[discuss] cgi.br release regarding Brazil Global MSM on Internet Governance
S Moonesamy
sm+1net at elandsys.com
Tue Jan 14 10:13:48 UTC 2014
Hello,
At 00:31 14-01-2014, parminder wrote:
>See
>http://www.internetgovernance.org/2007/09/10/the-politics-of-dnssec-the-light-begins-to-dawn-at-ietf/
>
>http://www.internetgovernance.org/wordpress/wp-content/uploads/SecuringTheRoot.pdf
>
>by our friend Milton.
Please note that this is an individual comment.
Thanks for the references. The conclusion from the article written
by Mr Kuerbis and Mr Muller has the following conclusion:
"The widespread deployment of DNSSEC could make the Internet more secure,
increasing the integrity and source authentication of DNS queries and
responses, and preventing some disruptive or criminal acts. A critical
aspect of deploying DNSSEC is the addition of resource records for each
TLD and digitally signing the root zone file. To accomplish this, changes
in root zone file management must be made if there is to be a manageable
number of trust anchors for DNSSEC. A root signing procedure which includes
multiple, but limited number of Root Key Operators provides an opportunity
to distribute authority without the risks of multi-lateralization. This
redesign provides an opportunity to phase out increasingly controversial
national government oversight in favor of trusted nongovernmental actors."
The above recommends:
(i) Phasing out controversial national government oversight.
(ii) Distributed authority and oversight by nongovernmental actors.
by having several trust anchors for DNSSEC.
>And despite writing this, while he advocates for the root to be
>freed from US's executive authority, he is not ready to also free it
>from US's legal and legislative authority.... Just freedom from
>executive authority has little meaning, because not only a law can
>be created by the US establishment at any time to do whatever it
>needs to do in its national interest, there are existing laws that
>can any time be used to interfere with the root, for instance,
>enabling laws related to the Office of Foreign Assets Control (a
>foreign gTLD or ccTLD is of course a foreign asset 'in the US').
For what it is worth, the (DNS) Root zone was (DNSSEC) signed in 2010
[1]. I can understand that there is a concern about a country doing
whatever it needs to do in its national interest. The two articles
were written in 2007. The analysis might have to be updated as it
was done prior to the Root zone being signed.
Regards,
S. Moonesamy
1. http://www.ietf.org/mail-archive/web/ietf/current/msg62541.html
More information about the discuss
mailing list