Phillip Hallam-Baker <hallam(_at_)gmail(_dot_)com> wrote:
> I think the US executive branch would be better rid of the control
> before the
> vandals work out how to use it for mischief. But better would be to
> ensure that
> no such leverage exists. There is no reason for the apex of the DNS to
> be a
> single root, it could be signed by a quorum of signers (in addition to
> the key
k-of-n signing for the DNSSEC root was talked about by many, including Tatu
Ylonen back in 1996...
I have an alternate proposal: every country's ccTLD should sign the root,
and/or the other TLDs. That actually hands control of the DNS root back
to the legislatures in each country. True: some countries might have
perverted notions of what belongs in the root, and we might get different
views of the Internet. But, this happens already using a variety of
wrong mechanisms that cause harm to the Internet.
Better they do this using good crypto, than that they do this by trying to
subvert the (US-controlled) crypto.
--
Michael Richardson <mcr+IETF(_at_)sandelman(_dot_)ca>, Sandelman Software Works
pgp5JbBAORHl9.pgp
Description: PGP signature