[dns-wg] [Ext] Re: DNS4EU?

David Huberman wrote on 15/11/2021 21:31:
> I guess I'm not grokking why you think this kind of regulation would
> have no legal basis when regulators are proposing something very
> similar in eIDAS article 45 (all web browsers must accept CAs which
> we the regulators approve) and in NIS2 for root server operators with
> more than 10 instances. The concept of Trusted Service Providers in
> EU regulations already exists and is already quite powerful.
Mandating specific CAs in a browser - although a remarkably stupid thing 
to do, if that's what's being discussed, and it's not clear from eIDAS 
art. 45 that this is necessary within the terms of that regulation - is 
not the same as hijacking dns resolution services.  There's a gap 
between the two and it's not that small either.

Separately, NISD2 is not yet finalised, nor is it being mandated by 
regulators: it's being written by lawmakers, who have taken root servers 
out of scope of the directive.

In relation to trust service providers, the requirements here relate 
mostly to process management and providing a legal framework in which 
TSPs can operate consistently across multiple countries.  You can't 
really operate a society which depends on electronic trust mechanisms 
without having a legal framework for this.

Nick