Exploit for DNS Cache Poisoning - RELEASED

David Conrad drc at virtualized.org
Thu Jul 24 19:43:10 CDT 2008


On Jul 24, 2008, at 4:24 PM, Tomas L. Byrnes wrote:
> The problem is, once the ICANNt root is self-signed, the hope of ever
> revoking that dysfunctional mess as authority is gone.

Sorry, I don't follow -- sounds like FUD to me.  Care to explain this?

As far as I'm aware, as long as the KSK isn't compromised, changing  
the organization who holds the KSK simply means waiting until the next  
KSK rollover and have somebody else do the signing.

> Perhaps the IETF

You mean oh say IANA?

> or DoC

That'll be popular in the international community.

> should sign the root, that way we have a prayer
> of wresting control from ICANN, as opposed to paying a tax, in

> perpetuity, for registration services to an unaccountable, unelected,
> and imperious body?

Registration fees are unrelated to signing the root, but thanks for  
the gratuitous ICANN bashing.  It was missing in this thread -- I was  
wondering when it would show up.

> Some of us don't think the UN/EU/ITU are good models for governance.

Indeed.

> IE: Separation of powers. ICANN/IANA is granted (interim) authority to
> operate, but some other governing body signs.


So you want to increase the role ICANN/IANA has in root zone  
management.  Interesting.

Regards,
-drc





More information about the NANOG mailing list