Keep in mind the DNS-Sec standards exist and ICANN is even
implementing
some of them. Security of the Domain Name System is being addressed.
This is unfortunately NOT the case.
Despite objections brought by VeriSign, the operators of the .de
registry, the author of BIND and many others the IETF has refused
to allow changes to the DNSSEC protocol to address the problem
of deployment in large zones.
These changes were agreed by the majority of the working group but
blocked by one of the chairs.
Unless the IESG decides to intervene to reverse this situation
ubiquitous deployment of DNSSEC will not be possible using the
IETF approved specification.
There is a lot of work going on in ICANN that concerns the security
of the root servers, but this is from an operations point of view.
There is no DNS security work taking place in ICANN of the sort that
would address the dependency of RMX type schemes.
Regretably the situation is no better with respect to BGP security.
This is going to get fixed, but it will take a couple of years
before either the IESG is forced to back down from its current
position or there is general agreement in the industry that it
is time to take the DNS and BGP standards out of IETF process.
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg