXX deliberations

Milton Mueller — Wed, 19 Mar 2008 16:18:43 -0400

It's "Sunshine Week" in Washington, a week devoted to "open government," but the light came a few days late for ICM Registry and Stuart Lawley, proponents of the .xxx top level domain for adult content. A US court dismissed ICM Registry's litigation to pry more information out of the US government about the pressure it put on ICANN to reject ICM's application to operate the .xxx top level domain. The court decision favoring darkness is posted here.

Global Service Provider Identity (SPID): Licensing the Internet?

Brenden Kuerbis — Mon, 10 Mar 2008 17:39:02 -0400

A briefing last month to House and Senate members and staff of the Homeland Security Committee by VeriSign’s Vice President for Regulatory Affairs and Standards, the recent chair of the NRC’s Committee on Improving Cybersecurity Research in the US, and a former Chief Scientist of the FCC, raises some interesting questions and concerns about governance, competition policy, and civil liberties. In the joint presentation on international and domestic defenses against cyber attacks and supporting documents, VeriSign’s Tony Rutkowski argued that, “the widespread deployment of wireless platforms, Internet Protocol networks, and application-based services – combined with a government switch from common carrier to information services regulation by imposing only minimal public network service mandates – has produced some significant “cybersecurity” vulnerabilities.” According to Rutkowski, the absence of a built-in trust mechanism across the many providers that make up the communications network infrastructure worldwide is the core problem. In light of this, he said Congress should require the FCC, FTC and other agencies to institute a universal identity through a global Trusted Service Provider or SPID (Service Profile IDentifier) system.

New Anti-phishing law: A Snowe job?

Milton Mueller — Fri, 07 Mar 2008 14:45:24 -0500

Three U.S. Senators, led by Maine Republican Olympia Snowe, have proposed a new, harsh law allegedly to combat phishing, the Anti-Phishing Consumer Protection Act of 2008. But since the Senators obviously pandered to major trademark holders during its drafting, the law does little more than attempt to expand the powers that brand holders have over domain names, while adding little or nothing to the fight against phishing -- which is already completely illegal.

The problem is that the bill focuses too much on the domain names used by phishers and adds little to efforts to prosecute phishing itself. It might better be renamed, "The Selective Anti-Typosquatting and antiWhois Privacy Act of 2008." A group representing small business interests in domain name policy, the Internet Commerce Association, has sounded the alarm against the bill, noting that:

"If enacted this bill would allow trademark and brand owners to encourage state and federal officials to bring what are in essence trademark infringement suits on their behalf without any need to allege, much less prove, that the targeted domain names were in any way involved with criminal phishing activities. It would also allow trademark owners to abandon use of the UDRP process and the ACPA since alleged “cybersquatting” could be targeted with lawsuits brought under this proposed law, with a lower burden of proof and the coercive power of far more substantial monetary penalties."

Worse, the bill mounts a legal attack on Whois proxy services designed to protect domain name registrants' privacy. According to one commentator not known for his solicitude for domain name privacy rights, the Snowe bill "basically says that if you provide WHOIS privacy, you have to lift the veil if anyone, anywhere, sends you a notice claiming that the domain has been misused. Since there is no provision for checking that the notice is real, and no penalty for making false claims, we can assume that should this act be enacted into law, within about five minutes robots will be scouring WHOIS databases and automatically mailing off robonotices."

A citizens group has mounted a petition against the bill, which you can read and sign at this address.

Council of Europe Works to Criminalize Political Expression

Milton Mueller — Thu, 06 Mar 2008 03:12:33 -0500

The Council of Europe is pushing to extend the Cybercrime Convention to impose criminal sanctions on what it considers to be unacceptable forms of political or religious expression. The Cybercrime Convention was originally negotiated to respond to transnational problems such as theft of data, breaking into computers, computer-based financial fraud and the like. But now the Council is engaged in bulk unsolicited emails to promote the idea that web site content that is insulting or xenophobic is a cybercrime of the same order.

One Internet, two modes of governance

Brenden Kuerbis — Wed, 27 Feb 2008 16:15:29 -0500

On Monday the NTIA released the agenda for the upcoming public meeting in Washington DC covering the Mid-term Review of the JPA between DoC and ICANN. And yesterday, in Geneva, the Internet Governance Forum opened its first preparatory meeting for the upcoming Forum in Hyderabad, India from December 3-6. It’s too early to draw conclusions, but the structure of the meetings suggests two distinct operational modes of Internet governance.

