In message <874c02a20905311802r2b9b4544j374bb374eb7a7ee4@xxxxxxxxxxxxxx>, Joe Baptista writes: > DNSSEC indeed violates the end to end principle. It's simply that simple. > And it asks us to put our trust in the root a.k.a. ICANN. I don't think > governments world wide are going to put their trust and faith in ICANN. The > U.S. Government is the only government that has been bamboozled into > adopting DNSSEC into .gov infrastructure. > > I wonder how President Obama would feel about handing over the keys to U.S. > Government infrastructure to a U.S. contractor. I'd have trouble sleeping > at night if that was the case. > > I've addressed this at length in my comments to the NTIA. > > http://www.ntia.doc.gov/DNS/comments/comment034.pdf > > If the U.S. government wants DNSSEC today then it must nationalize the > roots. I don't even trust Vixie with the root. I remember when he hijacked > the root with Postel. Or as they put it "we were only running an > experiment". > > In any case the new infrastructure campaign demands U.S. government roots be > set up to exclusively serve U.S. network infrastructure. > > regards > joe baptista > > p.s. If you want to secure the DNS end to end - think DNSCurve - not DNSSEC. > > http://dnscurve.org/ DNSCurve has exactly the same trust issues as DNSSEC does. You are trusting the parent to give you a secure introduction to the child. The introduction is just encoded differently. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@xxxxxxx _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf