[dns-operations] VeriSign becoming Root-DNSSEC key manager!?

B C brettlists at gmail.com
Fri May 22 20:03:39 UTC 2009


Jeroen,

On Thu, May 7, 2009 at 10:41 AM, Jeroen Massar <jeroen at unfix.org> wrote:
> I might have missed something here.... so please enlighten me where the
> light shines...
>
> For the folks who grasp German:
> http://www.heise.de/netze/VeriSign-soll-DNS-Schluesselwaechter-werden--/news/meldung/137429
> "VeriSign soll DNS-Schlüsselwächter werden"
> (the text states that this was discussed at RIPE58, but I can't seem to
> find refs in the uploaded presentations*, thus what the non-journalist
> edition is)
>
> In short the page states that Verisign will hold/control the DNSSEC keys
> for the Root and that the NTIA decided on that.
>
> Why is the NTIA able to 'decide' on these things!? (that is if the above
> report has some kind of truth in it)
>
> I am fairly sure that some anti-US countries will not like that at
> all... (and I am personally not too big on the idea of giving 1 big
> organization which already has too much power in the DNS and SSL space
> even more power like that... [nothing against the people etc])
> Heck I would almost state that ICANN is the better party for that even.
>
> Also, wouldn't it be more global to let the RIRs handle this?
> At least they are quite global, have input from their region and are
> quite open too (though there are some rare odd cases known).
> eg a mechanism where each RIR can sign the root and that eg 3/5 RIRs
> keys must match for it be called authoritative?
>

Well I was at RIPE58 and I don't recall any announcement about
Verisign holding the Keys for root. As far as I am aware the NTIA has
gone very quiet since it's consultation and I haven't heard much from
IANA/ICANN either.

Sounds like a journalist getting the wrong end of the stick to me :)

Brett



More information about the dns-operations mailing list