Internet security scholar joins IGP Scientific Committee

Brenden Kuerbis — Fri, 22 Feb 2008 10:45:32 -0500

The Internet Governance Project welcomes Dr. Michel J.G. van Eeten as a new member of its Scientific Committee. Dr. van Eeten joins the IGP from Delft University of Technology, the Netherlands, where he is an Associate Professor on the Faculty of Technology, Policy and Management. In addition to his responsibilities at TU-Delft, van Eeten also teaches in several executive education programs at the Netherlands School of Public Administration in the Hague.

His research focuses on the reliability and security of critical infrastructures, most recently on the issue of Internet security. Recent work as a policy analyst includes advice for a variety of infrastructure operators and service providers in telecommunications, rail transportation, electricity provision, water supply and financial services. Currently, he is a consultant for the Dutch Ministry of Economic Affairs and the OECD Working Party on Information Security and Privacy. Dr. van Eeten was the lead author on a 2008 OECD study (currently being declassified), the Economics of Malware: Security Decisions, Incentives and Externalities. van Eeten remarked, "Over the last couple of years, I've enjoyed reading the IGP's work and I look forward to joining the debate." Commenting on the new addition, Dr. Milton Mueller said, "In addition to strengthening IGP's global approach to scientific analysis of Internet policy issues, Dr. van Eeten brings expertise in the economic and organizational aspects of Internet security, adding a valuable perspective to the IGP's work. The IGP is privileged to benefit from his participation."

Finnish scandal unmasks censorship tactics

Milton Mueller — Thu, 21 Feb 2008 10:49:28 -0500

For some time it has been known that law enforcement authorities in Norway and Finland have prepared lists of alleged child pornography web sites, and demanded that local Internet service providers block access to them. This model of blocking access was avidly picked up by Internet law enforcement authorities in other countries, including the Netherlands, where pressure has been placed on ISPs to block these sites or risk being publicly smeared as aiding and abetting child abuse.

Using ISPs as intermediaries for censorship is a bad idea because mandated site blocking violates the principle of net neutrality. Truly illegal content should be handled by prosecuting the producers, publishers and hosts of the content rather than through attempts to block and control Internet access on a territorial basis. Governments, however, claim that they must block access because of the heinousness of child abuse and because the heinous sites were out of the reach of local law enforcement. Many people have bought that argument.

Until now. Recently, Finnish activists got their hands on the Finnish government's official list of blocked sites. The results of their discovery are astounding. Most of the censored sites are located either in the United States or EU countries -- and thus are not outside the reach of child protection laws. Equally disturbing, most of the sites on the blocking list are not child pornography sites at all, but legal adult pornography sites. And many are not even porn sites at all.

Eeny, meeny, miny, moe. Will VeriSign control the root?

Brenden Kuerbis — Fri, 15 Feb 2008 14:44:22 -0500

Just who will be "it" and control the secure DNS root took another turn this week at ICANN-Delhi, when VeriSign unexpectedly announced it would implement a DNSSEC test bed for the root zone either later this year or the beginning of next year. In a discussion that covered root zone management process improvement and DNSSEC test bed implementation, VeriSign's Ken Silva acknowledged that the current process is somewhat of a "black box." The 20+ year telecommunications and security industry exec and former executive technical director at the NSA, cited their current role as publisher of the root zone and its need to be familiar with all the anticipated components that will go into future root zone database management as reason for the initiative.

Is Whois Toast? SSAC pushes ICANN toward new IETF standard

Brenden Kuerbis — Mon, 11 Feb 2008 12:16:55 -0500

The Security and Stability Advisory Committee (SSAC) has added a new wrinkle to the ongoing domain name Whois saga. In a document released late last week, it identified some well known and other less talked about problems with the Whois protocol and it called on ICANN and its community to pursue a more holistic approach involving policy recommendations. Interestingly, it also called for consideration of a new “formal directory service for the Internet” standard to serve domain name interests.

What is the JPA?

Milton Mueller — Fri, 08 Feb 2008 16:01:08 -0500

Bret Fausett's blog has cast new light on the ICANN JPA question. Many of us had assumed that the JPA was a replacement for the earlier, more prescriptive Memorandum of Understanding between ICANN and the US Commerce Department. The MoU was first drafted in November 1998 and was amended six times from 1999 to 2003. Ending the JPA, it is widely assumed, would eliminate all forms of Commerce Department oversight over ICANN's policy making and leave in place only the more important IANA contract, which is completely separate from the JPA/MoU. Doubts are now raised about this assumption.

