So we finally have a signed root zone.
Now when is someone going to answer the question I first asked over five years ago and have still not had an answer to: How do the domain name owner's keys get into the TLD?
Before we have a system people can use there have to be technical standards, validation criteria and a business model. Where are they?
And before we can answer any of those questions we have to answer the even bigger one: what problem is DNSSEC going to solve?
Or to be more precise: which security problem is DNSSEC going to solve. Because if the idea is that DNSSEC is going to eliminate the need for people to pay for those pesky SSL certificates, then expect some tense moments at ICANN meetings. Most registrars sell domain names at cost and make their margins on upsells such as web hosting and SSL certificate resale.
Then there is the question of liability. So far DNSSEC has been run by ICANN and the registries and we can be pretty sure that to the extent issues of liability have been thought about at all, neither is willing to accept it. Which leaves the registrars on the hook for liabilities that are unknown and uncontrolled.
SSL certificate authorities have developed mechanisms that allow them to control their liability and avoid lawsuits. They do not warrant the outcome, they warrant the process. They embed relying party agreements and offer insurance. DNSSEC as currently designed does not provide any of those controls.
So looking at DNSSEC from the registrar's point of view, they are expected to invest in building out an as yet undefined technical infrastructure for a product for which demand has not yet been demonstrated, will cannibalize existing revenues and incur unknown (but uncontrolled) revenues.
Is it really just me who sees it this way?
Is there anyone else interested in looking at these issues?
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Neustar DNS Services
Neustar DDoS Protection
Minds + Machines