master key for DNS A dirty little secret is that the late, lamented and sensible Jon Postel once demonstrated how easy it would be to take the entire Internet out of the hands of the government entirely, because in fact the decision of what the "root" is is pretty damned arbitrary. (because people who think roots and port numbers are "real" seem to fantasize about physical metaphors that create more reality than there is here, so you have to show them). I think it would still be a small project to take the roots away from the US Gov't entirely, once and for all. If they demand the key and get it with the purpose of enforcing yet another attack on collective will, I am happy to help. Nothing illegal is necessary. 99% of humanity will probably volunteer to join the new root system - both libertarian conservatives and liberal thinkers are pretty much together on this. I'm pretty sure Microsoft and Apple (and I know Linux) communities would happily substitute a new root for a "gov't censored" one - and I don't think appeals to "child molesters" and "terrorists" and other bloody shirts being waved would cause them to think twice. What might get Microsoft to play ball is a promise to stop hammering them on antitrust, but hey, they have to worry about the next administration and the one after that - companies outlive governments. And even if Microsoft didn't put the new roots in, it's really easy to distribute a root replacement add-in or to add it to the NAT boxes. So "self help" is why the government might want to think twice about sticking this screwdriver in their own eye. Yeah, as John Levine says, the ICANN may not be a very mature body, but just think what the maturity of your favorite governmental figure is like. Do you like the "liberals"? Do you like the "religious right"? Do you like the Hillary? What about the Cheney? In the matter of the DNS, we the users of the Internet hold all the power. The master key is a fantasy. David Farber wrote:

Begin forwarded message:

From: Christian Huitema <huitema@windows.microsoft.com> Date: April 1, 2007 4:53:59 PM EDT To: dave@farber.net Subject: RE: [IP] Re: Department of Homeland and Security wants master key for DNS

...

In view of ICANN's chaotic management, I expect that a lot of those governments are quietly happy to have ICANN under adult supervision, and although they may say they want it independent of the US, short of handing it to the ITU or some other institution with international legitimacy, the USG is going to stay in charge, in which case it really doesn't matter whether the master key belongs to ICANN, IANA, DOC, or DHS because it all amounts to the same thing.

But why do we need a master key for the DNS at all? If a name is really popular, one can expect that its key will be well known. Verification of that key should not depend on the whims of the centralized registry. DNS servers should manage their list of well known keys, and protect their users against any bureaucratic error at the root level. Most top level domains and many big services should easily reach that level of popularity, and not depend on the root key for their security.

-- Christian Huitema

------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/@now Powered by Listbox: http://www.listbox.com

------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/@now Powered by Listbox: http://www.listbox.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE