Document Actions
Commentary
Securing the Root: A proposal for distributing signing authority
Brenden Kuerbis
—
IGP Blog
—
2007-05-01
The implementation of DNSSEC and required development of a procedure to sign the DNS root zone file provides an opportunity to restructure the current political oversight exerted by the United States and achieve shared responsibility for the secure and stable operation of the Internet’s root zone. Specifically, multiple, but limited number of, non-governmental Root Key Operators (RKOs) should be responsible for generating, use and distribution of root zone key-signing keys (KSKs) and zone signing keys (ZSKs). In practice, this will require close coordination between RKO and RZM organizations in executing contractually agreed upon roles. |
Lies, Damn Lies and Broadband Statistics
TeleFrieden
—
TeleFrieden
—
2007-04-30
|
A2K Conference at Yale: Some Observations
Milton Mueller
—
IGP Blog
—
2007-04-28
I am attending the Yale Information Society Project's second Access to Knowledge (A2K) conference. There are about 150 people here. The story is that the leaders of Yale ISP are self-consciously positioning A2K as a social movement and simultaneously putting forward A2K as an overarching master frame for the entire range of communication and information policy issues. (For a broad historical background on communication-information as an integrated policy domain and the convergence of multiple issue networks, including intellectual propert-related advocacy, around the problems of digital media, see our study Reinventing Media Activism, published in 2004.) |
The Dark Side of Incentive Creation
TeleFrieden
—
TeleFrieden
—
2007-04-25
|
Securing the Root: The root of the problem, creating a trust anchor(s)
Brenden Kuerbis
—
IGP Blog
—
2007-04-18
Our last post explained the basics of how DNSSEC works. A security-aware resolver's ability to validate nameserver responses is accomplished by establishing an authentication chain from a known trust anchor(s) (i.e., a DNSKEY or signed DS record) to the zone which has provided the signed response. If a resolver is configured with a trust anchor(s) that exists higher in the DNS tree, e.g., the root's public key[1], it can theoretically verify any signed responses. This is because a path can always be constructed from the root to lower zones, assuming every zone in the path is signed and carries a Delegation Signer (DS) Resource Record for child zones. This architectural design highlights the critical importance of parent nameservers maintaining DS records and of signing those records to widespread deployment of DNSSEC across the Internet. |
DHS publicly acknowledges DNSSEC root signing spec
Brenden Kuerbis
—
IGP Blog
—
2007-04-15
Nearly five months after the fact, DHS acknowledged widely last week the release of a draft technical specification for signing and securing the DNS Root Zone. Signing the root is considered a critical step toward the widespread deployment of DNSSEC across the Internet. |
Securing the Root: What is DNSSEC, what's the controversy?
Brenden Kuerbis
—
IGP Blog
—
2007-04-09
|
Securing the Root: Introduction
Brenden Kuerbis
—
IGP Blog
—
2007-04-02
Management of the DNS root zone file is a uniquely global policy problem. For the Internet to connect everyone, the root of the internet’s identifier systems must be coordinated and compatible. But who will control that coordination process? Right now, the U.S. government assumes exclusive responsibility for it. The U.S. refuses to internationalize its oversight, or to delegate it fully to ICANN. Internet users and governments in other countries are uncomfortable with U.S. unilateral control, knowing that the U.S. could, if it wanted, exploit its power over the root for political, military or economic advantage. For that reason, DNS root zone file management has been one of the most controversial issues in Internet governance. |
Securing the Root: Serial Blog launch
Brenden Kuerbis
—
IGP Blog
—
2007-04-02
|
ICANN kills .xxx, USG ordered to turn over related documents
Brenden Kuerbis
—
IGP Blog
—
2007-03-30
|
Highly Commended: Mueller's work on IP addressing
Brenden Kuerbis
—
IGP Blog
—
2007-03-29
Emerald Group Publishing has informed us that Milton Mueller's paper, IP addressing: the next frontier of internet governance debate has been selected as a Highly Commended Winner at the Emerald Literati Network Awards for Excellence 2007. |
If You Can’t Measure It, You Can’t Manage It
webmaster
—
According to the Best Available Data
—
2007-02-25
The following is an excerpt from a discussion forum for the Future of the Internet Workshop hosted by the Organisation for Economic Co-operation and Development (OECD), entitled “If you Can’t Measure It, You Can’t Manage It”. Tom Vest and KC Claffy, Cooperative Association for Internet Data Analysis (CAIDA). 1. The Internet is now a critical [...] |
A Day in the Life
webmaster
—
According to the Best Available Data
—
2006-09-04
In 2001 the U.S. National Academy of Sciences convened a workshop to assess the state of networking research, and, in pursuit of objectivity and fresh insights, arranged for more than half of the attendees to [...] |