At 20:51 31/03/2010, McTim wrote:

I don't see how ICANN has to answer to you (or to anyone) for any random MiM attack.

ICANN is in charge of the DNS operational stability. Either it is insured, or it is not. If it is not, - its duty to its TLD operators is to ask the IETF a solution, and possibly to spur a response in calling for (1) a private study (2) a report to the GAC calling upon Governments to finance the corresponding R&D (cf. IAB RFC 3869). - our own @large duty is to consider the best solution we may advise to our fellow users. This solution turns out being in line with the architectural precisions introduced through the IDNA example by the IESG for which I am provoking the necessary IAB guidance through an appeal. This should further on lead to a continuation of RFC 1959 and 3439 about the Internet architecture (roughly the precision is that once reached a given threshold diversity cannot be supported by bandwidth increase but by (partly DNS embedded) metadata exchanges between user side metaprocessors). Joe's advise of running his/her own root, is also the conclusion of the DNS-Operations people. This is also a part of the IUCG (Internet @larges at the IETF) investigated "Interplus" Internet Use Interface (IUI) architecture. However, the IUI implications also depend on other on-going IAB work. So, it is only fair for us to presently work on prototyping and testing, and reporting to the IAB. Definitly our Internet lead users' point of view is that DNSSEC is an operational no go for us and would bring us no additional protection. This POV aslo seem to be shared by some DNSops contributors. Best jfc