IETF Logo Mail Archive

Re: Historic Moment - Root zone of the Internet was just signed minutes ago!!!

Mark Andrews <marka@isc.org> Tue, 20 July 2010 04:13 UTC

Return-Path: <marka@isc.org>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BEFF23A69E9 for <ietf@core3.amsl.com>; Mon, 19 Jul 2010 21:13:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tt-PNKOsHFpX for <ietf@core3.amsl.com>; Mon, 19 Jul 2010 21:13:06 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by core3.amsl.com (Postfix) with ESMTP id 755DF3A69B3 for <ietf@ietf.org>; Mon, 19 Jul 2010 21:13:03 -0700 (PDT)
Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.ams1.isc.org (Postfix) with ESMTPS id A264C5F9863; Tue, 20 Jul 2010 04:13:03 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id 88143E6030; Tue, 20 Jul 2010 04:13:01 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id o6K4CtK5004897; Tue, 20 Jul 2010 14:12:55 +1000 (EST) (envelope-from marka@drugs.dv.isc.org)
Message-Id: <201007200412.o6K4CtK5004897@drugs.dv.isc.org>
To: Phillip Hallam-Baker <hallam@gmail.com>
From: Mark Andrews <marka@isc.org>
References: <4C404F35.7090207@vigilsec.com> <6D615944-97E1-4FB4-B341-A2A86E476609@muada.com> <alpine.LSU.2.00.1007161753580.12262@hermes-2.csi.cam.ac.uk> <20100716175650.GA292@rvdp.org> <1C8C8833-85E7-4E93-8AB2-1ADF2CF2B0FE@muada.com> <AANLkTikni86AOABGKIB1_jOeQe0Ou4swpGrS8H1MbmrQ@mail.gmail.com>
Subject: Re: Historic Moment - Root zone of the Internet was just signed minutes ago!!!
In-reply-to: Your message of "Fri, 16 Jul 2010 17:46:34 -0400." <AANLkTikni86AOABGKIB1_jOeQe0Ou4swpGrS8H1MbmrQ@mail.gmail.com>
Date: Tue, 20 Jul 2010 14:12:55 +1000
Sender: marka@isc.org
Cc: Iljitsch van Beijnum <iljitsch@muada.com>, ietf@ietf.org, Ronald van der Pol <Ronald.vanderPol@rvdp.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jul 2010 04:13:14 -0000

In message <AANLkTikni86AOABGKIB1_jOeQe0Ou4swpGrS8H1MbmrQ@mail.gmail.com>, Phil
lip Hallam-Baker writes:
> Being able to verify signatures is of no value.
> 
> The system only has value when you can act differently according to
> whether the signature verifies or not.
> 
> I keep asking, but nobody will tell me how I get the keys for my
> domains into the TLD.

Firstly you get DS records into the TLD not DNSKEY records.  Secondly
it is/will be by a mechanism similar to how you get NS records into
the TLD.  In other words go ask your registrar when they are going
to support adding DS records and stop complaining here.

This is not a technological problem.  It is a business problem
between you, your registrar and the registry.
 
> This is not a trivial issue. There is a question of liability to be
> addressed. So far ICANN and VeriSign Registry Services have addressed
> the issue by booting it down the chain. But the system as a whole
> cannot work until there is someone willing to accept the liability and
> for that to happen they are going to require tools to manage their
> litigation risk.

How is the liability different from that of accepting NS records?
DS records don't magically change the liability.  Stuffing up either
NS or DS records will break the delegation.

> Does anyone know of a dotcom registrar offering key signing?
> 
> Or is the big plan here that everyone who is not going to accept
> liability keep complaining about how far behind the registrars are
> until they are forced to act?
 
Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email