On Jul 5, 2024, at 09:53, Jeroen Massar via NANOG <nanog@nanog.org> wrote: Please note that: - Markmonitor is owned by Newfold Digital / Endurance International [1] - Network Solutions is owned by Web.com <http://web.com/> [2] - Web.com <http://web.com/> is... owned by Newfold Digital [3]
And... we all still have ICANN as an ultimate power, and the TLD itself, next to the above registrar.
There is always going to be single point of failures in a hierarchical tree like that.
Taking off on what Jeroen is saying here… A huge amount of PCH’s work is with TLD registries. Much of that is ccTLDs, national domains, but a fair bit is also with brand TLDs. I think a lot of people are dismissive of brand TLDs, thinking “oh, that’s just trademark protection.” And MarkMonitor and CSC were, admittedly, a part of the reason why people treat them dismissively. The majority of brand TLDs lie fallow, with little to no use. That’s unfortunate, because a TLD of its own is one of the VERY BEST things an organization can do to reduce security externalities. It’s a really foundational building-block in modern security. You can do DNSSEC and DANE and use all of the security tools and processes that build upon those, without having to depend upon the (largely non-existent) security of the registrar-registry chain. There are more protocols and tools coming down the pike that build further on that foundation. There are browsers coming which will trust the existence or non-existence of a DANE cert, without allowing a downgrade attack to a bogus CA cert. There are Digital Emblems coming (participate in the BoF at the IETF if you care!). That leaves you with just the one (?) externality of the IANA (and the RZM agreement) which, yeah, you’re not going to get past. But that’s done very, very securely, so if you have to trust one external party, at least they’re _competent_ and well-funded and not going to get acquired by a Florida Man private-equity outfit. ICANN’s going to open another round of TLD applications, and I expect a lot of companies to go into that with their eyes more open than last time, knowing why they’re doing it. It’s not about brand protection, it’s about disintermediating the root of trust and giving yourself a solid foundation for your security architecture. -Bill