As IGP warned an uncomprehending press corps back in 2006, the shift from MoU to JPA was much less of a "dramatic step" away from US control than ICANN's PR effort made it out to be. Now, if Fausett is right, it appears that getting rid of the JPA is less important than ICANN is making it out to be.

It all depends on what we mean by "the JPA."

Reforming ICANN Oversight: A Historic Opportunity

Milton Mueller — Tue, 05 Feb 2008 16:14:40 -0500

IGP today responded to a U.S. Department of Commerce proceeding seeking comment on the future of its political oversight over ICANN. The proceeding is part of a mid-term review of ICANN's 3-year Joint Project Agreement (JPA) with U.S. Commerce Department NTIA.

In a move that is likely to attract attention and debate we called for ICANN and the IGF to forge an agreement to institute a bi-annual review and public consultation concerning ICANN’s record and accountability. These ideas will be raised both at the U.S. Commerce Department public meeting February 28 and at the public consultation of the U.N. Internet Governance Forum in Geneva February 26.

Governments, ICANN and the JPA (part 2)

Milton Mueller — Tue, 29 Jan 2008 18:19:20 -0500

We were discussing how governments could take over ICANN. This was in response to a new meme gaining popularity within the Beltway: the idea that we need to retain the Commerce Department’s leash on ICANN (the JPA) because if we don’t, other governments (autocratic Russians, Chinese commie hordes, turbaned Islamo-fascists or languid, dirigiste Europeans) will somehow “interfere” with DNS.

But the future of the JPA has virtually nothing to do with ICANN’s subordination to other governments. It's about ICANN's subordination to the US government. The people advancing this meme have not specified how a government takeover is supposed to happen, much less how retaining the JPA would prevent it. As I started to argue yesterday, it is hard to conceive of a single plausible scenario for governments to exert more power over ICANN that isn't either a) already happening, and being aided and abetted by the USG; b) more likely to happen the longer the US stays in control or c) require the US government’s consent.

To prove this point, here are some plausible scenarios and mechanisms through which national governments could put pressure on ICANN. By examining these, we can better appreciate just how far off base the CDT and others are.

The Orwellian meme about the JPA

Milton Mueller — Mon, 28 Jan 2008 17:07:26 -0500

"War is peace, freedom is slavery, and ignorance is strength." And, according to the Center for Democracy and Technology, ICANN's Joint Projects Agreement giving the US government the ability to tell ICANN what to do is a way of "protecting the DNS against governmental interference." Hmmm...

The IGF and Networked Internet Governance

Brenden Kuerbis — Fri, 18 Jan 2008 15:25:18 -0500

The European Parliament has issued a resolution which illustrates the growing interplay of global Internet governance and domestic or regional polities. It also hints at how we might begin to incorporate the broad array of interests affected by global Internet policies.

The Future of ICANN (Again)

Milton Mueller — Thu, 17 Jan 2008 12:35:46 -0500

ICANN is lobbying hard to bring an end to its “Joint Project Agreement” (JPA) with the US Commerce Department. (The JPA is one of two tethers that ties ICANN to the US government.) Key ICANN management personnel are in Washington today and meetings are being held with industry stakeholder groups. Feelers are being sent out to other stakeholders.

ICANN’s Board Chairman, Peter Dengate Thrush, laid down a bold and clear position in his early filing of comments before the NTIA: “The JPA is no longer necessary. Concluding it is the next step in transition of the coordination of the Domain Name System (DNS) to the private sector. This step will provide continuing confidence that the original vision laid out in the White Paper is being delivered.” Although there is more to global Internet governance than ICANN, this issue deserves more attention than it seems to be getting.

The F Root Agreement: Formalized Informality

Milton Mueller — Fri, 11 Jan 2008 06:57:38 -0500

The root server agreement between ICANN and ISC was published yesterday. As "agreements" go, this is a good one -- by which we mean, it reflects a peer relationship between ICANN and the root server operator and does no harm to the status quo, which is flexible and distributed. The contract, labelled a "Mutual Responsibilities Agreement" (MRA), constitutes a massive concession to distributed authority over the root server system. ICANN's Board should support it.

