LISTSERV - NCSG-DISCUSS Archives

NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU

	LISTSERV Archives
	NCSG-DISCUSS Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Condense Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Sender:	Non-Commercial User Constituency <[log in to unmask]>
X-To:	Jorge Amodio <[log in to unmask]>
Date:	Mon, 26 Oct 2009 22:14:33 -0400
Reply-To:	Milton L Mueller <[log in to unmask]>
Subject:	Re: DNS Scaling issues
From:	Milton L Mueller <[log in to unmask]>
MIME-Version:	1.0
In-Reply-To:	<[log in to unmask]>
Content-Transfer-Encoding:	quoted-printable
Content-Type:	text/plain; charset="us-ascii"
Parts/Attachments:	text/plain (13 lines)

> 
> The root must be signed.

I am moving to the conclusion that the root should not be signed. The crypto-politics involved are increasingly complex and scary, and the root is already too much of a political football. DNSSEC just makes the whole DNS that much more rigid, complex and contentious. 

Anyway, in terms of priorities, DNSSEC comes at the end of the list in my book; it imposes the greatest burden on the root, it poses the greatest risks for a fairly small amount of added security. 

Most of the enormous security problems we have on the Internet today will not be improved by DNSSEC implementation at the root. And many of the advantages of DNSSEC can be gained at the TLD level without signing the root.

IPv6 migration is far more important technically; new IDN gTLDs are more important economically.

My 100 won

ATOM RSS1 RSS2

LISTSERV.SYR.EDU