NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender:
Non-Commercial User Constituency <[log in to unmask]>
X-To:
Jorge Amodio <[log in to unmask]>
Date:
Mon, 26 Oct 2009 22:14:33 -0400
Reply-To:
Milton L Mueller <[log in to unmask]>
Subject:
From:
Milton L Mueller <[log in to unmask]>
MIME-Version:
1.0
In-Reply-To:
Content-Transfer-Encoding:
quoted-printable
Content-Type:
text/plain; charset="us-ascii"
Parts/Attachments:
text/plain (13 lines)
> 
> The root must be signed.

I am moving to the conclusion that the root should not be signed. The crypto-politics involved are increasingly complex and scary, and the root is already too much of a political football. DNSSEC just makes the whole DNS that much more rigid, complex and contentious. 

Anyway, in terms of priorities, DNSSEC comes at the end of the list in my book; it imposes the greatest burden on the root, it poses the greatest risks for a fairly small amount of added security. 

Most of the enormous security problems we have on the Internet today will not be improved by DNSSEC implementation at the root. And many of the advantages of DNSSEC can be gained at the TLD level without signing the root.

IPv6 migration is far more important technically; new IDN gTLDs are more important economically.

My 100 won

ATOM RSS1 RSS2