Dear colleagues, For my sins, I have been following some of the recent discussions about "Internet governance". One of the discussions over on the "1net" list (http://1net-mail.1net.org/mailman/listinfo/discuss) is about the control by one particular government of the DNS root zone, and how uncomfortable that makes some other governments. The consequence has been renewed discussion on a somewhat older proposal for splitting up the management of the root zone keys. The proposal can be found at http://www.internetgovernance.org/wordpress/wp-content/uploads/SecuringTheRoot.pdf.
The proposal has the appealing property that nobody can "hijack" the root, and if you don't trust any particular actor then the approach ensures that it is at least technically difficult (or detectable) that someone has acted alone. But it has always seemed to me that the approach would result in a very great increase in the size of the root key RRset as well as the RRSIGs necessary at least over the DNSKEY RRset. One response to this (http://1net-mail.1net.org/pipermail/discuss/2014-January/001057.html) is, "So what? It's the root. It'll be widely cached, and TCP is a small price to pay for this on the occasions it's needed." I am not sure I am so sanguine, but this put in my mind the draft-ietf-dnsop-respsize draft, which I now realise was never published as an RFC. I'd like this thread to discuss the "so what, use TCP!" remark. I'd also like to ask either the chairs or the WG whether draft-ietf-dnsop-respsize-14 needs revision and, if so, what revision to be publishable, because I think it's needed advice. Best regards, A -- Andrew Sullivan a...@anvilwalrusden.com _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
