[governance] "Oversight"

David Conrad drc at virtualized.org
Tue Jun 5 11:47:15 EDT 2012 

Norbert,

On Jun 5, 2012, at 3:29 AM, Norbert Bollow wrote:
> David Conrad <drc at virtualized.org> wrote:
>> Out of curiosity, what would constitute "being trustworthy" outside of the
>> technical and externally verifiability of key integrity?
> 
> Technical and external verifiability of key integrity in a way that
> is in addition geographically distributed so that the system would
> still work reliably if any particular country and all people in it
> were to suddenly turn rogue.

Given it is possible for the Trusted Community Representatives to recreate the private key, this capability already theoretically exists, modulo the risk of kidnapping/assassination of TCRs by the "rogue" country.

Ignoring that, there are technical issues relating to the size of signatures that make supporting multiple keys as you suggest quite challenging.  Revising DNSSEC to add this capability would likely be quite expensive and I suspect the cost/benefit analysis would imply it would be difficult to get the technical community to revise the specifications, update implementations, and deploy the new code, particularly as all that effort would need to be done to address a non-technical consideration that most in the technical community would view (rightly or wrongly) as political window dressing.

However, I might suggest the focus on DNSSEC in this regard is misplaced. As mentioned in a previous note, DNSSEC merely provides the capability to verify that a DNS response hasn't been modified from the point at which the data was signed by the private key holder to the point where it was validated (typically by ISPs). The data first must be created before it can be signed.  Once signed it still must be published.  Even if the US were to go "rogue", root servers and caches outside the US would hold the pre-rogue root zone and it would be straightforward (technically at least) for a new signing facility to be established in Geneva, Beijing, or wherever else is felt to be more trustworthy.  The real problems are in how the data to be signed are created, edited, distributed, and published.

Regards,
-drc


-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t

More information about the Governance mailing list