This is a discussion on Re: dns hop by hop transaction security for queries - DNS ; Paul, >> How much of the perceived problem is lack of signing by USG in your opin? > > icann can't make a change of this kind to the root zone without permission > from a lot of people, definitely ...
>> How much of the perceived problem is lack of signing by USG in your opin?
> icann can't make a change of this kind to the root zone without permission
> from a lot of people, definitely including its board and USG, probably
> including IAB or IESG, and possibly including its SSAC and RSSAC and GAC
> and ALAC committees. i don't know that USG is the last remaining
> approval, and for that matter i don't know if USG has been asked to
> approve anything.
Sorry, question incorrectly posed. How much of a perceived problem is
lack of signing of the root zone? IE if a magic wand was waved and the
root zone suddenly signed, how much of the problem would that fix? As
I think there may be other spells to cast which would give sufficient
band-aid without the root being signed (not involving ICANN or anyone
else signing the zone).
> suck though it may, we have to deploy dnssec. if icann can't sign the
> root zone then the TLDs and/or everybody else will have to make other
> arrangements, in which roy arends' DLVPTR work could be very important,
> or in which DLV could play a transition role. had we been able to bite,
> chew, and swallow dnssec, we could just use SIG(0) for stubs, and UDPPORT
> / QID predictability would not matter.
I think my question is then "is making other arrangements actually that
> i apologize for not making this case clearly enough when we launched DLV.
> i think most folks were so concerned about DLV being a power/glory grab
> that the merits and justifications and goals just didn't seem to register
> at all.
"... or does it boil down to a similar but different set of political
organisational problems to signing the root?"
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.