[discuss] cgi.br release regarding Brazil Global MSM on Internet Governance

S Moonesamy sm+1net at elandsys.com
Tue Jan 14 10:13:48 UTC 2014

At 00:31 14-01-2014, parminder wrote:
>by our friend Milton.

Please note that this is an individual comment.

Thanks for the references.  The conclusion from the article written 
by Mr Kuerbis and Mr Muller has the following conclusion:

   "The widespread deployment of DNSSEC could make the Internet more secure,
    increasing the integrity and source authentication of DNS queries and
    responses, and preventing some disruptive or criminal acts. A critical
    aspect of deploying DNSSEC is the addition of resource records for each
    TLD and digitally signing the root zone file. To accomplish this, changes
    in root zone file management must be made if there is to be a manageable
    number of trust anchors for DNSSEC. A root signing procedure which includes
    multiple, but limited number of Root Key Operators provides an opportunity
    to distribute authority without the risks of multi-lateralization.  This
    redesign provides an opportunity to phase out increasingly controversial
    national government oversight in favor of trusted nongovernmental actors."

The above recommends:

   (i)  Phasing out controversial national government oversight.

   (ii) Distributed authority and oversight by nongovernmental actors.

by having several trust anchors for DNSSEC.

>And despite writing this, while he advocates for the root to be 
>freed from US's executive authority, he is not ready to also free it 
>from US's legal and legislative authority.... Just freedom from 
>executive authority has little meaning, because not only a law can 
>be created by the US establishment at any time to do whatever it 
>needs to do in its national interest, there are existing laws that 
>can any time be used to interfere with the root, for instance, 
>enabling laws related to the Office of Foreign Assets Control (a 
>foreign gTLD or ccTLD is of course a foreign asset 'in the US').

For what it is worth, the (DNS) Root zone was (DNSSEC) signed in 2010 
[1].  I can understand that there is a concern about a country doing 
whatever it needs to do in its national interest.  The two articles 
were written in 2007.  The analysis might have to be updated as it 
was done prior to the Root zone being signed.

S. Moonesamy

1. http://www.ietf.org/mail-archive/web/ietf/current/msg62541.html  

More information about the discuss mailing list