[dns-operations] DNSSEC undoing independence of root-zone operators
drc at virtualized.org
Tue Feb 15 22:28:07 UTC 2011
On Feb 15, 2011, at 1:02 PM, Phil Pennock wrote:
> TL;DR: DNSSEC as currently deployed undermines the independence of the
> DNS root-zone operators.
"This is me breathing." -- Martin Q. Blank, "Grosse Point Blank" :-)
Ignoring your arguable assertion of what Jon intended and your assumptions about permanent saintliness of the root server operators, pragmatically speaking, your solution is simply yet another version of Mutual Assured Destruction of the DNS. I question the value of expanding the number of folks who can push the red button from one (that is watched over by the entire Internet political class) to 12 (who have that role due to historical circumstances and have no concrete accountability with one possible exception).
In your model, what would happen if a root server operator goes rogue (e.g., the CEO of the parent organization decides it is in the best interests of her stockholders to insert their own set of TLDs into their version of the root zone)?
More information about the dns-operations