[governance] "Oversight"

parminder parminder at itforchange.net
Wed Jun 6 05:56:25 EDT 2012 


On Tuesday 05 June 2012 09:17 PM, David Conrad wrote:
> Ignoring that, there are technical issues relating to the size of signatures that make supporting multiple keys as you suggest quite challenging.  Revising DNSSEC to add this capability would likely be quite expensive and I suspect the cost/benefit analysis would imply it would be difficult to get the technical community to revise the specifications, update implementations, and deploy the new code, particularly as all that effort would need to be done to address a non-technical consideration that most in the technical community would view (rightly or wrongly) as political window dressing.
>    
>

That exactly is why technical standards development and CIR requires 
political oversight. How can, what you call as, the 'technical 
community' decide that such a matter of utmost importance to people and 
countries outside the US is simply 'political window dressing'. It is 
ridiculous. And whose cost/benefit analysis is it? Who decides the 
social and political costs and benefits? Whose political and social 
interests does this 'technical community', which thinks as you say it 
thinks, represent. If they think they are experts in technical matters, 
can they, by a similar logic, allow the possibilities that others may 
know more than them about social, economic, cultural and political 
matters, and the corresponding costs and benefits.

This is a misuse of 'technical power' which really is no technical 
power, it is real economic, social and political power masquerading as 
technical power, hiding behind technical people and the so called 
'technical community' in order to gain some legitimacy, or rather to 
avoid the blame of illegitimacy.

And if it is just 'political window dressing' why was the US gov so 
interested in asserting that the current DNSSEC model is what it wants, 
and none of the possible alternatives. And why does US gov want the IANA 
manager to contractually agree that US gov will decide on the chief 
security officer for this function... Does this look like matters that 
can be called 'political window dressing'.

> However, I might suggest the focus on DNSSEC in this regard is misplaced. As mentioned in a previous note, DNSSEC merely provides the capability to verify that a DNS response hasn't been modified from the point at which the data was signed by the private key holder to the point where it was validated (typically by ISPs). The data first must be created before it can be signed.  Once signed it still must be published.  Even if the US were to go "rogue", root servers and caches outside the US would hold the pre-rogue root zone and it would be straightforward (technically at least) for a new signing facility to be established in Geneva, Beijing, or wherever else is felt to be more trustworthy.

This suggestion is like beginning to set up a fire department when the 
house is on fire. Actors dont go wholesale rogue in the manner you 
picture it, neither is such a radical from-the-scratch response possible 
in the real world. This is a bit of a technical construction of the 
problem and its solution. Actors go rogue in stages, carefully, for 
their rogue-ness to be sustainable. As US has been going rogue on IP 
related international domain seizures, (and attempting to formalise it 
through SOPA), as in the attempt at 'Internet Kill Switch' legislation, 
as evident with ACTA, with use of Stuxnet and flame, formalising 
un-disclosed security relationships with google, facebook, twitter etc, 
with software companies......  What is your criterion for declaring US 
gone rogue? And the drastic one time solution you suggest - when the 
going-rogue event has taken place - accordingly doesnt happen. The 
powerful actor going rogue is too smart for that. (This is also the 
simple reason why UG gov's NTIA acts as it does, often looking so much 
better to the global audience than many other US gov arms.) At no point 
it does anything that makes the cost/ benefit equation for other 
powerful players such as to go for really drastic steps, and thus 
dominant power gets accepted and established.... Simple socio-political 
insights. No rocket science really.

parminder



>   The real problems are in how the data to be signed are created, edited, distributed, and published.
>
> Regards,
> -drc
>
>
>    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20120606/452bb0b1/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t

More information about the Governance mailing list