Hands-off DNS root zone security proposal
Olaf M. Kolkman
olaf at NLnetLabs.nl
Thu Nov 24 15:06:46 EST 2005
Namedroppers dropped.
On Nov 24, 2005, at 21:06 , Thierry Moreau wrote:
>
> Basically, the overseeing organization (ICAO as a treaty
> organization / ICANN as a domain manager overseeing TLDs) merely
> collects public key information from its constituency ("member
> states" for ICAO / TLD managers for ICANN), puts it together in a
> computer file, and makes it available to the public (ICAO Public
> Key Directory / ICANN "TLD TAK-i file" explained below). No
> digital signature by the overseeing organization, hence little
> mixed signals about the overseeing organization operational
> liability implied by a "digital signature."
;-)
I know one overseeing individual that could collect all keys and
distribute them without taking into account the problems with
liabilities implied by a "digital signature", he currently also
happily sign the root. And by the way, he just sold the Internet to
the ITU (http://bert.secret-wg.org/Stars/)
;-)
Seriously if ICANN would be collecting trust-anchors keys I rather
see them published in the DNS than on a secured web page.
--Olaf
-----------------------------------------------------------
Olaf M. Kolkman
NLnet Labs
http://www.nlnetlabs.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 227 bytes
Desc: This is a digitally signed message part
Url : http://dnssec-deployment.org/pipermail/dnssec-deployment/attachments/20051124/a1049930/attachment.bin
More information about the Dnssec-deployment
mailing list