Phillip Hallam-Baker wrote:
It is now generally accepted that PEM was undeployable because the
single root model is not workable. Nobody was going to trust IANA as
the ultimate root of trust, nor were they going to trust RSA.
ICANN has accepted responsibility for the DNS infrastructure.
Unfortunately they don't seem to understand what that means for their
interactions with the IETF. At the very least, ICANN needs to be
issuing operational requirements documents that itemize the protocol
support that is required for deployment.
The real problem is that a lot of people attribute too much
trust of all the wrong kind into a security architecture,
creating a huge pile of flawed assumptions -- that is neither
appealing nor robust, so there is little surpise when it fails
in the marketplace.
DNSsec should _NOT_ do anything besides confirming the assignment/lease
of DNS zones to lessees. Any kind of trust decision by applications
based on DNS delegation of zones is completely inappropriate.
The signature on a DNS zone is the result of a contract between
the organization that adminstrates a zone to lessees/subscribers for
delegated subdomains, nothing else. It is a simple technical fact
that the DNS zones are technically organized in a hierarchical fashion
and that administrators of a zone can delegate adminstration of
subdomains to others. DNSsec will hopefully make the insertion of fake
data into DNS zones more difficult, but it will not make Cybersquatting
or disputes about domain ownership/assignment go away. DNSsec is
technically still DNS, after all.
Which DNS domains actually belong to specific state, corporate or
private entites is an entirely seperate question, and no application
should ever confuse the authority to delegate DNS domains with authority
to "certify" legal entities (governmental,corporate or private).
If the .com registry leases&delegates the domain "ietf.com" to somebody,
that does not imply that this somebody therefore represents the Internet
Engineering Task Force (IETF). and any kind of assumption within
applications to that effect are fatally flawed.
All of the existing security protocols are using a different trust model
already (like TLS), and I do _not_ think that existing trust models
(independent of how broken the TLS trust model with >100 preconfigured
and completely interchangable trusted roots is) should be piggy-backed
onto, or keyed from DNSsec, ever.
-Martin
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf