Home page logo

nanog logo nanog mailing list archives

Re: public consultation on root zone KSK rollover
From: David Conrad <drc () virtualized org>
Date: Sat, 6 Apr 2013 08:52:06 +0800


On Apr 6, 2013, at 7:10 AM, Randy Bush <randy () psg com> wrote:
at some point, long passed, the more pomp, the less safe i feel.  

Have you actually watched/participated in a root key signing ceremony?  Pomp is not the term I would use. 

is protecting against technical/engineering threats and protecting
against layer 8 through 11.  through complexity, it compromises the
technical protection to go overboard on the lawyer defense.

Technical protection like those that protected Diginotar's customers?  The elaborate root key signing ceremony is 
designed to ensure all aspects of root key management are open, transparent, and can be audited by anyone. While I'd 
agree that it is non-technical, the technical/engineering part is the easy bit. Protecting against insiders, laziness, 
and stupidity is _far_ harder.

In any event, if you haven't already I would encourage you to provide
comments at the URL Joe referenced.

definitely.  after all, commenting on icann insanities has had such
serious beneficial effect for the good of the internet in the past.

I can guarantee that providing comments are infinitely more likely to have an impact than stomping off in a huff :)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]