[dns-operations] DNSSEC undoing independence of root-zone operators

[Tony Finch]

On Wed, 16 Feb 2011, Phil Pennock wrote:
>
> A point which has been consistently overlooked is that by making it
> easier to splinter in theory, in practice you reduce the likelihood of
> reaching a condition which would drive people to splinter.
>
> This is the "de facto vs de jure" argument I make in the post, and is
> the important part of why detente leads to peace not war.
>
> Your proposal makes it easier for others to assure that the censored
> content came from who it was supposed to come from, but does nothing to
> inhibit the incentive for censorship.

Your last point isn't entirely true. A quorum of witnesses could in theory
decide that they prefer a different root KSK to the ICANN one. On the
other hand the witnesses are supposed to be called on for bootstrapping
only and not during normal operations, so a validator won't notice that a
schism has occurred as long as ICANN's key continues to work.

But really I wanted to solve a practical operational problem. Here is not
the place to do root zone politics, however much I agree that the current
setup leaves a lot to be desired.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Fair Isle, Faeroes, South-east Iceland: Easterly or southeasterly 5 to 7,
perhaps gale 8 in Southeast Iceland later. Rough or very rough. Rain or
squally wintry showers. Moderate, occasionally poor.