Topics: 2008
JPRS Comments in Response to Notice of Inquiry by the U.S. DoC on DNSSEC
On 22 November 2008, JPRS submitted its comments responding to the Notice of Inquiry which had been opened on 9 October by the National Telecommunications and Information Administration (NTIA), U.S. Department of Commerce (DoC).
The Notice of Inquiry invites comments regarding implementation of DNSSEC at the root zone. JPRS submitted its position from the standpoint of supporting early deployment of DNSSEC.
References:
- Notice of Inquiry Department of Commerce National Telecommunications and Information Administration Docket No. 0810021307-81308-01 Enhancing the Security and Stability of the Internet's Domain Name and Addressing System
- http://www.ntia.doc.gov/frnotices/2008/FR_DNSSEC_081009.pdf
- NTIA Seeks Public Comments Regarding the Deployment of DNSSEC
http://www.ntia.doc.gov/DNS/dnssec.html
JPRS Comments
To: Office of International Affairs National Telecommunications and Information Administration, U.S. Department of Commerce
---------------------------------------------------------------------- DNSSEC is the technology that the Internet community has been cooperatively designing and verifying for a long time, carefully considering backward compatibility with the existing DNS, its performance issues, conformance issues with the current Internet structure and so on. We consider DNSSEC to be the only practical solution we are currently able to take to protect DNS fundamentally from data manipulation attempts.
From the standpoint of properly moving the Internet forward with timely response to security demands, those who are involved in root DNS or TLD DNS administration have great responsibility to the community. Proactively deploying DNSSEC into the root/TLD zones would be one of the key elements in answering these demands and is considered to be the right thing to do in line with their roles.
Operation flow should be designed so as to avoid the situation where a human error would lead to catastrophe, such as a whole TLD zone vanishing from DNSSEC-aware resolvers due to mismatching of TLD keys in a delegation point.
----------------------------------------------------------------------
|