NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: DNS Scaling issues
From:
Milton L Mueller <[log in to unmask]>
Reply To:
Milton L Mueller <[log in to unmask]>
Date:
Mon, 26 Oct 2009 22:14:33 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (13 lines) 
> 
> The root must be signed.

I am moving to the conclusion that the root should not be signed. The crypto-politics involved are increasingly complex and scary, and the root is already too much of a political football. DNSSEC just makes the whole DNS that much more rigid, complex and contentious. 

Anyway, in terms of priorities, DNSSEC comes at the end of the list in my book; it imposes the greatest burden on the root, it poses the greatest risks for a fairly small amount of added security. 

Most of the enormous security problems we have on the Internet today will not be improved by DNSSEC implementation at the root. And many of the advantages of DNSSEC can be gained at the TLD level without signing the root.

IPv6 migration is far more important technically; new IDN gTLDs are more important economically.

My 100 won

ATOM RSS1 RSS2