David Huberman wrote on 15/11/2021 21:31:
I guess I'm not grokking why you think this kind of regulation would
have no legal basis when regulators are proposing something very
similar in eIDAS article 45 (all web browsers must accept CAs which
we the regulators approve) and in NIS2 for root server operators with
more than 10 instances. The concept of Trusted Service Providers in
EU regulations already exists and is already quite powerful.
Mandating specific CAs in a browser - although a remarkably stupid thing
to do, if that's what's being discussed, and it's not clear from eIDAS
art. 45 that this is necessary within the terms of that regulation - is
not the same as hijacking dns resolution services. There's a gap
between the two and it's not that small either.
Separately, NISD2 is not yet finalised, nor is it being mandated by
regulators: it's being written by lawmakers, who have taken root servers
out of scope of the directive.
In relation to trust service providers, the requirements here relate
mostly to process management and providing a legal framework in which
TSPs can operate consistently across multiple countries. You can't
really operate a society which depends on electronic trust mechanisms
without having a legal framework for this.
Nick
To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/dns-wg
