Phillip Hallam-Baker wrote: > > It is now generally accepted that PEM was undeployable because the > single root model is not workable. Nobody was going to trust IANA as > the ultimate root of trust, nor were they going to trust RSA. > > ICANN has accepted responsibility for the DNS infrastructure. > Unfortunately they don't seem to understand what that means for their > interactions with the IETF. At the very least, ICANN needs to be > issuing operational requirements documents that itemize the protocol > support that is required for deployment. The real problem is that a lot of people attribute too much trust of all the wrong kind into a security architecture, creating a huge pile of flawed assumptions -- that is neither appealing nor robust, so there is little surpise when it fails in the marketplace. DNSsec should _NOT_ do anything besides confirming the assignment/lease of DNS zones to lessees. Any kind of trust decision by applications based on DNS delegation of zones is completely inappropriate. The signature on a DNS zone is the result of a contract between the organization that adminstrates a zone to lessees/subscribers for delegated subdomains, nothing else. It is a simple technical fact that the DNS zones are technically organized in a hierarchical fashion and that administrators of a zone can delegate adminstration of subdomains to others. DNSsec will hopefully make the insertion of fake data into DNS zones more difficult, but it will not make Cybersquatting or disputes about domain ownership/assignment go away. DNSsec is technically still DNS, after all. Which DNS domains actually belong to specific state, corporate or private entites is an entirely seperate question, and no application should ever confuse the authority to delegate DNS domains with authority to "certify" legal entities (governmental,corporate or private). If the .com registry leases&delegates the domain "ietf.com" to somebody, that does not imply that this somebody therefore represents the Internet Engineering Task Force (IETF). and any kind of assumption within applications to that effect are fatally flawed. All of the existing security protocols are using a different trust model already (like TLS), and I do _not_ think that existing trust models (independent of how broken the TLS trust model with >100 preconfigured and completely interchangable trusted roots is) should be piggy-backed onto, or keyed from DNSsec, ever. -Martin _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf