This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] NTIA NoI: does anyone care?
- Previous message (by thread): [dns-wg] NTIA NoI: does anyone care?
- Next message (by thread): [dns-wg] NTIA NoI: does anyone care?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Kim Davies
kim.davies at icann.org
Wed Oct 15 17:36:09 CEST 2008
On 15/10/08 8:05 AM, "bmanning at vacation.karoshi.com" <bmanning at vacation.karoshi.com> wrote: > > both ICANN and Verisign are claiming that placing all > the zone creation, change and publication should be > with the same organization that creates, hold and > uses the digital signatures attesting to the integrity > of the zone data. > > in local parlance, this is the functional equivalence > of the fox watching the hen house. Sorry Bill, but I don't see how this analogy works at all. How does an uninvolved third party attest the integrity of the data in the root zone? In a DNSSEC-signed world, the ICANN/VeriSign/NTIA troika would presumably still be responsible for the content of the root zone. If we are talking about analogies, I want the md5sum or PGP signature testifying a software package is not tampered with to be generated as close as possible to when the author created the tar file, not by third parties after it had passed through multiple hands. kim
- Previous message (by thread): [dns-wg] NTIA NoI: does anyone care?
- Next message (by thread): [dns-wg] NTIA NoI: does anyone care?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]