DNSSEC and the Geopolitical Future of the Internet

synsynackack writes "The Register reports that the DNSSEC protocol could have some very interesting geopolitical implications, including erosion of the scope of state sovereign powers. The chairman of ICANN, Peter Dengate-Thrush, explained, 'We will have to handle the geo-political element of DNSSEC very carefully.' Experts also explained that split DNS and the DNSSEC protocol don't match very well; technically, it is possible for someone at the interface of the global Internet and a country-wide Internet to strip electronic certificates attached to data and repackage the data with a new one."

No, in this case hierarchical is correct

[John.P.Jones]

DNS names are hierarchical. Each TLD is granted authority to manage its subsequent names as it sees fit and so on. Any attempt to secure this system should mirror the authority of the names themselves. Each country can control the distribution and authentication of names within their own TLD and DNSSEC just provides the appropriate level of cooperation for any client to read and validate those signatures.

Decoupling the hierarchical nature of DNS from a separate authentication mechanism that didn't follow this grain would be needlessly complex and could result in ambiguous or inconsistent results.

Re:DNSSEC is an arduous solution

[Kaboom13]

It's a sad state of affairs, but when you think about it, modern ISP's must be treated as a malicious and disruptive man in the middle attack when it comes to DNS. Not only do they constantly interfere in proper dns operation to run various scams, they do so blatantly and with no fear of recrimination. DNSSEC can't get here fast enough, I just hope ISPs don't start rewriting destination addresses to continue their abuse.