Re: [ga] Re: "political advantage"

[Rick H Wesson <wessorh@ar.com>]

Sandy,

On Mon, 17 Sep 2001, Sandy Harris wrote:

> Mike Roberts wrote:
>
> > Life at ICANN isn't going to be the same either.  Given the military
> > mindset and anti-terrorist measures in Washington and other capitals,
> > there is going to be a much greater stress on operational oversight
> > of the DNS, on stability and on synchronization with related Internet
> > security steps.
>
> The obvious question there would be what steps ICANN will take to get
> secure DNS widely deployed quickly.

ouch, the IETF has been working hard on this for years, what makes you
think ICANN can do it.

> One reference site is:
> http://www.toad.com/dnssec/index.html

yea, I used to live a few blocks from Jon while he write the BSafe
implementation for DNSSEC. That information is a bit dated. do you know
how long it takes to sign the .COM zone? do you know how much memory a
gtld-server for .com, .net, and .org would have to be? Do you know the
security holes that would be created if one pushed out DNSSEC for .COM?

> A closely related, and I think important, question is how the signing
> of zones will work. Methinks there's a risk Verisign will try to tie
> the whole thing to their technology, acquire a big new market. This is
> understandable, but not a good idea.

yes, we have alot to learn. sounds like we need to hold a workshop about
DNSSEC at the ICANN meeting.

> Methinks this raises some policy issues for ICANN.

umm, I'd suggest the IETF not ICANN. Just because security is the catch
word of the day doesn't mean we are expert enought to make decisions about
any of it.

-rick


--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html