Il 20 giugno 2019 00:28 Nick Johnson <[email protected]> ha scritto:
I think I addressed this upthread: If someone has the ability to change a zone's DNS records and generate valid DNSSEC signatures for them (which we will be requiring and verifying), they're sufficiently 'in control' of the zone that I'm comfortable treating them as the authorised user. If someone malicious has that control, the TLD owner has much larger problems.
I hate being the engineer that sold his soul to the dark side of policy talks, and also it's not fully clear what you want to do after establishing this technical link between ICANN's root and your alternative namespace, but I would really recommend you to have someone competent make a proper legal/policy analysis of your plans.
For example, if after adding existing ICANN-rooted TLDs under ENS your users will be able to perform anything resembling a domain registration or transfer, that is likely to be highly regulated by ICANN contracts and/or, for ccTLDs in several countries, by national laws; breaking those rules could expose you and the registry to serious issues. If you add that this has to do with "blockchain" - a politically sensitive and vaguely regulated topic in many parts of the world - the likelihood of politicians discovering this, not understanding it and screaming at the registry, for example, is definitely not zero.
Also, checking technical proof of control of a zone is not a legally valid way to conclude a contract with its owner, and you'd be much better off if you had a legally authorized representative of the registry sign an appropriate piece of paper with you (or at least go through T&Cs in a web procedure). Otherwise, in case of problems, the registry could claim that they never actually consented to this and that you basically hacked them with the unauthorized help of one of their suppliers or employees.
Regards,
--
Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
[email protected]
Office @ Via Treviso 12, 10144 Torino, Italy
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
