[dns-operations] cool idea regarding root zone inviolability
Warren Kumari
warren at kumari.net
Thu Nov 27 21:11:45 UTC 2014
... and Mark Andrews, Paul Hofmann, Paul Wouters, myself and a few others
(who I embarrassing enough have forgotten) are planning on writing a "zone
signature" draft (I have an initial version in an edit buffet). The 50,000
meter view is:
Sort all the records in canonical order (including glue)
Cryptographicly sign this
Stuff the signature in a record
This allows you to verify that you have the full and complete zone (.de...)
and that it didn't get corrupted in transfer.
This solves a different, but related issue.
Hope to finally get off my butt and post -00 soon.
W
On Thursday, November 27, 2014, Richard Lamb <richard.lamb at icann.org> wrote:
> Having worked on solas at Intl maritime org, I agree with David. There
> are many parallels to that space and domain name space. We should learn
> from that experience.
>
> Rick
>
>
> Sent from my iPhone
>
> > On Nov 27, 2014, at 11:19, David Conrad <drc at virtualized.org
> <javascript:;>> wrote:
> >
> > Patrik,
> >
> >> On Nov 26, 2014, at 10:40 PM, Patrik Fältström <paf at frobbit.se
> <javascript:;>> wrote:
> >> FWIW, I have been working on this for a while with the Diplo
> foundation, and I am happy to answer questions (and of course listen to
> concerns).
> >
> > It is an interesting idea, but I don't get how it would work. I asked
> Jovan back when he initially proposed it, but never heard back.
> >
> > Is the theory behind this that governments around the world would enter
> into some sort of treaty or some other formally binding vehicle that would
> make the root zone inviolable? What would be the sanctions should the
> holder of the root zone (whoever it might be) ignore the inviolability of
> the root zone and how would they be enforced? How is that going to work
> given (e.g.) the US hasn't even been able to ratify the Treaty of the Sea
> and internal domestic politics will generally override any international
> agreement at politicians' whim?
> >
> > Regards,
> > -drc
> >
> > _______________________________________________
> > dns-operations mailing list
> > dns-operations at lists.dns-oarc.net <javascript:;>
> > https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> > dns-jobs mailing list
> > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net <javascript:;>
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
--
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
---maf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141127/952eda5d/attachment.html>
More information about the dns-operations
mailing list