Moving towards a developing agenda for Internet Governance

sonia.arenaza — Sun, 06 Jan 2008 15:59:20 -0500

[Editor's note: Maxwell graduate student Sonia Arenaza joins us today as a guest IGP blogger. Sonia is working towards a degree in International Relations and Public Administration, with a concentration in International Development and Information Technology for Development. After graduating from the Entrepreneurship Development Institute in India, the Business School of the Peruvian Pacific University, and from the Systems Engineering School of the Peruvian National Engineering University, Sonia worked as a Strategic Planning Manager at the General Secretariat of the Andean Community, from 2004 to 2006; and as an Information Technology Project Leader at ACCION International where she worked in the microfinance fields for developing countries, from 2002 to 2004. In addition she worked as a microfinance and information technology professor in Peruvian and Bolivian universities. She speaks Spanish, English and French.]

The Second IGF meeting held in Rio raised , in one of its workshops on last November 13th, a latent and to-date crucial issue, a Development Agenda for Internet Governance.

Panelists and participants discussed about the importance of considering a development perspective into internet governance mechanisms, institutions, principles and initiatives; and also offered a brainstorming of possible approaching ways. Some of those ideas were to follow a top-down approach; to analyze the impact on development some controversial issues of internet governance such as freedom of expression, privacy, intellectual property among others have on development, and the way they interact to each other; to take into account existing differences in markets, decision-making processes and regions; to consider development as a cross-cutting issue among the Internet Governance themes -access, openness, diversity and security- and as a way to evaluate their performance; to take into account not only implementing businesses practices in the community but also empowering ICT to ordinary people because they know how to use it for development and reducing poverty; and last but not least to build a development agenda by the aggregation of related issues or by a horizontal approach considering how key Internet Governance principles of multilateralism, transparency and democracy impact on development.

F Root Server Makes its Peace with ICANN

Milton Mueller — Sat, 05 Jan 2008 11:25:41 -0500

ICANN has announced some kind of an agreement with the Internet Systems Consortium, operator of the F root server complex. We can’t say much about it yet, because the actual agreement hasn’t been published, and the agreement hasn’t been ratified by either organization’s Board. But any formalized agreement would represent an important step toward further institutionalization of the ICANN global governance regime, and the agreement could serve as the template for agreements with other root server operators. Legally and operationally, the root server operators have no contractual obligations to ICANN or, for that matter, to anyone else; they are the last remnants of the informal yet effective stewardship model of the early Internet pioneers, in which a self-selected group of trusted technical experts assumed operational and policy responsibility for key internet coordination functions. Roping in the F root, run by noted maverick Paul Vixie, is particularly significant for ICANN. It will be interesting to see how the agreement deals with a number of tough issues, such as selecting a new root server operator when an organization operating one fails or goes out of existence, for example. Or whether it ducks such issues entirely. Stay tuned.

Milton Mueller Named First XS4ALL Professor

Brenden Kuerbis — Mon, 24 Dec 2007 07:10:20 -0500

IGP Partner Milton Mueller, a scholar known for his work on global Internet governance and professor at the School of Information Studies (iSchool) at Syracuse University, has internationalized his academic post and strengthened ties to the Internet industry by accepting a chair at Delft University of Technology in the Netherlands. The three-year research position was created by the Dutch Internet service provider XS4ALL, and will be located in the Faculty of Technology, Policy and Management, Information and Communication Technology (ICT) section.

Homeland Security Department was warned about DNSSEC key ownership and trust issues

Brenden Kuerbis — Wed, 19 Dec 2007 11:03:53 -0500

A consulting group (DNK LLC) report to the U.S. Department of Homeland Security stated clearly that the problems of who would own the DNSSEC keys and mistrust of the U.S. government's intentions could be barriers to DNSSEC deployment. While the August 2006 report covers developments only from March 2005 to July 2006, it makes two important points that are relevant and timely today. First it makes clear, if it weren't already, that the issue of root signing and key management has been recognized as a political issue for long time. It also offers some interesting insights on how DHS has approached the politics of DNSSEC and Internet security.

In developing the government's message about DNSSEC, DNK clearly identified barriers to adoption across several relevant interest groups, including the Internet community, the private sector, other governments and public sector actors, consumers/end users, and the media. Tellingly, "ownership of DNSSEC keys and registration" and "trust in government's [i.e., the USG] intention" were specifically identified as potential tripping points across many of the groups.

