RE: Last Call comment on draft-weiler-dnssec-dlv-iana-00.txt

"Hallam-Baker, Phillip" <pbaker@verisign.com> Thu, 30 August 2007 12:07 UTC

Return-path: <ietf-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IQinl-0005VZ-Is; Thu, 30 Aug 2007 08:07:09 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IQinj-0005V4-70; Thu, 30 Aug 2007 08:07:07 -0400
Received: from robin.verisign.com ([65.205.251.75]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IQinh-00012o-Qx; Thu, 30 Aug 2007 08:07:07 -0400
Received: from MOU1WNEXCN03.vcorp.ad.vrsn.com (mailer6.verisign.com [65.205.251.33]) by robin.verisign.com (8.12.11/8.13.4) with ESMTP id l7UC61gi008684; Thu, 30 Aug 2007 05:06:01 -0700
Received: from MOU1WNEXMB04.vcorp.ad.vrsn.com ([10.25.13.157]) by MOU1WNEXCN03.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 30 Aug 2007 13:07:01 +0100
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Thu, 30 Aug 2007 05:04:33 -0700
Message-ID: <198A730C2044DE4A96749D13E167AD37013A04C2@MOU1WNEXMB04.vcorp.ad.vrsn.com>
In-Reply-To: <0EDC183AE92CF44F57ADC284@p3.JCK.COM>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Last Call comment on draft-weiler-dnssec-dlv-iana-00.txt
Thread-Index: AcfqpdNpYag0iEiJT8+wJBINx5J4MQAVYZww
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
To: John C Klensin <john-ietf@jck.com>, David Conrad <drc@virtualized.org>, Mark Andrews <Mark_Andrews@isc.org>
X-OriginalArrivalTime: 30 Aug 2007 12:07:01.0074 (UTC) FILETIME=[456D6B20:01C7EAFE]
X-Spam-Score: -4.0 (----)
X-Scan-Signature: e1b0e72ff1bbd457ceef31828f216a86
Cc: IETF-Discussion <ietf@ietf.org>, iesg@ietf.org
Subject: RE: Last Call comment on draft-weiler-dnssec-dlv-iana-00.txt
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org

I think that some folk besides myself have to do some wargaming to consider what the political consequences of signing the root might be.

Consider that this is an infrastructure which needs to be robust over a timescale of several decades if not centuries. Consider also the likelihood that whoever is in charge of the root might perform an action that some party might consider a defection over such an extended timescale.

For example, a small but vocal group of voters in the western southern peninsular of state A consider themselves to be political exiles from state B, an island in the vicinity of the peninsular. State A has a particular position of influence over the root and said voters lobby for the exclusion of state B.

If such a thing were to happen today the result would be a temporary fracture of the root followed by the rapid emergence of an alternative root structure that was not subject to abusive influence from state A. The parties have authority but not power. If the root is signed by a unitary entity, that entity has absolute power. A defection cannot be countered by a fracture of the root.


Today scope for defection is kept in balance by the lack of security. The root is ultimately defined by the location to which a particular network provider directs UDP packets with the root server IP address. After signing the root will be defined by the knowledge of the private key corresponding to the widely distributed embedded public key.


Consider the fact that Europe is currently planning to duplicate the GPS satelite system at a cost of several billion dollars despite the fact that the sole point in doing so is to prevent a similar defection on the part of the US. The idea that control of the DNS root will not be subjected to even more considerable geo-political pressure is naïve. In 1995 deployment could have taken place without attracting undue attention, that is not the case today.


So no, I don't think that there will be a unitary signer. The architecture is inherently flawed. Rather than have a single party sign the root we should probably look to a situation where there are multiple signer entities.

> -----Original Message-----
> From: John C Klensin [mailto:john-ietf@jck.com] 
> Sent: Wednesday, August 29, 2007 9:32 PM
> To: David Conrad; Mark Andrews
> Cc: IETF-Discussion; iesg@ietf.org
> Subject: Re: Last Call comment on draft-weiler-dnssec-dlv-iana-00.txt
> 
> 
> 
> --On Wednesday, 29 August, 2007 16:43 -0700 David Conrad 
> <drc@virtualized.org> wrote:
> 
> > If you start mucking about with production services that require 
> > configuration on the part of system administrators (particularly in 
> > the somewhat arcane world of DNSSEC trust anchors), it can become 
> > quite difficult to stop that production service without breaking 
> > stuff.  Is this a place we want to go for a temporary hack?
> 
> David,
> 
> Are you prepared to answer the question as to when the plan 
> for getting the root signed as originally intended (whatever 
> that plan now is) is going to be executed?  
> 
> To an outsider with no particular knowledge of what is going 
> on, the impression is that actual root-signing is receding at 
> approximately one month per month, if not a little more quickly.
> If that were in fact the trend, and it were to continue, then 
> concerns about transition from a DLV-based mechanism to a 
> signed root would be largely irrelevant.  
> 
> Conversely, if there were a definite plan for getting the 
> root signed within, say, the next few months, then it seems 
> to me that even discussing formalizing DLV mechanisms for the 
> root by having IANA create a new registry is a waste of time.
> 
> On the other hand, if there is no realistic plan and 
> schedule, and you don't like Sam's idea, do you have 
> constructive suggestions as to how it can be made acceptable?  
> 
> I do not believe that "we should just wait until the root is 
> signed but are not able to say anything specific about when 
> that might be" is a useful response at this point.  It might 
> have been a plausible position a year ago but, by now,...
> 
>       john
> 
> 
> 
> 
> 
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www1.ietf.org/mailman/listinfo/ietf
> 

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf