ICANNWatch
 
  Inside ICANNWatch  
Submit Story
Home
Lost Password
Preferences
Site Messages
Top 10 Lists
Latest Comments
Search by topic

Our Mission
ICANN for Beginners
About Us
How To Use This Site
ICANNWatch FAQ
Slash Tech Info
Link to Us
Write to Us

  Useful ICANN sites  
  • ICANN itself
  • Bret Fausett's ICANN Blog
  • Internet Governance Project
  • UN Working Group on Internet Governance
  • Karl Auerbach web site
  • Müller-Maguhn home
  • UDRPinfo.com;
  • UDRPlaw.net;
  • CircleID;
  • LatinoamerICANN Project
  • ICB Tollfree News

  •   At Large Membership and Civil Society Participation in ICANN  
  • icannatlarge.com;
  • Noncommercial Users Constituency of ICANN
  • NAIS Project
  • ICANN At Large Study Committee Final Report
  • ICANN (non)Members page
  • ICANN Membership Election site

  • ICANN-Related Reading
    Browse ICANNWatch by Subject

    Ted Byfied
    - ICANN: Defending Our Precious Bodily Fluids
    - Ushering in Banality
    - ICANN! No U CANN't!
    - roving_reporter
    - DNS: A Short History and a Short Future

    David Farber
    - Overcoming ICANN (PFIR statement)

    A. Michael Froomkin
    - When We Say US™, We Mean It!
    - ICANN 2.0: Meet The New Boss
    - Habermas@ discourse.net: Toward a Critical Theory of Cyberspace
    - ICANN and Anti-Trust (with Mark Lemley)
    - Wrong Turn in Cyberspace: Using ICANN to Route Around the APA & the Constitution (html)
    - Form and Substance in Cyberspace
    - ICANN's "Uniform Dispute Resolution Policy"-- Causes and (Partial) Cures

    Milton Mueller
    - Ruling the Root
    - Success by Default: A New Profile of Domain Name Trademark Disputes under ICANN's UDRP
    - Dancing the Quango: ICANN as International Regulatory Regime
    - Goverments and Country Names: ICANN's Transformation into an Intergovernmental Regime
    - Competing DNS Roots: Creative Destruction or Just Plain Destruction?
    - Rough Justice: A Statistical Assessment of the UDRP
    - ICANN and Internet Governance

    David Post
    - Governing Cyberspace, or Where is James Madison When We Need Him?
    - The 'Unsettled Paradox': The Internet, the State, and the Consent of the Governed

    Jonathan Weinberg
    - Sitefinder and Internet Governance
    - ICANN, Internet Stability, and New Top Level Domains
    - Geeks and Greeks
    - ICANN and the Problem of Legitimacy

    Highlights of the ICANNWatch Archive
    (June 1999 - March 2001)


     
    This discussion has been archived. No new comments can be posted.
    "We're Moving Backwards" on ICANN Transparency | Log in/Create an Account | Top | 105 comments | Search Discussion
    Click this button to post a comment to this story
    The options below will change how the comments display
    Threshold:
    Check box to change your default comment view
    The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
    ICANN (IANA.ISOC) Plan to Enter Lucrative Cert BIZ
    by Anonymous on Friday August 12 2005, @07:25AM (#15852)
    ICANN (IANA.ISOC) Plan to Enter Lucrative Cert BIZ

    Storing Certificates in the Domain Name System (DNS)

    Public keys are frequently published in the form of a certificate and
       their authenticity is commonly demonstrated by certificates and
       related certificate revocation lists (CRLs).  A certificate is a
       binding, through a cryptographic digital signature, of a public key,
       a validity interval and/or conditions, and identity, authorization,
       or other information.  A certificate revocation list is a list of
       certificates that are revoked, and incidental information, all signed
       by the signer (issuer) of the revoked certificates.  Examples are
       X.509 certificates/CRLs in the X.500 directory system or OpenPGP
       certificates/revocations used by OpenPGP software.

    Current Domain Name System (DNS) implementations are optimized for
       small transfers, typically not more than 512 bytes including
       overhead.  While larger transfers will perform correctly and work is
       underway to make larger transfers more efficient, it is still
       advisable at this time to make every reasonable effort to minimize
       the size of certificates stored within the DNS.  Steps that can be
       taken may include using the fewest possible optional or extensions
       fields and using short field values for variable length fields that
       must be included.
    [ Reply to This | Parent ]
    Re:ICANN (IANA.ISOC) Plan to Enter Lucrative Cert
    by Anonymous on Friday August 12 2005, @07:28AM (#15853)
    The .NET funds are [secretly] being used to form a new corporation to fund more of the Postel insiders.
    It will of course be non-profit, i.e. high salaries to absorb any excess funds ala ARIN and ICANN.
    [ Reply to This | Parent ]
    little point for IETF to standardize protocols.
    by Anonymous on Friday August 12 2005, @07:57AM (#15858)
    Remember that the current DNSSEC protocol was, without much
    discussion, chosen without running code, against a counter
    proposal of mine with running code.

    With the counter proposal, a lot of pitfalls not avoided by
    DNSSEC was pointed out. There are a lot of subtlety in DNS
    related to delegation, CNAME, wild cards and so on, none of
    which was addressed by DNSSEC.

    However, the pitfalls are ignored. Resulting implementations
    were buggy, of course. The pitfalls are reconsidered and worked
    around later only from operational experiences, which was a long
    and painful experience.

    With the demonstration of so miserable quality of the
    specification and implementations, it is not surprising that
    DNSSEC is not accepted at all by operators community.

    But, I'm not saying running code is above all.

    What's essential is not running code itself but acceptance
    by the end users, imprecise proxy of which is acceptance by
    operators, imprecise proxy of which is acceptance by
    implementors, that is, running code, imprecise proxy of which
    is IETF consensus, which means there is little point for IETF
    to standardize protocols.

    It turns out that both the WG and I was wrong that DNSSEC is
    not at all deployed is a good thing, because DNSSEC gives no
    better security than so called weak security (If you can
    trust CAs and their employees between you and your peer that
    they won't sign forged public key of you unconsciously nor
    maliciously, you can trust ISPs and their employees between
    you and your peer that they won't route your packets to
    someone else not having the destination IP addresses
    unconsciously nor maliciously).

    So, instead of introducing DNSSEC, just rely on ISPs and the
    destination IP addresses and use 3 way handshakes with cookies
    to securely confirm the source IP addresses are not forged.
    ISPs are as reliable as CAs. If you think ISPs are not so
    reliable, CAs neither.
    [ Reply to This | Parent ]


    Search ICANNWatch.org:


    Privacy Policy: We will not knowingly give out your personal data -- other than identifying your postings in the way you direct by setting your configuration options -- without a court order. All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by ICANNWatch.Org. This web site was made with Slashcode, a web portal system written in perl. Slashcode is Free Software released under the GNU/GPL license.
    You can syndicate our headlines in .rdf, .rss, or .xml. Domain registration services donated by DomainRegistry.com