On Thu, Aug 28, 2008 at 05:22:17PM +0200, JFC Morfin wrote:
I think we would be really interested to know your opinion on @large oriented whys, cons and pros of DNSSEC vs. other possibilities.
DNSSEC introduces a public key infrastructure. There is a lot of FUD around, but a working DNSSEC provides decentral certification services for free. DNS is capable to hold SSL certificates as well as S/MIME and openPGP keys. That's the main reason for opposing DNSSEC from some industry heavily involved into certification business: They fear to lose their business. This way DNSSEC offers freedom of obtaining certificates in their self managed (sub)domains. Of course, classical certificates are able to check more than holding the domain. They are necessary to build legal reationships for business contracts. Thats why they check that the owner of the certificate is the right one regardless of the current DNS state (which might be under attack). But for most cases, the difference will not relevant for the private user.
where could we find an @large readable documentation on DNSSEC, its governance needs, etc. Should it be operated under ICANN or as an IGF enhanced cooperation (I understand that ICANN planned to catalyse a DNSSEC dedicated structure gathering the TLD Managers?).
Should ALAC not be a partner into it?
Of course, that's why I voluteer for a DNSSEC track on the AtLarge summit in Cairo. Preparing this track requires to collect and write such materials.