Government Begins Securing Root Zone File

← Back to Stories (view on slashdot.org)

Government Begins Securing Root Zone File

Posted by kdawson on Friday October 10, 2008 @02:12AM from the not-before-time dept.

Death Metal notes a Wired piece on the US government beginning the process of securing the root zone file. This is in service of implementing DNSSEC, without which the DNS security hole found by Dan Kaminsky can't be definitively closed. On Thursday morning, a comment period will open on the various proposals on who should hold the keys and sign the root — ICANN, Verisign, or the US government's NTIA.

10 of 198 comments (clear)

Min score:

Reason:

Sort:

None of the above by jeffasselin · 2008-10-10 02:14 · Score: 5, Insightful

Anyone really thinks any of those organizations should be trusted with this? How about some UN organization instead?

--
If he explores all forms and substances Straight homeward to their symbol-essences; He shall not die.
1. Re:None of the above by MightyYar · 2008-10-10 02:25 · Score: 4, Insightful
  
  The same UN that is comprised of countries that support censorship of political speech? No, thanks. Either give it to an organization of free democracies or hold onto it until such an organization exists.
  I'm not flaming, but seriously - look at the UN's track record where they do things like elect Libya to head the Commission on Human Rights. I can already see China chairing the internet commission.
  
  --
  W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
2. Re:None of the above by FireStormZ · 2008-10-10 02:31 · Score: 4, Insightful
  
  And why should the UN be trusted with this? As another poster pointed out they are comprised of many nations that censor speech, expression, assembly and thought. On top of that they have been shown to be as (if not more) corrupt (Oil for Food in Iraq), Inept (Sierra Leone), and Impotent (Rwanda)...
  
  --
  "Ahh! Arrogance and stupidity in the same package, how efficient of you!" --Londo Molari
Who to control... by TheSpoom · 2008-10-10 02:20 · Score: 5, Insightful
Verisign
Pros:
- Quite a bit of money, stability likely wouldn't be a problem
Cons:
- Puts a private company in control of a very, very important part of the internet
- Has previously fucked with DNS, would likely do so again if considered a wise business decision
US Government
Pros:
- Wouldn't dare let it go down since business in their country is very dependent upon it
- Puts elected officials in charge of a very important part of the internet
Cons:
- Nationalizes an important part of an international network
- Puts elected officials in charge of a very important part of the internet
ICANN
Pros:
- Has been doing this a long time
- Is a non-profit company so isn't driven by the same business needs as, say, Verisign
Cons:
- Still somewhat national
I'm definitely of the opinion that ICANN should be running it. That said, I don't know everything about the matter, so perhaps there's something that would change my mind. I figure, though, that if it's not broken, don't fix it.
--
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
1. Re:Who to control... by mgoren · 2008-10-10 03:37 · Score: 3, Insightful
  
  Why in the world would they give it to Verisign? I thought we were trying to move away from Verisign controlling anything other than .com (and I guess .net too)?
I'd vote ICANN by K3ba · 2008-10-10 02:33 · Score: 3, Insightful

But in the end, who really cares who signs it now - what can be signed once, must be able to be signed again (especially if there is a validity period of the signature), and if the signatory needs to change in the future then it can be changed then. Delaying the signing process is counter-productive, as procrastination in this regard only helps the hackers and not the greater unwashed masses who don't know they need this process to be completed in the first place... Maybe they should ask for comments _after_ they have told us the first signatories name. They will get comments then regardless of who they choose ;)

--
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.
1. Re:I'd vote ICANN by afidel · 2008-10-10 03:24 · Score: 3, Insightful
  
  How about the operators of each Root server signs their own copy of the root? That way if one entity implements policies that you don't agree with you simply remove them from your hints file. There's a reason there's multiple root servers and putting the signing authority in the hands of one entity inherently makes the system less diverse and fault tolerant.
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Give the keys to Jon Postel by davidwr · 2008-10-10 03:30 · Score: 4, Insightful

I can't think of anyone more qualified.
Yes, I know he's dead, but I still can't think of anyone more qualified.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Lame choice is no choice by Daimanta · 2008-10-10 03:35 · Score: 4, Insightful

"On Thursday morning, a comment period will open on the various proposals on who should hold the keys and sign the root -- ICANN, Verisign, or the US government's NTIA."
ICANN: Organisation situated in the US, can be heavily influenced and controlled the US government
Verisign: Private company that is only interested in profit and is situated mostly in the US thereby it can be heavily influenced and controlled the US government
NTIA: US government
CHOOSE: US, US, or US
American election time!

--
Knowledge is power. Knowledge shared is power lost.
Verisign? by neowolf · 2008-10-10 03:47 · Score: 3, Insightful

I can't wait if they get it... Within a couple of years we will all have to start paying for DNS queries. Of course- they will offer to allow your query for free if they can insert ads into every site you go to.