Summary and Analysis of Comments on PIR Proposal

[Patrick Jones <patrick.jones@xxxxxxxxx>]

Summary and Analysis of Public Comments for:

PIR's PROPOSED IMPLEMENTATION OF DNSSEC

Comment Period Ended: 24 May 2008
Summary Published: 28 May 2008

BACKGROUND

Public Interest Registry (PIR) submitted a proposal through the Registry 
Services Evaluation Process to implement DNSSEC in .ORG. ICANN conducted a 
public comment period on the proposal from 23 April to 24 May 2008. Four 
comments were received into the comment forum, all generally supportive of the 
PIR proposal. Comments were received from the Internet Governance Project 
(IGP), the Electronic Privacy Information Center (EPIC), Russ Housley and Dan 
Mahoney.

COMMENTS

Dan Mahoney noted that he was a long-time .ORG domain name holder and that he 
was in support of PIR's move to implement in DNSSEC. See 
http://forum.icann.org/lists/pir-dnssec-proposal/msg00000.html.

Russ Housley noted that he is the current Chair of the IETF. He encouraged 
ICANN to approve the request from PIR, and to sign ICANN.org and IANA.org. 
Housley stated that "It is my strong belief that DNSSEC should be used 
throughout the Internet to ensure that these names are resolved properly."  See 
http://forum.icann.org/lists/pir-dnssec-proposal/msg00001.html.

EPIC provided thorough comments on the PIR proposal and noted that "DNSSEC will 
significantly improve the authentication of the servers that provide domain 
names and therefore the paths to websites and other Internet services for end 
users." See http://forum.icann.org/lists/pir-dnssec-proposal/msg00002.html.

EPIC stated that users should be fully informed about the DNSSEC protocol and 
proposed "the development and endorsement of a transparent and user-friendly 
way to help users verify a DNSSEC request and help them make judgments on the 
trustworthiness of other requests." Further, "EPIC proposes that any entity 
owning or regulating the keys in the root zone is transparent about its intent 
and activities concerning DNSSEC and installs procedures to be held accountable 
for its actions regarding DNSSEC."

Finally, EPIC recommends that NSEC3 be implemented with DNSSEC in .ORG. "EPIC 
hopes that the implementation of DNSSEC in the .ORG domain will lead to a more 
secure and transparent way for end user to use the Internet. We recommend a 
thorough evaluation of the implementation and when the results are positive, 
research possible extensions of DNSSEC to other domains on the Internet."

IGP in general supports the PIR proposal, but notes that "the proposal raises 
important issues surrounding cryptographic key management and coordination with 
other parties, which are essential components of successful DNSSEC deployment." 
See http://forum.icann.org/lists/pir-dnssec-proposal/msg00003.html.

IGP supports the proposed contract amendment to alter the terms of the .ORG 
Registry Agreement related to the escrow and storage of private key data.

IGP also noted that registrars may incur the bulk of the costs associated with 
implementing DNSSEC. "Since registrars face registrants directly, they will 
have to provide sales and marketing of DNSSEC and ongoing customer support. If 
registrars aren't able to convince registrants of the value of DNSSEC it's hard 
to see them making much effort to provide it."

IGP suggests close coordination with registrars, and Internet Service 
Providers, in the implementation of DNSSEC in .ORG.

NEXT STEPS

The summary of comments will be posted on the ICANN Public Comment page and 
provided to the RSTEP Review Team and ICANN Board as part of the consideration 
of the PIR DNSSEC proposal. The Board is expected to consider the RSTEP Report 
and PIR proposal during the Board's meeting in Paris on 26 May 2008.

CONTRIBUTORS:

Internet Governance Project (Brenden Kuerbis on behalf of IGP)
Electronic Privacy Information Center (Marc Rotenberg on behalf of EPIC)
Russ Housley (IETF Chair)
Dan Mahoney

--
Patrick L. Jones
Registry Liaison Manager &
Coordinator, ICANN Nominating Committee
Internet Corporation for Assigned Names & Numbers
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292
Tel: +1 310 301 3861
Fax: +1 310 823 8649
patrick.jones@xxxxxxxxx