Re: [ga] RSTEP Report on PIR's Request to Implement DNSSEC in .ORG

["Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>]

All,

  It is my and our members belief that DNSSEC if properly
implemented does not create a reasonable risk of a
meaningful adverse effect on security and stability.  The key
here is how DNSSEC is implemented however.  Therefore given the
team at PIR, especially Paul Hoffman, I and our members
our confident that PIR can if it chooses to, implement a
very good DNSSEC implementation.  The key here is if
PIR "Chooses to" do a full and complete implementation.
A "watered down/dumbed down" implementation will be of
lettle use or can indeed cause significant harm.

  Further it is in our members opinion that DNSSEC should
be implemented as a mandatory requirement for all TLD
registries as a matter of amended RAA contracts and
ICANN accreditation of said TLD Registries and the
safety and security of all Domain Name owners as well 
as users.

As you and most attentive GA'ers know, all of our members
have as of either 3 years ago and/or as a matter of membership
requirement implemented DNSSEC for their Domain Names. I know
of no reported or recognized problems associated with any
of those DNSSEC implementations to date. 

  Now if we/ICANN can only get IPSEC as a mandatory requirement
for all Registries and Registrars implemented, which in our
members opinion should have been a mandatory requirement for
all TLD, IP registries and Domain Name Registrars from the 
outset circa 1999 as I repeatedly and clearly articulated
in behalf of our members at that time.





-----Original Message-----
>From: "GNSO.SECRETARIAT@xxxxxxxxxxxxxx" <gnso.secretariat@xxxxxxxxxxxxxx>
>Sent: Jun 6, 2008 4:07 AM
>To: ga@xxxxxxxxxxxxxx
>Subject: [ga] RSTEP Report on PIR's Request to Implement DNSSEC in .ORG
>
>
>[To: council[at]gnso.icann.org; liaison6c[at]gnso.icann.org]
>[To: ga[at]gnso.icann.org; announce[at]gnso.icann.org]
>[To: regional-liaisons[at]icann.org]
>
>http://icann.org/en/announcements/announcement-2-05jun08-en.htm
>
>RSTEP Report on PIR's Request to Implement DNSSEC in .ORG
>5 June 2008
>
>On 21 April 2008, ICANN referred Public Interest Registry (PIR)'s
>proposed implementation
>(http://icann.org/registries/rsep/pir-request-03apr08.pdf) [PDF, 205K]
>of DNS Security Extensions (DNSSEC) in .ORG to the Registry Services
>Technical Evaluation Panel (RSTEP). In accordance with the Registry
>Services Evaluation Policy (RSEP)
>(http://icann.org/registries/rsep/rsep.html), the RSTEP had 45 calendar
>days to review the proposal and prepare a written report on whether the
>proposed Registry Service creates a reasonable risk of a meaningful
>adverse effect on Security or Stability. The RSTEP Review Team completed
>its report that can be found at
>http://icann.org/registries/rsep/rstep-report-pir-dnssec-04jun08.pdf
>[PDF, 481K]. Very briefly, the technical evaluation found that the
>proposed implementation of DNSSEC, "does create a reasonable risk of a
>meaningful adverse effect on security and stability, which can be
>effectively mitigated by policies, decisions, and actions to which !
>  PIR
>either has expressly committed in its proposal or could reasonably be
>required to commit."
>
>The Review Team consisted of the following members:
>
>Patrik Fältström (Cisco; USA)
>Paul Hoffman (VPN Consortium, USA) (Chair)
>Mark Kosters (ARIN, USA)
>Frederico A C Neves (NIC.br, Brasil)
>Andrew Sullivan (Command Prompt, Canada)
>
>Under the terms of the RSEP, following receipt of the RSTEP report, the
>ICANN Board will determine whether the proposed Registry Service creates
>a reasonable risk of a meaningful adverse effect on Stability or Security.
>
>ICANN invites public comments on the RSTEP Report through 20 June 2008
>23:59 UTC. Comments can be submitted to pir-dnssec-proposal@xxxxxxxxx,
>and viewed at http://forum.icann.org/lists/pir-dnssec-proposal/. All
>documents related to the PIR proposal are available at
>http://www.icann.org/registries/rsep/#2008004.
>
>The Board is expected to consider the RSTEP Report and PIR's proposal
>following synthesis and reporting of the public comment.
>-- 
>Glen de Saint Géry
>GNSO Secretariat - ICANN
>gnso.secretariat[at]gnso.icann.org
>http://gnso.icann.org
>
>