Bulgarian Group Challenges IDN ccTLD Policy

Milton Mueller — Tue, 18 Dec 2007 10:06:02 -0500

Adding to the growing questions about the wisdom of giving incumbent country code registries a “fast track” to new IDN top level domains, a Bulgarian registrar has sent a letter to ICANN claiming that it should receive the new TLD rather than the current country code manager. The Bulgarian company, UNINET, has already launched a local version of '.бг' and claims that it resolves in Bulgaria through many “DNS patches” supported by national Internet service providers. UNINET criticizes the policies, prices and sluggishness of the Bulgarian ccTLD administrator (Register.bg), which has registered only 7500 names after more than 12 years of operation. In contrast, Bulgarians have registered around 180,000 domains in generic TLDs such as .com, .net, .org and .info – a clear indication of the inadequacy of the current ccTLD manager in meeting the needs of the local market.

Whatever the merits of UNINET’s desire to be first in line for a “fast track” Bulgarian IDN domain, their letter underscores how wrong it is to assume that the existing ccTLD managers deserve a special right to be the first occupants of the IDN space. UNINET points out – correctly, we think – that “if ICANN awards Register.bg the IDN “бг'” TLD, the market for Bulgarian script names may become a monopoly controlled by Register.bg since the market for Bulgarian names worldwide is rather small and needs only one or a few Bulgarian TLDs." The same would be true of many other national and linguistic markets. IDN top level domains should be awarded as part of a generic process in which all applicants are equal and are evaluated by the same rules. And competition policy, one of ICANN's prime directives, should play a role in deciding who gets what.

DNSSEC-Deployment Group Now Discussing Distributed Root Signing

Brenden Kuerbis — Wed, 05 Dec 2007 15:59:52 -0500

DNSSEC and the issue of signing the root have been hot topics in Internet governance over the past year. Most recently, the IGP co-sponsored workshop at IGF-Rio saw several interested parties (see the workshop writeup) vigorously debating if the root should be signed. Perhaps anticipating that discussion, ICANN released a ccNSO survey of 61 ccTLD operators on DNSSEC just before IGF-Rio. It highlighted that the majority of interviewed operators preferred ICANN/IANA sign the root, but numerous other arrangements were identified as well. In Rio, the CEO of the largest ccTLD argued that deploying DNSSEC at the root entails making a decision about whether to dedicate trust to one or multiple entities. She and a representative of CGI.br openly expressed concern about a single entity controlling such a critical piece of the DNS.

In a promising sign that policy discussions regarding critical internet resources are responding to IGP advocacy and IG Forum discussions, the DNSSEC-Deployment group is now discussing options for distributing root signing authority. This turn in the debate shows that constructive criticism and discussion of DNSSEC governance arrangements can indeed lead to improvements, despite early resistance to even discussing the topic.

Overlapping Sets: From Rio to Delhi

John Mathiason — Wed, 05 Dec 2007 15:11:03 -0500

The second Internet Governance Forum in Rio de Janeiro continued the slow but steady movement to clarify the critical Internet governance issues. The Forum discussed, for the first time, the initial issue that prompted the international focus on Internet governance, critical Internet resources. It also explored the other clusters that had been identified: openness, diversity, access and security and further refined these. But the main result, not as well noticed, is a growing recognition that the key issues have less to do with the clusters than with where they overlap and conflict.

IGF Workshop Summary: DNSSEC: Securing a Critical Internet Resource

Brenden Kuerbis — Wed, 05 Dec 2007 13:40:51 -0500

[Editors note: Below is a summary of discussions which will feed into a report on the "DNSSEC: Securing a Critical Internet Resource" workshop held at IGF-Rio on November 14th.]

This informative workshop, co-sponsored by the Internet Governance Project, CGI.br, and EuroISPA, drew approximately 80-90 attendees from government, civil society, the private sector and technical communities. While the multi-stakeholder panel brought a diversity of opinions regarding DNS Security Extensions (DNSSEC), they agreed that improving the security of the Internet’s infrastructure is an important activity which should be pursued.

In general, there are two camps concerning the deployment of DNSSEC, which is a technical standard that requires coordination among many actors to be successfully deployed on a wide-scale basis. One side is ready to proceed with deployment, particularly the hurdle of creating a “trust anchor” key and digitally signing the root zone file. The other is more cautious in its approach, believing that the successful deployment of DNSSEC is subject to many open technical and governance questions.