[governance] "Oversight"
parminder
parminder at itforchange.net
Wed Jun 6 05:56:25 EDT 2012
On Tuesday 05 June 2012 09:17 PM, David Conrad wrote:
> Ignoring that, there are technical issues relating to the size of signatures that make supporting multiple keys as you suggest quite challenging. Revising DNSSEC to add this capability would likely be quite expensive and I suspect the cost/benefit analysis would imply it would be difficult to get the technical community to revise the specifications, update implementations, and deploy the new code, particularly as all that effort would need to be done to address a non-technical consideration that most in the technical community would view (rightly or wrongly) as political window dressing.
>
>
That exactly is why technical standards development and CIR requires
political oversight. How can, what you call as, the 'technical
community' decide that such a matter of utmost importance to people and
countries outside the US is simply 'political window dressing'. It is
ridiculous. And whose cost/benefit analysis is it? Who decides the
social and political costs and benefits? Whose political and social
interests does this 'technical community', which thinks as you say it
thinks, represent. If they think they are experts in technical matters,
can they, by a similar logic, allow the possibilities that others may
know more than them about social, economic, cultural and political
matters, and the corresponding costs and benefits.
This is a misuse of 'technical power' which really is no technical
power, it is real economic, social and political power masquerading as
technical power, hiding behind technical people and the so called
'technical community' in order to gain some legitimacy, or rather to
avoid the blame of illegitimacy.
And if it is just 'political window dressing' why was the US gov so
interested in asserting that the current DNSSEC model is what it wants,
and none of the possible alternatives. And why does US gov want the IANA
manager to contractually agree that US gov will decide on the chief
security officer for this function... Does this look like matters that
can be called 'political window dressing'.
> However, I might suggest the focus on DNSSEC in this regard is misplaced. As mentioned in a previous note, DNSSEC merely provides the capability to verify that a DNS response hasn't been modified from the point at which the data was signed by the private key holder to the point where it was validated (typically by ISPs). The data first must be created before it can be signed. Once signed it still must be published. Even if the US were to go "rogue", root servers and caches outside the US would hold the pre-rogue root zone and it would be straightforward (technically at least) for a new signing facility to be established in Geneva, Beijing, or wherever else is felt to be more trustworthy.
This suggestion is like beginning to set up a fire department when the
house is on fire. Actors dont go wholesale rogue in the manner you
picture it, neither is such a radical from-the-scratch response possible
in the real world. This is a bit of a technical construction of the
problem and its solution. Actors go rogue in stages, carefully, for
their rogue-ness to be sustainable. As US has been going rogue on IP
related international domain seizures, (and attempting to formalise it
through SOPA), as in the attempt at 'Internet Kill Switch' legislation,
as evident with ACTA, with use of Stuxnet and flame, formalising
un-disclosed security relationships with google, facebook, twitter etc,
with software companies...... What is your criterion for declaring US
gone rogue? And the drastic one time solution you suggest - when the
going-rogue event has taken place - accordingly doesnt happen. The
powerful actor going rogue is too smart for that. (This is also the
simple reason why UG gov's NTIA acts as it does, often looking so much
better to the global audience than many other US gov arms.) At no point
it does anything that makes the cost/ benefit equation for other
powerful players such as to go for really drastic steps, and thus
dominant power gets accepted and established.... Simple socio-political
insights. No rocket science really.
parminder
> The real problems are in how the data to be signed are created, edited, distributed, and published.
>
> Regards,
> -drc
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20120606/452bb0b1/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
governance at lists.igcaucus.org
To be removed from the list, visit:
http://www.igcaucus.org/unsubscribing
For all other list information and functions, see:
http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
http://www.igcaucus.org/
Translate this email: http://translate.google.com/translate_t
More information about the Governance
mailing list