Dave mentioned: # Can anyone seriously imagine countries like Iran or China signing up to a #system that places complete control, surveillance and falsification #capabilities in the hands of the US' military intelligence? I'm not sure having control of the keys for the root zone would give you all that. # Surely if this goes ahead, it will mean that DNSSEC is doomed to widespread #non-acceptance. And unless it's used everywhere, there's very little point #having it at all. This issue came up on Dave Farber's [IP] list; my comments to him (which never appeared, perhaps because Dave was already sick of hearing about it, or simply because my comments were boring :-)) are included below, for what they may be worth: Three points to consider about the current DNSSEC "who should signs the root?" issue... 1) While DNS is a critical core protocol, and one which has garnered substantial miscreant attention, deployment of DNSSEC to fix some of DNS' current weaknesses is still only embryonic. Most sites on the Internet today neither sign their own zones nor have configured their name servers to cryptographically validate others' domains. Numerical estimates for DNSSEC penetration range from just 0.001% to 0.0015% (see slides 74-75 in my "Port 53 Wars" talk, available at http://www.uoregon.edu/~joe/port53wars/port53wars.ppt (or .pdf)), and the domains that *are* getting secured by DNSSEC are generally not the most popular domains, nor the ones which are being used for critical online banking or electronic commerce, nor even those which belong to market-leading (or thought-leading) technology companies. When DNSSEC is more broadly deployed it will be more practically useful; when it is more practically useful, it will be more broadly deployed. I'm sure it is no surprise to anyone that Internet bootstrapping can be tough, whether we're talking about IP multicast, IPv6, jumbo frames, or, in this case, DNSSEC... Until substantial adoption does occur, we're largely arguing about a theoretical issue of limited *practical* import. If you want to help make DNSSEC (and the issue of who signs the root!) one which *is* practically important, then folks need to *use* DNSSEC: -- if you operate name servers, configure the name servers you administer to check the DNSSEC signatures of other zones, -- if you control one or more domains, sign your *own* zones, and -- talk to critical Internet partners you work with about DNSSEC and the status of *their* name servers and *their* zones (can you imagine the impact if even some of the giants such as Google, Yahoo, CNN, the BBC, Amazon, AOL, IBM, Microsoft, Cisco, WalMart, Citibank, etc., began to actually use -- and actively encourage *others* to use -- DNSSEC?) DNS server admins who'd like to try DNSSEC can find pointers to recipes for signing their own zones, and recipes for configuring their name servers to check the signatures of others' zones, in my talk at slide 76. 2) So when *will* the question of *who* signs the root become technically important? Well, at the risk of offering a semi-tautological answer to a semi-rhetorical question, that will probably be when the root actually gets signed. The root zone is NOT signed today, and depending on your perspective, signing of the root is either (a) imminent, or (b) something which may *perpetually* remain at least six months away (see slides 55-58 from my talk). If I were reading the tea leaves which are currently visible, I think the indicator with the highest predictive value is likely Verisign's February 2007 announcement of Project Titan, a three year (and hundred million dollar) DNS upgrade initiative (see http://www.verisign.com/titan/ ). I believe their completion of Project Titan may be a defacto precondition for the potential signing of the root, although signing of the root may still not occur even once Project Titan has been completed (DNSSEC is clearly an after thought when it comes to that expansion effort, not the central operational/business driver). 3) Does this mean the whole matter of who signs the root is a complete non-issue? Most emphatically no. The issue of who signs the root is one which may be trivial as a *practical* *technical* matter *today*, but it is one which is potentially *huge* as a matter of policy and precedent, and as a *longer term* practical technical issue, and as an issue which has the potential to halt, slow, or potentially fragment DNSSEC's actual deployment. If the issue of who signs the root cannot be consensually resolved, the most likely impact will be for DNSSEC adopters to move from a trust model rooted at "." to a trust model rooted at the TLD level. Now, instead of having a minimal number of keys to juggle, sites would be facing a far larger number of islands of trust, each with their own keys. Even with just DNSSEC's limited deployment to date, we already know that when faced with the prospect of managing a large number of keys, adopters will turn to trusted third party brokers who *are* willing to cryptographically vouch for multiple keys (for example see the discussion of islands of trust and Domain Lookaside Validation (DLV) at slides 59-61). Bottom line, my belief is that ultimately the root *will* end up being signed. If the community viscerally or intellectually doesn't like the party providing that signature, the unhappy parts of the community have a number of options, including: -- they can ignore DNSSEC, not checking DNS signatures on their name servers and not signing their own zones (remember that this is the default option selected by 99.999% of the online world right now, including virtually everyone who may be reading this note)... but I think that would be... unfortunate. -- they can "hold their nose" and proceed (even if they're uncomfortable), using the default signed root unless/until some abuse of trust occurs (and presumably everyone would be watching quite closely for any sign of inappropriate behavior, and presumably the party that ultimately signs the root would know that and hopefully behave accordingly) -- they can deploy a DLV-like solution, trusting a third party commercial or non-profit entity (or even some other government) to act as what amounts to an alternative DNSSEC root-like trust anchor, or -- they can devote a tremendous amount of time and effort to arguing a battle about who signs the root, potentially ultimately achieving a Pyrrhic victory. Given those options, and the current realities of DNSSEC deployment today, I'd suggest that people not devote their primary attention and energy to worries about whether or not a disliked or liked national authority ultimately signs the root, but rather I'd suggest that folks focus on whether or not DNSSEC ends up taking off at all. If you want DNSSEC to succeed, use it, talk about it, and write code to take advantage of its capabilities. Ultimately I believe the turf wars which may come up can be settled one way or another. Regards, Joe St Sauver ([EMAIL PROTECTED]) http://www.uoregon.edu/~joe/ Disclaimer: all opinions strictly my own
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]