[governance] Re: Draft Workshop Report -- DNS forum @ Athens
Brenden Kuerbis
bnkuerbi at syr.edu
Tue Nov 7 13:20:36 EST 2006
Stephane Bortzmeyer wrote:
> On Thu, Nov 02, 2006 at 01:37:08AM -0500,
> Milton Mueller <mueller at syr.edu> wrote
> a message of 70 lines which said:
>
>
>> It is possible to implement DNSSEC without signing the root, but
>> that would create only "islands of trust" in specific TLDs,
>>
>
> This is no longer true since DLV
> (http://www.isc.org/index.pl?/about/press/?pr=2006032700).
>
Yes, it is correct that DLV (DNS Lookaside Validation) makes it
technically possible to deploy DNSSEC without signing the actual root
zone file. It also my understanding that DLV retains the idea of a
single key which could be used to sign lower zones, thereby avoiding the
"islands of trust" issue. However, the DLV solution merely substitutes
one "trusted" party controlling the private key (i.e., ISC or some other
organization) for others (i.e., IANA/DoC/ICANN/VeriSign). IMO, DLV
itself does not solve the governance problem of providing transparency
and accountability in key operational procedures at the DNSSEC "root,"
wherever it may be.
Best,
Brenden
Brenden Kuerbis, Operations Dir.
Internet Governance Project
http://internetgovernance.org
____________________________________________________________
You received this message as a subscriber on the list:
governance at lists.cpsr.org
To be removed from the list, send any message to:
governance-unsubscribe at lists.cpsr.org
For all list information and functions, see:
http://lists.cpsr.org/lists/info/governance
More information about the Governance
mailing list