This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[dns-wg] NTIA NoI: does anyone care?

Previous message (by thread): [dns-wg] NTIA NoI: does anyone care?
Next message (by thread): [dns-wg] NTIA NoI: does anyone care?

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kim Davies kim.davies at icann.org
Wed Oct 15 17:36:09 CEST 2008

On 15/10/08 8:05 AM, "bmanning at vacation.karoshi.com"
<bmanning at vacation.karoshi.com> wrote:
>
>         both ICANN and Verisign are claiming that placing all
>         the zone creation, change and publication should be
>         with the same organization that creates, hold and
>         uses the digital signatures attesting to the integrity
>         of the zone data.
>
>         in local parlance, this is the functional equivalence
>         of the fox watching the hen house.

Sorry Bill, but I don't see how this analogy works at all. How does an
uninvolved third party attest the integrity of the data in the root zone? In
a DNSSEC-signed world, the ICANN/VeriSign/NTIA troika would presumably still
be responsible for the content of the root zone.

If we are talking about analogies, I want the md5sum or PGP signature
testifying a software package is not tampered with to be generated as close
as possible to when the author created the tar file, not by third parties
after it had passed through multiple hands.

kim

Previous message (by thread): [dns-wg] NTIA NoI: does anyone care?
Next message (by thread): [dns-wg] NTIA NoI: does anyone care?

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ dns-wg Archives ]