Inside ICANNWatch  
Submit Story
Lost Password
Site Messages
Top 10 Lists
Latest Comments
Search by topic

Our Mission
ICANN for Beginners
About Us
How To Use This Site
Slash Tech Info
Link to Us
Write to Us

  Useful ICANN sites  
  • ICANN itself
  • Bret Fausett's ICANN Blog
  • Internet Governance Project
  • UN Working Group on Internet Governance
  • Karl Auerbach web site
  • Müller-Maguhn home
  • UDRPinfo.com;
  • UDRPlaw.net;
  • CircleID;
  • LatinoamerICANN Project
  • ICB Tollfree News

  •   At Large Membership and Civil Society Participation in ICANN  
  • icannatlarge.com;
  • Noncommercial Users Constituency of ICANN
  • NAIS Project
  • ICANN At Large Study Committee Final Report
  • ICANN (non)Members page
  • ICANN Membership Election site

  • ICANN-Related Reading
    Browse ICANNWatch by Subject

    Ted Byfied
    - ICANN: Defending Our Precious Bodily Fluids
    - Ushering in Banality
    - ICANN! No U CANN't!
    - roving_reporter
    - DNS: A Short History and a Short Future

    David Farber
    - Overcoming ICANN (PFIR statement)

    A. Michael Froomkin
    - When We Say US™, We Mean It!
    - ICANN 2.0: Meet The New Boss
    - Habermas@ discourse.net: Toward a Critical Theory of Cyberspace
    - ICANN and Anti-Trust (with Mark Lemley)
    - Wrong Turn in Cyberspace: Using ICANN to Route Around the APA & the Constitution (html)
    - Form and Substance in Cyberspace
    - ICANN's "Uniform Dispute Resolution Policy"-- Causes and (Partial) Cures

    Milton Mueller
    - Ruling the Root
    - Success by Default: A New Profile of Domain Name Trademark Disputes under ICANN's UDRP
    - Dancing the Quango: ICANN as International Regulatory Regime
    - Goverments and Country Names: ICANN's Transformation into an Intergovernmental Regime
    - Competing DNS Roots: Creative Destruction or Just Plain Destruction?
    - Rough Justice: A Statistical Assessment of the UDRP
    - ICANN and Internet Governance

    David Post
    - Governing Cyberspace, or Where is James Madison When We Need Him?
    - The 'Unsettled Paradox': The Internet, the State, and the Consent of the Governed

    Jonathan Weinberg
    - Sitefinder and Internet Governance
    - ICANN, Internet Stability, and New Top Level Domains
    - Geeks and Greeks
    - ICANN and the Problem of Legitimacy

    Highlights of the ICANNWatch Archive
    (June 1999 - March 2001)

    This discussion has been archived. No new comments can be posted.
    "We're Moving Backwards" on ICANN Transparency | Log in/Create an Account | Top | 105 comments | Search Discussion
    Click this button to post a comment to this story
    The options below will change how the comments display
    Check box to change your default comment view
    The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
    little point for IETF to standardize protocols.
    by Anonymous on Friday August 12 2005, @07:57AM (#15858)
    Remember that the current DNSSEC protocol was, without much
    discussion, chosen without running code, against a counter
    proposal of mine with running code.

    With the counter proposal, a lot of pitfalls not avoided by
    DNSSEC was pointed out. There are a lot of subtlety in DNS
    related to delegation, CNAME, wild cards and so on, none of
    which was addressed by DNSSEC.

    However, the pitfalls are ignored. Resulting implementations
    were buggy, of course. The pitfalls are reconsidered and worked
    around later only from operational experiences, which was a long
    and painful experience.

    With the demonstration of so miserable quality of the
    specification and implementations, it is not surprising that
    DNSSEC is not accepted at all by operators community.

    But, I'm not saying running code is above all.

    What's essential is not running code itself but acceptance
    by the end users, imprecise proxy of which is acceptance by
    operators, imprecise proxy of which is acceptance by
    implementors, that is, running code, imprecise proxy of which
    is IETF consensus, which means there is little point for IETF
    to standardize protocols.

    It turns out that both the WG and I was wrong that DNSSEC is
    not at all deployed is a good thing, because DNSSEC gives no
    better security than so called weak security (If you can
    trust CAs and their employees between you and your peer that
    they won't sign forged public key of you unconsciously nor
    maliciously, you can trust ISPs and their employees between
    you and your peer that they won't route your packets to
    someone else not having the destination IP addresses
    unconsciously nor maliciously).

    So, instead of introducing DNSSEC, just rely on ISPs and the
    destination IP addresses and use 3 way handshakes with cookies
    to securely confirm the source IP addresses are not forged.
    ISPs are as reliable as CAs. If you think ISPs are not so
    reliable, CAs neither.
    [ Reply to This | Parent ]
    little point for IETF to standardize protocols. by Anonymous
    Re:little point for IETF to standardize protocols.
    by Anonymous on Friday August 12 2005, @07:59AM (#15859)
    "use 3 way handshakes with cookies
    to securely confirm the source IP addresses are not forged"

    Done !!
    Has been for 10 ? years
    Next !!
    [ Reply to This | Parent ]

    Search ICANNWatch.org:

    Privacy Policy: We will not knowingly give out your personal data -- other than identifying your postings in the way you direct by setting your configuration options -- without a court order. All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by ICANNWatch.Org. This web site was made with Slashcode, a web portal system written in perl. Slashcode is Free Software released under the GNU/GPL license.
    You can syndicate our headlines in .rdf, .rss, or .xml. Domain registration services donated by DomainRegistry.com