ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

[ga] Working Around Slow US Gov. On DNS Security

  • To: Ga <ga@xxxxxxxxxxxxxx>
  • Subject: [ga] Working Around Slow US Gov. On DNS Security
  • From: "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>
  • Date: Tue, 24 Feb 2009 00:40:57 -0800

All,

  As a very important FYI, see:

Last fall, the US government sought comments from
industry about how better to secure the Internet by deploying DNSSEC on
the root zone. But it hasn't taken action since then. Internet policy
experts anticipate further delays because the Obama Administration
hasn't appointed a Secretary of Commerce yet, the position that oversees
Internet addressing issues. Meanwhile, the Internet engineering
community is forging ahead with a stopgap to
http://www.networkworld.com/news/2009/022309-dns-security.html?hpg1=bn
allow DNSSEC deployment without the DNS root zone being signed. Known
as a Trust Anchor Repository, the alternative was announced by ICANN
last week and has been in testing since October.

  Note: this is being discussed with other "Lookaside" options on
the IETF's Namedroppers list  http://ops.ietf.org/lists/namedroppers/ .
So far seems that there will be more than one option for legacy
DNS/TLD's, the other not mentioned in the article above being 
offered/provided by ISC, for those that trust the ISC.  Given ISC's 
sketchy history with keeping Bind ahead of the security curve, that 
option may be considered questionable by some.  Seems also to me that
this gives other root structures a very unique opertunity should 
such care to take advantage of it.

  For those of you that have been around long enough, the same old
battle is raging as to the Trustworthy aspects that was discussed here
on this forum some 5 years ago.  FWIW, it seems rather amazing from
my point of view why the same old arguments are revisited with some
different players and some of the same players, myself included.  Yet
there has at least been progress towards a solution that has recognized
the need or preference for DNSSEC and it's extension to other levels.

Regards,

Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln
"YES WE CAN!"  Barack ( Berry ) Obama

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
My Phone: 214-244-4827



<<< Chronological Index >>>    <<< Thread Index >>>