ietf
[Top] [All Lists]

Re: NTIA request for feedback on DNSSEC deployment at the root zone

2008-10-13 16:49:28
On 2008-10-10 18:39, Thierry Moreau wrote:


Brian E Carpenter wrote, to multiple mailing lists of which
ietf(_at_)ietf(_dot_)org is the only relevant as far as I am individually 
concerned:

On 2008-10-10 03:50, Olaf Kolkman wrote:

There are links to a number of process flow diagrams that may interest
you.

For easy accessibility of those links see:
http://www.ntia.doc.gov/DNS/DNSSEC.html


I don't think we should endorse in any way the implication that
the NTIA or any other part of the US (or any other) government
gets to decide about this. So I suggest that any formal reponse
from the IAB or IESG should be very clear that this is a decision
for the community to take and implement.


Wow, that's a late wake up call! The legaleese that binds ICANN to the
US government has been around since ICANN inception. 

Many people objected to it strongly from the start, and said so. This
is hardly a new point.

...It's this very
legaleese that makes the US government the ultimate "permission" gate
needed for DNSSEC root deployment.

If ICANN had been set up in another country, as many people proposed
at the time, this argument would certainly have failed.


That being said, it's obviously a very desirable thing to do,
and government encouragement seems welcome. I can't comment
on which of the detailed proposals is technically best.


This inability makes sense to me, because the IETF (if I'm correct, your
contributions are mainly supportive of the IETF-IESG "progress" - i.e.
effectiveness, influence, assertions of legitimacy and
representativeness, and why not, power) didn't challenge the ICANN-US
governemnt-Verising position in DNS operational issues.

That's true; the IETF is not in the business of operating the Internet.
But that doesn't preclude the IETF, or its participants, having
a *technical* opinion about the mechanics of signing the root. My
message was asking that we don't endorse the "political" situation
while making technical comments.

...In other words,
the IETF has not been concerned (beyond relatively minor activity in
dnsop wg) with the ICANN mission, which is multi-faceted.

See Stephane's response. Also, the IAB has communicated with NTIA
on various occasions about ICANN's mission.


Like it or not, civil servants somewhere in an office called NTIA are
faced with the task of deciding about these (boring but required) DNSSEC
KSK scenarios. 

Actually they have another option, which is to leave ICANN alone
to take the technical decisions for technical reasons, including
getting advice from the IETF if they want.

   Brian

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf