Re: [ga] ICANN's DNSSEC Proposal

[JFC Morfin <jefsey@xxxxxxxxxxxxxxxx>]

At 02:45 09/10/2008, Danny Younger wrote:
> In an article at wired.com a pointer is provided to ICANN's 
> unpublished DNSSEC proposal (and if you recall, the DOC put a gag 
> order on ICANN not to discuss this proposal)...
> The pointer is 
> here: 
> http://blog.wired.com/27bstroke6/files/DRAFT-ICANN_DNSSEC_proposal_20080915.pdf
> The wired.com article is 
> here:  http://blog.wired.com/27bstroke6/2008/10/feds-take-step.html
> The gag order is 
> here:  http://www.icann.org/correspondence/baker-to-twomey-09sep08.pdf
Danny,
we had a discussion on the Euralo list about DNSSEC technopolitical 
issues. If there is a chance to establish the necessary trust between 
the DNS securisation system manager and the users:
1) this systems is to convince Internet lead users that is has more 
technical pros than cons, the same for political issues.
2) ALAC, as its concerned representative, has the first role to play 
on behalf of the user community.
jfc


Note: some @large recent debates show that several systems should be 
deployed in parallel, at least for testing purposes (intertest).
- DNS (as it is today)
- DNSSEC
- DNSCurve
- IPv6 DNS

and that possibly the real interest of DNSSEC would be to use the DNS 
as a bad but secured alternative for missing DDDS. IMHO network 
security is the missing element and the need is for more work there 
for secure presentation/session layers.
This belongs to the "Internet Plus" concept being under discussion 
and the presentation location is under discussion with IETF and IAB 
through my ongoing appeals and work through the ATLARGE structure I 
had to revive due to the on-going attitude of Staff. PLUS stands for 
"parallel layers users' systems", where there can be a diversity of 
interoperable solutions being used at any layer (extended to 
infrastructure and usage), the Legacy Internet solution being the 
default, except for Internet missing layers. Presentation and session 
layers may be implemented along various architectural approaches 
(hopefully better than the user application layer). Please remember 
that the ML-DNS (as introduced at the IETF WG-IDNABIS and IPPv6 as 
discussed with the IPv6 TF and others) are part of this attempt to 
consolidate a more efficient, stable and secure usage if the as is 
old internet.
Please note that the WG-DNSEXT is the place where to get real serious 
info on DNSSEC and WG-IDNABIS on IDNA. ICANNDNASSEC is the same kind 
of technopoliticalegalogy as gTLDs. It only shows that when sales, 
lawyers, and politics without the users make very poor buyers.
jfc