[dns-operations] VeriSign becoming Root-DNSSEC key manager!?

Jeroen Massar jeroen at unfix.org
Thu May 7 09:41:48 UTC 2009

I might have missed something here.... so please enlighten me where the
light shines...

For the folks who grasp German:
"VeriSign soll DNS-Schlüsselwächter werden"
(the text states that this was discussed at RIPE58, but I can't seem to
find refs in the uploaded presentations*, thus what the non-journalist
edition is)

In short the page states that Verisign will hold/control the DNSSEC keys
for the Root and that the NTIA decided on that.

Why is the NTIA able to 'decide' on these things!? (that is if the above
report has some kind of truth in it)

I am fairly sure that some anti-US countries will not like that at
all... (and I am personally not too big on the idea of giving 1 big
organization which already has too much power in the DNS and SSL space
even more power like that... [nothing against the people etc])
Heck I would almost state that ICANN is the better party for that even.

Also, wouldn't it be more global to let the RIRs handle this?
At least they are quite global, have input from their region and are
quite open too (though there are some rare odd cases known).
eg a mechanism where each RIR can sign the root and that eg 3/5 RIRs
keys must match for it be called authoritative?


* =

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20090507/c22cc4b9/attachment.sig>

More information about the dns-operations mailing list