North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: wrt joao damas' DLV talk on wednesday

  • From: william(at)elan.net
  • Date: Mon Jun 12 18:50:50 2006


On Mon, 12 Jun 2006, Randy Bush wrote:

    what is the security policy that isc plans to use over the
    content of the isc dlv registry?  and how will the dvl trust
    key roll-over and revocation be handled?
if the above can not be very clearly answered (by isc?), then this
proposal is techno-political hubris at best.
yes, or an interesting proof-of-concept that can be taken-up and
completed by someone else.
actually, i suspect that the issues of dlv are exactly those of
iana root signing, key management and tld signature policy.  and
hence dlv is hoisted on the same petard it attempts to avoid, and
then devolves to a simple power play of isc vs iana with neither
having a good answer to the real technical and security issues.
Unless I misunderstood the issues are not some-kind of power-play but
that in order to use DNSSEC right now you need to be within the zone/TLD that itself is using DNSSEC and these are almost non-existent right now with zone maintainers unwilling to take necessary financial and other risks associated with upgrading to fully support DNSSEC. So DLV offers potential for individual domain owners to start using DNSSEC without waiting for the registry operator of their domain's TLD or SLD.

This seems good to me and I'm happy ISC as non-profit organization
is taking the initiative as I don't want the same situation as was
with domains and certificates at the end of 1990s where profit-driven companies were acting as virtual monopoly in domain business.

--
William Leibzon
Elan Networks
william@elan.net