ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Last Call comment on draft-weiler-dnssec-dlv-iana-00.txt

2007-08-30 05:09:45
from [Hallam-Baker, Phillip] [Permanent Link] 
I think that some folk besides myself have to do some wargaming to consider 
what the political consequences of signing the root might be.

Consider that this is an infrastructure which needs to be robust over a 
timescale of several decades if not centuries. Consider also the likelihood 
that whoever is in charge of the root might perform an action that some party 
might consider a defection over such an extended timescale.

For example, a small but vocal group of voters in the western southern 
peninsular of state A consider themselves to be political exiles from state B, 
an island in the vicinity of the peninsular. State A has a particular position 
of influence over the root and said voters lobby for the exclusion of state B.

If such a thing were to happen today the result would be a temporary fracture 
of the root followed by the rapid emergence of an alternative root structure 
that was not subject to abusive influence from state A. The parties have 
authority but not power. If the root is signed by a unitary entity, that entity 
has absolute power. A defection cannot be countered by a fracture of the root.


Today scope for defection is kept in balance by the lack of security. The root 
is ultimately defined by the location to which a particular network provider 
directs UDP packets with the root server IP address. After signing the root 
will be defined by the knowledge of the private key corresponding to the widely 
distributed embedded public key.


Consider the fact that Europe is currently planning to duplicate the GPS 
satelite system at a cost of several billion dollars despite the fact that the 
sole point in doing so is to prevent a similar defection on the part of the US. 
The idea that control of the DNS root will not be subjected to even more 
considerable geo-political pressure is naïve. In 1995 deployment could have 
taken place without attracting undue attention, that is not the case today.


So no, I don't think that there will be a unitary signer. The architecture is 
inherently flawed. Rather than have a single party sign the root we should 
probably look to a situation where there are multiple signer entities.


-----Original Message-----
From: John C Klensin [mailto:john-ietf(_at_)jck(_dot_)com] 
Sent: Wednesday, August 29, 2007 9:32 PM
To: David Conrad; Mark Andrews
Cc: IETF-Discussion; iesg(_at_)ietf(_dot_)org
Subject: Re: Last Call comment on draft-weiler-dnssec-dlv-iana-00.txt



--On Wednesday, 29 August, 2007 16:43 -0700 David Conrad 
<drc(_at_)virtualized(_dot_)org> wrote:


If you start mucking about with production services that require 
configuration on the part of system administrators (particularly in 
the somewhat arcane world of DNSSEC trust anchors), it can become 
quite difficult to stop that production service without breaking 
stuff.  Is this a place we want to go for a temporary hack?


David,

Are you prepared to answer the question as to when the plan 
for getting the root signed as originally intended (whatever 
that plan now is) is going to be executed?  

To an outsider with no particular knowledge of what is going 
on, the impression is that actual root-signing is receding at 
approximately one month per month, if not a little more quickly.
If that were in fact the trend, and it were to continue, then 
concerns about transition from a DLV-based mechanism to a 
signed root would be largely irrelevant.  

Conversely, if there were a definite plan for getting the 
root signed within, say, the next few months, then it seems 
to me that even discussing formalizing DLV mechanisms for the 
root by having IANA create a new registry is a waste of time.

On the other hand, if there is no realistic plan and 
schedule, and you don't like Sam's idea, do you have 
constructive suggestions as to how it can be made acceptable?  

I do not believe that "we should just wait until the root is 
signed but are not able to say anything specific about when 
that might be" is a useful response at this point.  It might 
have been a plausible position a year ago but, by now,...

      john





_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IPv6 addresses really are scarce after all, Iljitsch van Beijnum
Next by Date:  Re: IPv6 addresses really are scarce after all, Thomas Narten
Previous by Thread:  Re: Last Call comment on draft-weiler-dnssec-dlv-iana-00.txt, David Conrad
Next by Thread:  Features vs benefits, Hallam-Baker, Phillip
Indexes:  [Date] [Thread] [Top] [All Lists]