[Dnssec-deployment] National sovereignty, not

Mark Andrews marka at isc.org
Tue Jun 29 21:30:39 EDT 2010 

In message <p06240841c850274eda16@[10.20.30.158]>, Paul Hoffman writes:
> At 9:45 PM +0000 6/29/10, Paul Vixie wrote:
> >what we're seeing here is a failure to communicate.
> >. . .
> >such servers are misconfigured. for a TLD server to be misconfigured in
> >this way is irresponsible on ICANN's part, who should've tested this
> >before adjusting the root zone to contain the respective NS RR. ICANN
> >should also periodically retest, and should have the contractual right
> >to warn privately, warn publically, and then remove after 24 hours any
> >such NS RR, without reference to the national sovereignty of the CCTLD.
> 
> You jumped from TLD to ccTLD ".cat" is not yet a CCTLD. ICANN has, and should
>  have, different relationships with the non-ccTLDs than they do with the ccTL
> Ds.
> 
> And, yes, this is on-topic for the list. The other Paul is suggesting removin
> g NS RRs of zones after they are signed if those zones don't meet ICANN's ope
> rational rules. Such a move, or even ICANN's suggestion of such a move, would
>  have a very negative impact on DNSSEC deployment by causing TLDs to not want
>  to deploy. That has to be weighed against the positive impact of coerced sta
> bility of deployed DNSSEC zones.
> 
> --Paul Hoffman, Director
> --VPN Consortium

I wish parents had the guts to follow though with the complaints
procedures from RFC 1033.   The DNS would be a much better place
if they did.  All of the TLD's are subject to RFC 1033.

Mark

COMPLAINTS

   These are the suggested steps you should take if you are having
   problems that you believe are caused by someone else's name server:


   1.  Complain privately to the responsible person for the domain.  You
   can find their mailing address in the SOA record for the domain.

   2.  Complain publicly to the responsible person for the domain.

   3.  Ask the NIC for the administrative person responsible for the
   domain.  Complain.  You can also find domain contacts on the NIC in
   the file NETINFO:DOMAIN-CONTACTS.TXT

   4.  Complain to the parent domain authorities.

   5.  Ask the parent authorities to excommunicate the domain.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the Dnssec-deployment mailing list