At 02:45 09/10/2008, Danny Younger wrote:
In an article at wired.com a pointer is provided to ICANN's unpublished DNSSEC proposal (and if you recall, the DOC put a gag order on ICANN not to discuss this proposal)... The pointer is here: http://blog.wired.com/27bstroke6/files/DRAFT-ICANN_DNSSEC_proposal_20080915....
The wired.com article is here: http://blog.wired.com/27bstroke6/2008/10/feds-take-step.html The gag order is here: http://www.icann.org/correspondence/baker-to-twomey-09sep08.pdf
Danny, Please first note that the way some of us see the things from here, is that ICANN tries to use international as a JPA related protection, and that the USG tries to assess the foreign objections to ICANN. For exemple, as you know I am some times noisy about the Staff's continuing attitude against france@large (they still have not sent the French language official answer to our accreditation Feb. request, they promised we would receive before the Paris meeting, so we still cannot appeal). I was very surprised to receive a confirmation request about it. Now, we had a discussion on the Euralo list about DNSSEC technopolitical issues. If there is a chance to establish the necessary trust between the DNS securisation system manager and the users: 1) this systems is to convince Internet lead users that is has more technical pros than cons, the same for political issues. 2) ALAC, as its concerned representative, has the first role to play on behalf of the user community. At 20:09 09/10/2008, Olivier MJ Crepin-Leblond wrote:
I was also present at the meeting in Nice. Several people (some of them are reading this) tried to demonstrate that having another root might not be a very good idea, by referring to RFC2826. Milton Mueller had a presentation argueing that multiple roots could work. At question time, I suggested that ONS should apply for its own top level domain .ONS and work under the DNS root rather than trying to re-invent the wheel. I am not sure if proponents of the alternative ONS root have done their homework & looked at previous attempts in details (AlterNIC etc.) I am not sure whether this & the DOC sollicitation are related.
Something I am sure is every ALAC member should first become familiar with : it is the ICANN reference document on the issue, and carry as we did for two years the kind of experimentation it suggested to IETF: http://www.icann.org/en/icp/icp-3.htm.
----- Original Message ----- From: "Roberto Gaetano" <roberto@icann.org>
I was at the meeting, which was indeed hosted by the EU presidency. One additional piece of information is that at the same meeting, the day before, Eric Besson (French State Secretary for the developement of Digital Economy) had announced the "French root" for the object naming system, as complementary to the one managed by Verisign. Different people might have different opinions on whether the two items are related or not.
france@large has engaged an effort towards a French @large RFID root some times ago : http://perfida.org (the work is subject to selection and non-disclosure agreement at the time being due to the IP mutually disclosed by members). jfc Note: some @large recent debates show that several systems should be deployed in parallel, at least for testing purposes (intertest). - DNS (as it is today) - DNSSEC - DNSCurve - IPv6 DNS and that possibly the real interest of DNSSEC would be to use the DNS as a bad but secured alternative for missing DDDS. IMHO network security is the missing element and the need is for more work there for secure presentation/session layers. This belongs to the "Internet Plus" concept being under discussion and the presentation location is under discussion with IETF and IAB through my ongoing appeals and work through the ATLARGE structure I had to revive due to the on-going attitude of Staff. PLUS stands for "parallel layers users' systems", where there can be a diversity of interoperable solutions being used at any layer (extended to infrastructure and usage), the Legacy Internet solution being the default, except for Internet missing layers. Presentation and session layers may be implemented along various architectural approaches (hopefully better than the user application layer). Please remember that the ML-DNS (as introduced at the IETF WG-IDNABIS and IPPv6 as discussed with the IPv6 TF and others) are part of this attempt to consolidate a more efficient, stable and secure usage if the as is old internet. Please note that the WG-DNSEXT is the place where to get real serious info on DNSSEC and WG-IDNABIS on IDNA. ICANNDNASSEC is the same kind of technopoliticalegalogy as gTLDs. It only shows that when sales, lawyers, and politics without the users make very poor buyers.