In message <874c02a20905311802r2b9b4544j374bb374eb7a7...@mail.gmail.com>, Joe
Baptista writes:
> DNSSEC indeed violates the end to end principle. It's simply that simple.
> And it asks us to put our trust in the root a.k.a. ICANN. I don't think
> governments world wide are going to put their trust and faith in ICANN. The
> U.S. Government is the only government that has been bamboozled into
> adopting DNSSEC into .gov infrastructure.
>
> I wonder how President Obama would feel about handing over the keys to U.S.
> Government infrastructure to a U.S. contractor. I'd have trouble sleeping
> at night if that was the case.
>
> I've addressed this at length in my comments to the NTIA.
>
> http://www.ntia.doc.gov/DNS/comments/comment034.pdf
>
> If the U.S. government wants DNSSEC today then it must nationalize the
> roots. I don't even trust Vixie with the root. I remember when he hijacked
> the root with Postel. Or as they put it "we were only running an
> experiment".
>
> In any case the new infrastructure campaign demands U.S. government roots be
> set up to exclusively serve U.S. network infrastructure.
>
> regards
> joe baptista
>
> p.s. If you want to secure the DNS end to end - think DNSCurve - not DNSSEC.
>
> http://dnscurve.org/
DNSCurve has exactly the same trust issues as DNSSEC does.
You are trusting the parent to give you a secure introduction
to the child. The introduction is just encoded differently.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
