Re: Montevideo statement
manning bill <bmanning@isi.edu> Tue, 08 October 2013 14:52 UTC
Return-Path: <bmanning@isi.edu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D290121E80F0 for <ietf@ietfa.amsl.com>; Tue, 8 Oct 2013 07:52:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lu7nmPSC-qse for <ietf@ietfa.amsl.com>; Tue, 8 Oct 2013 07:51:59 -0700 (PDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by ietfa.amsl.com (Postfix) with ESMTP id 17DC121E818C for <ietf@ietf.org>; Tue, 8 Oct 2013 07:51:54 -0700 (PDT)
Received: from [192.168.48.44] ([217.193.203.194]) (authenticated bits=0) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id r98EnZkY011617 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 8 Oct 2013 07:49:47 -0700 (PDT)
Subject: Re: Montevideo statement
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: text/plain; charset="windows-1252"
From: manning bill <bmanning@isi.edu>
In-Reply-To: <CAMm+LwhA58HBpkk_+n+JbR=MvrdCZ_AjYEw2rOgLewAjZ2fd8w@mail.gmail.com>
Date: Tue, 08 Oct 2013 07:49:35 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <94EC37C2-4BF7-4FC6-A42E-C765BDDE7070@isi.edu>
References: <ABCF1EB7-3437-4EC3-B0A8-0EDB2EDEA538@ietf.org> <20131007225129.GA572@laperouse.bortzmeyer.org> <4B3BF00B-0916-4EED-A73C-A0EB8B2A78FD@piuha.net> <CAMm+LwjqEX8XUM2RcLWGS0ZR8Ax=wHJjQhnSAoYbntWVeqNgAA@mail.gmail.com> <10B2223B-CDCA-491A-BC53-45FD7E54A16E@isi.edu> <CAMm+LwhA58HBpkk_+n+JbR=MvrdCZ_AjYEw2rOgLewAjZ2fd8w@mail.gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
X-Mailer: Apple Mail (2.1283)
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: bmanning@isi.edu
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2013 14:52:05 -0000
On 8October2013Tuesday, at 6:19, Phillip Hallam-Baker wrote: > > > > On Tue, Oct 8, 2013 at 8:53 AM, manning bill <bmanning@isi.edu> wrote: > > > > > > I think the US executive branch would be better rid of the control before the vandals work out how to use it for mischief. But better would be to ensure that no such leverage exists. There is no reason for the apex of the DNS to be a single root, it could be signed by a quorum of signers (in addition to the key splitting which I am fully familiar with). And every government should be assigned a sovereign reserve of IPv6 addresses to prevent a scarcity being used as leverage. > > > > -- > > Website: http://hallambaker.com/ > > Quorum signing with split keys was already built and tested in a root server operator testbed (the OTDR testbed) from 1998-2005. It was considered more fragile than the current system. > > Considered more fragile by whom? > > By the members of the $250m/yr NSA mole program? > > > Very few people in DNS land recognize the class of attack as being realistic. Even when they have prime ministers and members of the GRU visiting them to tell them how important the issue is to their country. > > We already have one example of lobbyists attempting this type of attack (see Martin's post). So it is far from unrealistic. > > > At present ICANN's power over the DNS is entirely discretionary. Attempting to drop Palestine out of the routing tables would simply be the end of the ICANN root zone. ICANN could continue to manage .com but their influence over the rest of the system would end completely. > > But DNSSEC changes the balance of power. With the root signed and embedded infrastructure verifying DNSSEC trust chains, the cost of a switchover rises remarkably. And when I tried to mention the fact I tended to get nasty threats. > > The third question of power is 'how do we get rid of you'. The answer in the case of DNSSEC is that you can't. > > > Fortunately the issue is quite easily fixed, just as the problem of using IPv6 or BGP allocations for leverage is fixable. Governments don't need to wait on ICANN or the IETF to develop a quorum signing model for the DNS apex, they could and should institute one themselves and tell their infrastructure providers to chain to the quorum roots rather than the monolithic apex root. > > Been there, done that, outgrew the teeshirt. Interestingly, the perceived value of a common, global namespace is _MUCH_ higher than the value of a controlled, boundary constrained namespace… At least by nearly every government to date. The fragile vectors could be classed in two buckets, Human Factors & Timing. /bill
- Re: Montevideo statement Noel Chiappa
- Montevideo statement IETF Chair
- Re: Montevideo statement Stephane Bortzmeyer
- Re: Montevideo statement Jari Arkko
- Re: Montevideo statement Phillip Hallam-Baker
- Re: Montevideo statement Martin Millnert
- Re: Montevideo statement Tobias Gondrom
- Re: Montevideo statement manning bill
- Re: Montevideo statement Michael Richardson
- Re: Montevideo statement Phillip Hallam-Baker
- Re: Montevideo statement Phillip Hallam-Baker
- Re: Montevideo statement manning bill
- Re: Montevideo statement SM
- Re: Montevideo statement Andrew Sullivan
- Re: Montevideo statement joel jaeggli
- Re: Montevideo statement Ted Lemon
- Re: Montevideo statement John C Klensin
- Re: Montevideo statement Tobias Gondrom
- Re: Montevideo statement Russ Housley
- Re: Montevideo statement joel jaeggli
- leader statements (was: Montevideo statement) Andrew Sullivan
- Re: Montevideo statement Arturo Servin
- Re: Montevideo statement SM
- Re: Montevideo statement Russ Housley
- Re: leader statements Brian E Carpenter
- Re: Montevideo statement Abdussalam Baryun
- Re: leader statements Abdussalam Baryun
- Re: leader statements Bjoern Hoehrmann
- Re: leader statements Brian E Carpenter
- "The core Internet institutions abandon the US Go… Carsten Bormann
- Re: leader statements Scott Brim
- Re: leader statements (was: Montevideo statement) SM
- Re: leader statements (was: Montevideo statement) Phillip Hallam-Baker
- Re: leader statements (was: Montevideo statement) Jari Arkko
- Re: Montevideo statement Medel v6 Ramirez
- Re: Montevideo statement Dave Crocker
- Re: leader statements manning bill
- Re: leader statements Arturo Servin
- Re: leader statements (was: Montevideo statement) manning bill
- Re: leader statements Melinda Shore
- Re: Montevideo statement Jari Arkko
- Re: Montevideo statement Ted Lemon
- Re: leader statements Carlos M. Martinez
- Re: Montevideo statement Dave Crocker
- Re: Montevideo statement Abdussalam Baryun
- Re: Montevideo statement SM
- Re: Montevideo statement Jari Arkko
- Re: "The core Internet institutions abandon the U… Jorge Amodio
- Re: "The core Internet institutions abandon the U… John Levine
- Re: leader statements Suzanne Woolf
- Re: "The core Internet institutions abandon the U… Jorge Amodio
- Re: "The core Internet institutions abandon the U… Dave Crocker
- Re: "The core Internet institutions abandon the U… Phillip Hallam-Baker
- Re: Montevideo statement Michael Richardson
- Re: Montevideo statement Jari Arkko
- Re: Montevideo statement John C Klensin
- Re: Montevideo statement Randy Bush
- Re: [IETF] Re: Montevideo statement Warren Kumari
- Re: Montevideo statement Jorge Amodio
- Re: [IETF] Re: Montevideo statement shogunx