Re: [dnsext] bootstrapping using a quorum of witnesses

Tony Finch <dot@dotat.at> Wed, 02 February 2011 08:37 UTC

Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 671C33A6E3D; Wed, 2 Feb 2011 00:37:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.157
X-Spam-Level:
X-Spam-Status: No, score=-3.157 tagged_above=-999 required=5 tests=[AWL=2.046, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tNVTpqPPyDkG; Wed, 2 Feb 2011 00:36:39 -0800 (PST)
Received: from ppsw-50.csi.cam.ac.uk (ppsw-50.csi.cam.ac.uk [131.111.8.150]) by core3.amsl.com (Postfix) with ESMTP id 035453A6B73; Wed, 2 Feb 2011 00:36:39 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-SpamDetails: not scanned
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from [89.192.59.241] (port=49390 helo=[10.34.109.39]) by ppsw-50.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.157]:587) with esmtpsa (PLAIN:fanf2) (TLSv1:AES128-SHA:128) id 1PkYFp-00023U-q1 (Exim 4.72) (return-path <fanf2@hermes.cam.ac.uk>); Wed, 02 Feb 2011 08:39:57 +0000
References: <alpine.LSU.2.00.1102012018420.3329@hermes-1.csi.cam.ac.uk> <AANLkTikkaQDWMEH6S9qsfYOAg0ZTUHD2R1zYf=DVhoZd@mail.gmail.com>
In-Reply-To: <AANLkTikkaQDWMEH6S9qsfYOAg0ZTUHD2R1zYf=DVhoZd@mail.gmail.com>
Mime-Version: 1.0 (iPhone Mail 8C148)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Message-Id: <8AADFCFA-240A-43ED-A479-6266DA2E63B8@dotat.at>
X-Mailer: iPhone Mail (8C148)
From: Tony Finch <dot@dotat.at>
Date: Wed, 2 Feb 2011 08:38:58 +0000
To: Phillip Hallam-Baker <hallam@gmail.com>
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>, "dnsext@ietf.org" <dnsext@ietf.org>
Subject: Re: [dnsext] bootstrapping using a quorum of witnesses
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Feb 2011 08:37:25 -0000

On 2 Feb 2011, at 04:18, Phillip Hallam-Baker <hallam@gmail.com> wrote:
> 

I'm glad you think my sheme is reasonably plausible. I'm not sure your idea of a self-assembling committee of witnesses is likely to happen. It seems to me that more deliberate setup will be faster and more likely to succeed. But it requires politics which isn't my area...

> So now we have a scheme that is independent of any single point of control. The only question being the circumstances in which the signers would legitimately sign something other than the current ICANN root KSK. 

The same question applies to the root server operators' relationship with ICANN...

Tony.
--
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/