Summary and Analysis of Comments on PIR Proposal
- To: "pir-dnssec-proposal@xxxxxxxxx" <pir-dnssec-proposal@xxxxxxxxx>
- Subject: Summary and Analysis of Comments on PIR Proposal
- From: Patrick Jones <patrick.jones@xxxxxxxxx>
- Date: Wed, 28 May 2008 09:26:54 -0700
Summary and Analysis of Public Comments for:
PIR's PROPOSED IMPLEMENTATION OF DNSSEC
Comment Period Ended: 24 May 2008
Summary Published: 28 May 2008
Public Interest Registry (PIR) submitted a proposal through the Registry
Services Evaluation Process to implement DNSSEC in .ORG. ICANN conducted a
public comment period on the proposal from 23 April to 24 May 2008. Four
comments were received into the comment forum, all generally supportive of the
PIR proposal. Comments were received from the Internet Governance Project
(IGP), the Electronic Privacy Information Center (EPIC), Russ Housley and Dan
Dan Mahoney noted that he was a long-time .ORG domain name holder and that he
was in support of PIR's move to implement in DNSSEC. See
Russ Housley noted that he is the current Chair of the IETF. He encouraged
ICANN to approve the request from PIR, and to sign ICANN.org and IANA.org.
Housley stated that "It is my strong belief that DNSSEC should be used
throughout the Internet to ensure that these names are resolved properly." See
EPIC provided thorough comments on the PIR proposal and noted that "DNSSEC will
significantly improve the authentication of the servers that provide domain
names and therefore the paths to websites and other Internet services for end
users." See http://forum.icann.org/lists/pir-dnssec-proposal/msg00002.html.
EPIC stated that users should be fully informed about the DNSSEC protocol and
proposed "the development and endorsement of a transparent and user-friendly
way to help users verify a DNSSEC request and help them make judgments on the
trustworthiness of other requests." Further, "EPIC proposes that any entity
owning or regulating the keys in the root zone is transparent about its intent
and activities concerning DNSSEC and installs procedures to be held accountable
for its actions regarding DNSSEC."
Finally, EPIC recommends that NSEC3 be implemented with DNSSEC in .ORG. "EPIC
hopes that the implementation of DNSSEC in the .ORG domain will lead to a more
secure and transparent way for end user to use the Internet. We recommend a
thorough evaluation of the implementation and when the results are positive,
research possible extensions of DNSSEC to other domains on the Internet."
IGP in general supports the PIR proposal, but notes that "the proposal raises
important issues surrounding cryptographic key management and coordination with
other parties, which are essential components of successful DNSSEC deployment."
IGP supports the proposed contract amendment to alter the terms of the .ORG
Registry Agreement related to the escrow and storage of private key data.
IGP also noted that registrars may incur the bulk of the costs associated with
implementing DNSSEC. "Since registrars face registrants directly, they will
have to provide sales and marketing of DNSSEC and ongoing customer support. If
registrars aren't able to convince registrants of the value of DNSSEC it's hard
to see them making much effort to provide it."
IGP suggests close coordination with registrars, and Internet Service
Providers, in the implementation of DNSSEC in .ORG.
The summary of comments will be posted on the ICANN Public Comment page and
provided to the RSTEP Review Team and ICANN Board as part of the consideration
of the PIR DNSSEC proposal. The Board is expected to consider the RSTEP Report
and PIR proposal during the Board's meeting in Paris on 26 May 2008.
Internet Governance Project (Brenden Kuerbis on behalf of IGP)
Electronic Privacy Information Center (Marc Rotenberg on behalf of EPIC)
Russ Housley (IETF Chair)
Patrick L. Jones
Registry Liaison Manager &
Coordinator, ICANN Nominating Committee
Internet Corporation for Assigned Names & Numbers
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292
Tel: +1 310 301 3861
Fax: +1 310 823 8649