[90757] in North American Network Operators' Group
Re: wrt joao damas' DLV talk on wednesday
daemon@ATHENA.MIT.EDU (Randy Bush)
Tue Jun 13 17:51:37 2006
From: Randy Bush <randy@psg.com>
Date: Tue, 13 Jun 2006 14:49:40 -0700
To: Paul Vixie <vixie@vix.com>
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
please reconcile
> no bank in its right mind, for example, would allow its identity
> to be held or represented by a middleman whose security policies
> weren't auditable.
with
> this is why we're trying to sign up some registrars, starting
> with alice's, who can send us blocks of keys based on their
> pre-existing trust relationships.
i think you might see why i am confused. do you propose to audit
alice? as rick says, this is unfortunately trivial, as the signed
registrations are zero <sigh>.
btw, i fully admit that i have not thought through a detailed
policy and process for a dlv registry. then again, i am not
proposing to deploy one. yep, criticism is cheap. but then, i
have not charged much :-).
like some other technologies i'll not mention in this message,
dnssec has been a typical non-deployable ivtf mis-design by
committee for half the lifetime of the internet itself. [ i left a
long trail of "this is badly broken. someone should have listened
to masataka." but have no idea if his 1/3 baked scheme would have
flown. ] and i sympathize with your desire to get any useful
flight milage out of the disaster. but, as this is a security
service, please register your flight plan.
randy
