wrt joao damas' DLV talk on wednesday
william(at)elan.net
william at elan.net
Mon Jun 12 22:49:45 UTC 2006
On Mon, 12 Jun 2006, Randy Bush wrote:
>>> what is the security policy that isc plans to use over the
>>> content of the isc dlv registry? and how will the dvl trust
>>> key roll-over and revocation be handled?
>>> if the above can not be very clearly answered (by isc?), then this
>>> proposal is techno-political hubris at best.
>> yes, or an interesting proof-of-concept that can be taken-up and
>> completed by someone else.
>
> actually, i suspect that the issues of dlv are exactly those of
> iana root signing, key management and tld signature policy. and
> hence dlv is hoisted on the same petard it attempts to avoid, and
> then devolves to a simple power play of isc vs iana with neither
> having a good answer to the real technical and security issues.
Unless I misunderstood the issues are not some-kind of power-play but
that in order to use DNSSEC right now you need to be within the zone/TLD
that itself is using DNSSEC and these are almost non-existent right now
with zone maintainers unwilling to take necessary financial and other
risks associated with upgrading to fully support DNSSEC. So DLV offers
potential for individual domain owners to start using DNSSEC without
waiting for the registry operator of their domain's TLD or SLD.
This seems good to me and I'm happy ISC as non-profit organization
is taking the initiative as I don't want the same situation as was
with domains and certificates at the end of 1990s where profit-driven
companies were acting as virtual monopoly in domain business.
--
William Leibzon
Elan Networks
william at elan.net
More information about the NANOG
mailing list