[governance] Draft Workshop Report -- DNS forum @ Athens

Milton Mueller mueller at syr.edu
Thu Nov 2 01:37:08 EST 2006 

Thanks DM! Here's my summary which is probably too long to read all of
but will go into the official report. If anyone thinks I missed
something please let me know.

Workshop Report
New Technical and Policy Challenges in DNS Root Zone Management

The panelists and audience vigorously aired conflicting views on the
political, economic and technical issues raised by management of the DNS
root zone file. The panelists and audience all seemed to agree that this
topic was "the elephant in the room" and that it was time to discuss
it openly. 

On the issue of unilateral control by the U.S. government, some felt
that the situation was tolerable as long as the arrangements are stable
and the root server operators have one clear authoritative source for
the root zone file. They also mentioned the risk of losing coordination
in a move to a new arrangement, stressing the need for caution. Those
willing to tolerate the status quo did acknowledge, however, the
possibility of an arbitrary unilateral action that could strain or break
down global coordination. The discussion explored the potential benefits
and dangers of a move to multi-lateral or internationalized root zone
file management. One panelist offered a detailed proposal to
internationalize root oversight and argued that it would remove a huge
distraction from the ICANN regime and improve stability; another argued
that whatever new arrangements are adopted must give excluded developing
countries a voice in the regime; others complained that such a change
would bring destructive intergovernmental conflict into a domain that
should be governed by commercial and technical criteria. 

DNSSEC is a new IETF standard that uses public-key cryptographic
signatures to ensure the integrity and authenticity of DNS data. DNSSEC
implementation would affect root zone file management because one must
decide who will sign the root and who will hold the encryption keys. It
is possible to implement DNSSEC without signing the root, but that would
create only "islands of trust" in specific TLDs, posing many key
management and rollover problems for those who tried to use DNSSEC at
lower levels. Such problems would undermine DNSSEC's cost-benefit
calculus and possibly prove fatal to efforts to gain acceptance.
Registrars lack economic incentives to adopt it on their own. 

A panelist noted progress in ICANN's ccNSO toward automation of
routine changes in the root zone file. 


>>> declan at well.com 11/1/2006 8:51:17 PM >>>
So I was sitting in the back of the DNS/root server workshop at Athens

and just wanted to say that Milton did a terrific job. Imagine that, an

on-topic discussion. :)

-Declan

____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org 
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org 

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance

More information about the Governance mailing list