Dmitry, my mail was not technical at all. How does the state of affairs change from today? what are your reaction possibilities and their impact and how do they differ from today's scenario? Does the signing of the root zone actually impede or make harder any of the reactions you would exercise today against, for example, the deletion of a ccTLD from the root zone? is there an analysis of how zone signing changes any of this? Joao On 20/10/2008, at 16:42, Dmitry Burkov wrote:
Joao, to be realistic - the most probable reaction will be refuse to sign with all following consequences. SIDR deployment (as it propsed today) it will be a real problem. DNSSEC deployment will be less problematic but still a problem as it will be used in software more and more.
It also raises an old question about Internet governance and role of USG in this process as will enforce DoC position. Some people for years tried to explain root servers stability and practical independence from any one government now their arguments will fall down. In any of NTIA's proposed scheme it will be under one country regulation and if previously you can imagine partly functional ccTLDs even if zone was changed - now if signature will be invalid/recalled (don't know term in english) it will be more problematic.
When we begin to use digital signatures for infrastructure - may be, we miss the point that this tool is just a reflection of some real world relations and obligations and based on national laws and other lawyer stuff. Putting it on this part of the net we risk to involve all issues from real world.
And all benefits which you mentioned and which I understand and recognize from technical point of view will be non significant.
regards, Dmitry
Joao Damas ?????:
This is an argument that has repeated itself for some time now, with few arguments to back it.
Perhaps those with doubts about how a signed zone might be wielded as a weapon against some party, would be interested in performing an analysis of what the possible reactions are to such an attempt and compare both the actions and their result to today's situation with an unsigned zone. Then for the extra bonus, analyse the benefits of having a signed zone when it is not being wielded as a weapon (assuming the previous analysis actually finds that possibility to be real)
Joao Damas
On 15/10/2008, at 18:41, Dmitry Burkov wrote:
Jim Reid wrote:
Jim, for me it seems - that it will raise governance issues and it is not technical problem - but more political and legal issue. I really worry about potential consequences of all these intentions to deploy on the net some digital signatures based techniques (aka DNSSEC, sidr) It is very risky and can provocate Internet fragmentation. We can try to improve security and stability - but in result we can get totally different Internet - it is like as some kind of Pandora box.
Dmitry
So far there has been no discussion on the list about the NTIA proposals about getting the root signed. I would have hoped someone would have said something by now. Sigh.
Please try to find some time to look at the NTIA's suggestions and if possible send your comments to the list. I think this WG has an obligation to make some sort of "official" response to the NTIA's consultation. After all, we played our part to get the ball rolling by producing the "sign the root" letter to ICANN at the Tallinn meeting. So now that there are some concrete proposals for consideration, I feel the WG should look at them and respond.
I would also welcome suggestions from WG members about how to stimulate a discussion here about the NTIA proposals. Although time has been set aside in the RIPE57 agenda, that won't be enough. The majority of people on this list won't be in Dubai. And besides, it's really the list that should decide the WG's opinion and what action it should take.
Over to you....