Statement on proposed amendments to RAA, version II
Here's the next version incorporating comments from Danny, Wendy and Carlton. I tried to recast the whole document and added introduction and conclusion, in which some of the more passionate reflections are made, though I modulated those a bit. I believe this needs to be to Tim Cole today. At this point I'm going to ask Nick, who's probably started his weekend by now, to give this a second read and then proceed with Spanish translation (and French if that's now possible). I will cc Tim so he has an idea of what's coming, but that he should be aware the final might not be completed until early next week. I'll be out Monday and with limited time online during the holiday weekend. Thanks for your contributions... Beau **************************************************************************** ******** SCANNED **************************************************************************** ********
Confused by the statement "Registrars should be required to offer DNSSEC". Did you mean to refer to the Redemption Grace Period service perhaps? also please correct a typo: in the line "When registrars pay for multiple-year registrations... change registrars to registrants. Thanks, Danny --- On Fri, 8/29/08, Brendler, Beau <Brenbe@consumer.org> wrote:
From: Brendler, Beau <Brenbe@consumer.org> Subject: [NA-Discuss] Statement on proposed amendments to RAA, version II To: "ALAC@atlarge-lists.icann.org" <ALAC@atlarge-lists.icann.org> Cc: "Nick Ashton-Hart" <Nick.Ashton-Hart@icann.org>, "Tim Cole" <Tim.Cole@icann.org>, "NA Discuss" <na-discuss@atlarge-lists.icann.org> Date: Friday, August 29, 2008, 2:54 PM Here's the next version incorporating comments from Danny, Wendy and Carlton. I tried to recast the whole document and added introduction and conclusion, in which some of the more passionate reflections are made, though I modulated those a bit.
I believe this needs to be to Tim Cole today. At this point I'm going to ask Nick, who's probably started his weekend by now, to give this a second read and then proceed with Spanish translation (and French if that's now possible). I will cc Tim so he has an idea of what's coming, but that he should be aware the final might not be completed until early next week. I'll be out Monday and with limited time online during the holiday weekend.
Thanks for your contributions...
Beau
**************************************************************************** ******** SCANNED
**************************************************************************** ********------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.ica...
Visit the NARALO online at http://www.naralo.org ------
No, though we can put an RGP statement in there...I know we discussed that but I left it out DNSSEC is a signed-domain security process ICANN has been studying. It's expensive and costs would probably eventually be passed down to the user community and registrants but if widely implemented it could go a long way toward improving security and stability (in my opinion) that said, that is one of the suggested amendments that is left over from the beginning (in fact, I may have put it in there a year or so ago) and I have not revisited where DNSSEC is at this point Dave Piscitello would know, or Robert Guerra -- beyond me at the moment ________________________________________ From: Danny Younger [dannyyounger@yahoo.com] Sent: Friday, August 29, 2008 3:10 PM To: Brendler, Beau Cc: Nick Ashton-Hart; Tim Cole; NA Discuss Subject: Re: [NA-Discuss] Statement on proposed amendments to RAA, version II Confused by the statement "Registrars should be required to offer DNSSEC". Did you mean to refer to the Redemption Grace Period service perhaps? also please correct a typo: in the line "When registrars pay for multiple-year registrations... change registrars to registrants. Thanks, Danny --- On Fri, 8/29/08, Brendler, Beau <Brenbe@consumer.org> wrote:
From: Brendler, Beau <Brenbe@consumer.org> Subject: [NA-Discuss] Statement on proposed amendments to RAA, version II To: "ALAC@atlarge-lists.icann.org" <ALAC@atlarge-lists.icann.org> Cc: "Nick Ashton-Hart" <Nick.Ashton-Hart@icann.org>, "Tim Cole" <Tim.Cole@icann.org>, "NA Discuss" <na-discuss@atlarge-lists.icann.org> Date: Friday, August 29, 2008, 2:54 PM Here's the next version incorporating comments from Danny, Wendy and Carlton. I tried to recast the whole document and added introduction and conclusion, in which some of the more passionate reflections are made, though I modulated those a bit.
I believe this needs to be to Tim Cole today. At this point I'm going to ask Nick, who's probably started his weekend by now, to give this a second read and then proceed with Spanish translation (and French if that's now possible). I will cc Tim so he has an idea of what's coming, but that he should be aware the final might not be completed until early next week. I'll be out Monday and with limited time online during the holiday weekend.
Thanks for your contributions...
Beau
**************************************************************************** ******** SCANNED
**************************************************************************** ********------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.ica...
Visit the NARALO online at http://www.naralo.org ------
*** Scanned **************************************************************************** ******** SCANNED **************************************************************************** ********
DNSSEC is a signed-domain security process ICANN has been studying. It's expensive and costs would probably eventually be passed down to the user community and registrants but if widely implemented it could go a long way toward improving security and stability (in my opinion)
The expense is mostly in software upgrades, not something that I think is an overwhelming cost. If you've followed the recent news about DNS security holes, they're real, and DNSSEC appears to be the most practical countermeasure. DNSSEC works by having a chain of signatures, from zone to zone, ideally starting at the root but for now starting at a TLD. A few ccTLD zones are currently signing with DNSSEC, I think Brazil and Sweden. More relevantly, .ORG plans to start using DNSSEC within the next year. Registrants who sign their own 2nd level domains need to pass their keys to the registry so the registry can include the necessary links in the TLD zone. Since the registrar is the only path from the registrant to the registry, this means that registrars have to support DNSSEC. I gather that it's not that big a deal, basically a few more fields in the data they collect fromt the registrant and provide to the registry. So we really do mean that that registrars should support DNSSEC. R's, John PS: They should support the redemption period, too, with price caps, but that's a separate issue.
participants (3)
-
Brendler, Beau -
Danny Younger -
John L