[dns-wg] NTIA NoI: does anyone care?
bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Wed Oct 15 17:05:04 CEST 2008
On Wed, Oct 15, 2008 at 10:12:17AM +0100, Jim Reid wrote: > So far there has been no discussion on the list about the NTIA > proposals about getting the root signed. I would have hoped someone > would have said something by now. Sigh. > > Over to you.... rough take: #4 is touted as the offical ICANN postion #5 is touted as the offical Verisign postion both ICANN and Verisign are claiming that placing all the zone creation, change and publication should be with the same organization that creates, hold and uses the digital signatures attesting to the integrity of the zone data. in local parlance, this is the functional equivalence of the fox watching the hen house. options #3 and #6 move the key creation & maintainance along w/ the signing of the zone data to a third party. this type of practice is common, where an auditor or notary validates the presented data. option #6 has the attribute of not having any significant real world deployment - the M of N code and operational practice may not be ready for adoption for such a system. So my general leaning is toward #3 - it provides increased diversity/oversight of the process. --bill
[ dns-wg Archives ]