[dns-operations] DNSSEC undoing independence of root-zone operators
dnsop+phil at spodhuis.org
Wed Feb 16 20:45:48 UTC 2011
On 2011-02-16 at 17:05 +0000, Tony Finch wrote:
> I know Phil personally so I hope he won't mind me saying that I think he
> has been spending too much time listening to crazy libertarians and
I don't mind at all, but you're incorrect.
I like government, provided that it's kept in check with balances and
oversight. I like international cooperation. I find that this works
best when no one entity has too much actual power.
I do understand why you would think that, though.
> I must admit that the structure I have in mind for the root key witnesses
> is similar to the root server operators. Unlike Phil who wants to make it
> easy for them to splinter, my aim is to establish consensus between the
> witnesses and cryptographically prove it to a bootstrapping validator.
> Analogy with apologies to Aesop: The current setup hangs everything of a
> single solid trunk, but it's a crack willow and will make an almighty mess
> if it fails or needs replacing. Phil proposes a set of individual twigs. I
> propose a resilient bundle of twigs.
A point which has been consistently overlooked is that by making it
easier to splinter in theory, in practice you reduce the likelihood of
reaching a condition which would drive people to splinter.
This is the "de facto vs de jure" argument I make in the post, and is
the important part of why detente leads to peace not war.
Your proposal makes it easier for others to assure that the censored
content came from who it was supposed to come from, but does nothing to
inhibit the incentive for censorship.
Note that I'm not directly opposed to the ability for an authority to
remove data (censor it) within their sphere of influence; it's for the
people affected to control the political structures to ensure that there
are checks and balances upon that authority. By contrast, the root zone
is in a unique place in the DNS in that it crosses political authority
boundaries and a country dropped from the root zone effectively takes
power away from the people within that authority, with another authority
declaring that they know better. The root zone itself should be more
resistant to censorship.
More information about the dns-operations