Re: [ga] U.S. Department of Homeland Security wants master key for root DNS

[Jeff Williams <jwkckid1@xxxxxxxxxxxxx>]

Joe and all,

  Thanks for chiming in Dr. Baptista.

  What I believe is going on here is that DHS no longer trusts
ICANN/IANA to be the keeper of the master keys for root
DNS servers after the RegistryFly disaster, and the looming
GoDaddy fiasco.  And frankly, DHS has a good and reasonable
concern.  Basically ICANN has demonstrated it cannot reasonably
police it's registrars, and so continuing for ICANN to be able to
police it's Root Server Operators and secure the Root servers
adequately becomes a reasonable and potentially devastating
concern for DHS.  In other words from DHS's point of view
ICANN needs real adult supervision, and their right.

  None of this is of course to say that DHS is the right department
to do this ICANN supervision....

Joe Baptista wrote:

> Well I must say.  This is a big win for the Inclusive Name Space.  One
> more area to compete with ICANN.  The world will not tolerate this.  If
> the U.S. DHS get the keys just watch, as I have warned before, it will
> result in the further fracturing of the intranetworks as governments
> world wide setup their own roots.  This is a good thing provided there
> is a centralized body like the TLDA to support the process.
>
> 30.03.2007 13:09
>
>     Department of Homeland and Security wants master key for DNS
>
> The US Department of Homeland Security (DHS
> <http://www.dhs.gov/index.shtm>), which was created after the attacks on
> September 11, 2001 as a kind of overriding department
> <http://www.heise.de/newsticker/meldung/28137>, wants to have the key to
> sign the DNS root zone
> <http://www.heise.de/netze/rfc/rfcs/rfc1591.shtml> solidly in the hands
> of the US government. This ultimate master key would then allow
> authorities to track DNS Security Extensions (DNSSec
> <http://www.heise.de/netze/rfc//rfcs/rfc4641.shtml>) all the way back to
> the servers that represent the name system's root zone on the Internet.
> The "key-signing key" signs the zone key, which is held by VeriSign. At
> the meeting of the Internet Corporation for Assigned Names and Numbers
> (ICANN <http://www.icann.org>) in Lisbon, Bernard Turcotte, president of
> the Canadian Internet Registration Authority (CIRA
> <http://www.cira.ca/>) drew everyone's attention to this proposal as a
> representative of the national top-level domain registries (ccTLDs
> <http://www.iana.org/cctld/>).
>
> At the ICANN meeting, Turcotte said that the managers of country
> registries were concerned about this proposal. When contacted by heise
> online, Turcotte said that the national registries had informed their
> governmental representatives about the DHS's plans. A representative of
> the EU Commission said that the matter is being discussed with EU member
> states. DNSSec is seen as a necessary measure to keep the growing number
> of manipulations on the net under control. The DHS is itself sponsoring
> a campaign to support the implementation of DNSSec. Three of the 13
> operators currently work outside of the US, two of them in Europe.
> Lars-Johan Liman of the Swedish firm Autonomica, which operates the I
> root server <http://i.root-servers.org/>, pointed out
> <http://www.heise.de/newsticker/meldung/80479> the possible political
> implications last year. Liman himself nomited ICANN as a possible
> candidate for the supervisory function.
>
> The Internet Assigned Numbers Authority (IANA <http://www.iana.org>),
> which handles route management within the ICANN, could be entrusted with
> the task of keeping the keys. An ICANN/IANA solution would offer one
> benefit according to some experts: there would be no need to integrate
> yet another institution directly into operations. After all, something
> must be done quickly if there is a problem with the signature during
> operations. If the IANA retains the key, however, US authorities still
> have a political problem, for the US government still reserves the right
> <http://www.heise.de/newsticker/meldung/61294> to oversee ICANN/IANA. If
> the keys are then handed over to ICANN/IANA, there would be even less of
> an incentive to give up this role as a monitor. As a result, the DHS's
> demands will probably only heat up the debate about US dominance
> <http://www.heise.de/newsticker/meldung/85281> of the control of
> Internet resources. (/Monika Ermert/) (/Craig Morris/) / (jk
> <mailto:jk@xxxxxxxxxxx>/c't)
>
> ------------------------------------------------------------------------
>
> *This article's URL:*
>   http://www.heise.de/english/newsticker/news/87655
>
> --
> Joe Baptista                                www.publicroot.org
> PublicRoot Consortium
> ----------------------------------------------------------------
> The future of the Internet is Open, Transparent, Inclusive,
> Representative & Accountable to the Internet community @large.
> ----------------------------------------------------------------
>   Office: +1 (202) 517-1593
>   Mobile: +1 (416) 912-6551
>      Fax: +1 (509) 479-0084
>  Address: 963 Ford Street, Peterborough, Ontario Canada K9J 5V5
>
>   ------------------------------------------------------------------------
>
>                       Name: baptista.vcf
>    baptista.vcf       Type: VCard (text/x-vcard)
>                   Encoding: 7bit

Regards,

--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402
E-Mail jwkckid1@xxxxxxxxxxxxx
 Registered Email addr with the USPS
Contact Number: 214-244-4827