[governance] "Oversight"

John Curran jcurran at istaff.org
Mon Jun 4 15:23:13 EDT 2012 

On Jun 4, 2012, at 11:30 AM, Norbert Bollow wrote:

> As long as DNSSEC is not changed from its current specification, I
> agree.
> 
> However the DNSSEC specification could be changed to allow for
> several logically independent signatures per zone, each of
> which can be present or not, with the semantics that the zone shall be
> considered validly signed if more than half of the expected signatures
> are there.

I do not believe that DNSSEC needs to be changed to accomplish an
outcome very similar to what you propose (i.e. a requirement for 
multiple independent parties to concur with the change), but I would
defer to David Conrad to better describe the functioning of the DNSSEC 
Trusted Community Representatives as I believe he was formally part
of its design team.

> For the root zone I would then propose that it would be reasonable
> to have five root zone signing keys.
> 
> Each of those root zone signing keys would be entrusted to an
> organization on a different continent, with these five organizations
> chosen to be as trustworthy as possible, and as independent of each
> other as possible, and each protected as well as possible by means of
> a suitable host country agreement from legal demands to act contrary
> to the agreed procedures for root zone management.

Actually, something quite similar is already in place:
   
   http://www.root-dnssec.org/tcr/

FYI,
/John

Disclaimers:  My personal views only.  In case of Internet policy 
conflagration, do not use attempt to use top-down governance 
structures but instead proceed in a brisk multi-stakeholder fashion 
to the nearest open forum.


-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t

More information about the Governance mailing list