ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] ICANN's DNSSEC Proposal

  • To: dannyyounger@xxxxxxxxx, At-Large Worldwide <at-large@xxxxxxxxxxxxxxxxxxxxxxx>
  • Subject: Re: [ga] ICANN's DNSSEC Proposal
  • From: JFC Morfin <jefsey@xxxxxxxxxxxxxxxx>
  • Date: Thu, 09 Oct 2008 12:16:41 +0200


At 02:45 09/10/2008, Danny Younger wrote:
In an article at wired.com a pointer is provided to ICANN's unpublished DNSSEC proposal (and if you recall, the DOC put a gag order on ICANN not to discuss this proposal)... The pointer is here: http://blog.wired.com/27bstroke6/files/DRAFT-ICANN_DNSSEC_proposal_20080915.pdf The wired.com article is here: http://blog.wired.com/27bstroke6/2008/10/feds-take-step.html The gag order is here: http://www.icann.org/correspondence/baker-to-twomey-09sep08.pdf

Danny,
we had a discussion on the Euralo list about DNSSEC technopolitical issues. If there is a chance to establish the necessary trust between the DNS securisation system manager and the users:

1) this systems is to convince Internet lead users that is has more technical pros than cons, the same for political issues. 2) ALAC, as its concerned representative, has the first role to play on behalf of the user community.

jfc


Note: some @large recent debates show that several systems should be deployed in parallel, at least for testing purposes (intertest).

- DNS (as it is today)
- DNSSEC
- DNSCurve
- IPv6 DNS

and that possibly the real interest of DNSSEC would be to use the DNS as a bad but secured alternative for missing DDDS. IMHO network security is the missing element and the need is for more work there for secure presentation/session layers.

This belongs to the "Internet Plus" concept being under discussion and the presentation location is under discussion with IETF and IAB through my ongoing appeals and work through the ATLARGE structure I had to revive due to the on-going attitude of Staff. PLUS stands for "parallel layers users' systems", where there can be a diversity of interoperable solutions being used at any layer (extended to infrastructure and usage), the Legacy Internet solution being the default, except for Internet missing layers. Presentation and session layers may be implemented along various architectural approaches (hopefully better than the user application layer). Please remember that the ML-DNS (as introduced at the IETF WG-IDNABIS and IPPv6 as discussed with the IPv6 TF and others) are part of this attempt to consolidate a more efficient, stable and secure usage if the as is old internet.

Please note that the WG-DNSEXT is the place where to get real serious info on DNSSEC and WG-IDNABIS on IDNA. ICANNDNASSEC is the same kind of technopoliticalegalogy as gTLDs. It only shows that when sales, lawyers, and politics without the users make very poor buyers.
jfc








<<< Chronological Index >>>    <<< Thread Index >>>