Mr. Oquendo (I presume "Mr." but if it's "Ms." please accept my apologies...), it appears that there is little common ground between you and me. So, rather than stringing this out for the next several days and boring everybody else to tears, I will say thanks for the "chat" and I look forward to continuing this in person over a beer or other libation at some future gathering. Marc -----Original Message----- From: J. Oquendo [mailto:sil@infiltrated.net] Sent: Tuesday, April 24, 2007 9:58 AM To: Marcus H. Sachs Cc: nanog@merit.edu Subject: Re: IP Block 99/8 (DHS insanity - offtopic) Alrighty... Since you pointed out this article I already read. // QUOTE // "This is the U.S. government stepping forward and showing leadership," Douglas Maughan, an official with the Department of Homeland Security's Science and Technology Directorate, told United Press International. // END // Strong leadership? What are they implying they will lead. They can't even lead their own security issues and I've yet to see anything on GCN, FCW implying that mil or gov servers had their DNS servers hijacked. So what is proposed that they will lead? // MORE // The DNS Security Extensions Protocol, or DNSSec, is designed to end such abuse by allowing the instantaneous authentication of DNS information -- effectively creating a series of digital keys for the system. One lingering question -- largely academic until now -- has been who should hold the key for the so-called DNS Root Zone, the part of the system that sits above the so-called Top Level Domains, like .com and .org. ... The draft lays out a series of options for who could be the holder, or "operator," of the Root Zone Key, essentially boiling down to a governmental agency or a contractor. // END // You mean like Verisign? Why should the US handpick a company or one of their contractors to manage this. You're implying that a PRIVATE CORPORATION would never follow the will of the one feeding it... I could as could anyone else point out the systemic abuse that would follow. One would have to be ignorant to ignore the potential for abuse not solely from a government whispering sweet nothings in the ear for sake of perhaps censorship, but what about the private abuse... No form of oversight other than the US and our Department of Terrorism and Paranoia Security are mentioned. // QUOTED // "Nowhere in the document do we make any proposal about the identity of the Root Key Operator," said Maughan, the cyber-security research and development manager for Homeland Security. // END QUOTE// Uh... In the same article it states "The draft lays out a series of options for who could be the holder, or "operator," of the Root Zone Key, essentially boiling down to a governmental agency or a contractor." Yet here is Maughan stating "Oh no... DHS and the US government won't pick who holds keys..." // QUOTE // "The Root Key Operator is going to be in a highly trusted position. It's going to be a highly trusted entity. The idea that anyone in that position would abuse it to spoof addresses is just silly." // END // The idea that it has a huge potential for abuse is not silly. I can see where some would be either too good hearted to take heed to common logic, but the potential for abuse is right smack dab in anyone's face. You pointed out the article Mr. Sachs, so please explain to me how you can now come back and state "But the DHS has no intention on controlling the key... Sure they intend on handpicking who does, but that doesn't mean said company will not follow what it is mandated to do by US government, nor will said company abuse it on their own." I can point out hundreds of contractors with the government who so blatantly con the government and circumvent laws. But that would be geared towards a political mailing list, not this one. So if we're to stick to the facts, getting the gist out of the article you chose... You just re-confirmed the US government's underlying desire to somehow control the root keys... -- ==================================================== J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 echo infiltrated.net|sed 's/^/sil@/g' "Wise men talk because they have something to say; fools, because they have to say something." -- Plato