the panix hijacking and icann's transfer policy

Marc Schneiders marc at SCHNEIDERS.ORG
Wed Jan 19 11:46:38 CET 2005 

It seems I misunderstood you. I thought the TLD-level you were
speaking of, referred to the TLD zones. Signing of the root zone is
certainly easy.

On Tue, 18 Jan 2005, at 16:18 [=GMT-0500], Milton Mueller wrote:

> Marc:
> Not quite sure whether a TLD wouild have helped panix yet, but I do
> know that your analysis of Verisign and DNSSEC is not correct. The
> reason DNSSEC cannot be implemented for .com is because there are so
> many (tens of millions) of domain names in it. The processing
> requirements of DNSSEC applied to that scale is a major problem.
>
> But the root zone, which contains TLD, does not now and never will
> contain millions of records.
>
> >>> Marc Schneiders <marc at schneiders.org> 1/18/2005 2:29:29 PM >>>
> On Tue, 18 Jan 2005, at 12:04 [=GMT-0500], Milton Mueller wrote:
>
> > This incident underscores one of the reasons why ICANN should have a
> > policy of regularly adding TLDs to make them available for those who
> > need and can operate them.
>
> Though I agree about adding more TLDs, I don't see how it helps in
> hijacking domains.
>
> > Businesses and noncommercial services that depend entirely on a
> domain
> > name may want to have the option of owning, rather than "renting,"
> their
> > domain in order to increase security.
>
> Maybe we can learn something from the trade mark people here as
> regards ownership of something that can also become defunct, if you
> don't use it?
>
> > According to my imperfect
> > understanding, it is easier to implement DNSSEC at the TLD level than
> at
> > the SLD level.
>
> I have little understanding of DNSSEC too. I do understand enough
> about it, I think, to know that it would not have helped panix.com.
> Also the implementation is most difficult precisely at the TLD level.
> An engineer from VeriSign is the one who has time and again pointed
> out (on IETF mailing lists, when I still had time to read them) that
> the present protocol is impossible for a zone the size of .com. It
> would take ages and a very, very powerful machine to sign it.
>
> Marc Schneiders
>
>

More information about the Ncuc-discuss mailing list