On Thu, 24 Jul 2008 17:43:10 PDT, David Conrad said: > On Jul 24, 2008, at 4:24 PM, Tomas L. Byrnes wrote: >> The problem is, once the ICANNt root is self-signed, the hope of ever >> revoking that dysfunctional mess as authority is gone.
> As far as I'm aware, as long as the KSK isn't compromised, changing > the organization who holds the KSK simply means waiting until the next > KSK rollover and have somebody else do the signing. That's true if the ICANN KSK is signed *by some other entity* - that entity can then force a change by signing some *other* KSK for the next rollover. If the ICANN key is self-signed as Tomas hypothesizes, then that leverage evaporates. If
pgpWohl3t8DWO.pgp
Description: PGP signature