[dns-wg] NTIA NoI: does anyone care?
Kim Davies kim.davies at icann.org
Wed Oct 15 17:36:09 CEST 2008
On 15/10/08 8:05 AM, "bmanning at vacation.karoshi.com" <bmanning at vacation.karoshi.com> wrote: > > both ICANN and Verisign are claiming that placing all > the zone creation, change and publication should be > with the same organization that creates, hold and > uses the digital signatures attesting to the integrity > of the zone data. > > in local parlance, this is the functional equivalence > of the fox watching the hen house. Sorry Bill, but I don't see how this analogy works at all. How does an uninvolved third party attest the integrity of the data in the root zone? In a DNSSEC-signed world, the ICANN/VeriSign/NTIA troika would presumably still be responsible for the content of the root zone. If we are talking about analogies, I want the md5sum or PGP signature testifying a software package is not tampered with to be generated as close as possible to when the author created the tar file, not by third parties after it had passed through multiple hands. kim
[ dns-wg Archives ]