[DT-F] REVISED: Design Team F kickoff
Alan Greenberg
alan.greenberg at mcgill.ca
Wed Apr 8 16:21:13 UTC 2015
At 08/04/2015 05:48 AM, Jaap Akkerhuis wrote:
> David Conrad writes:
>
> >
> > >Given that Design Team D proposes to do away with the NTIA
> > >authrization step[2] and that the CWG takes accept it seems to me that
> > >the task is merely describing the changes needed in the current
> > >procedure.
> >
> > The current procedure is documented at a high level in SAC067, figure #1
> > (and its description) on pages 13 and 14. In the near term, the
> > authorization step (step 3 in figure #1) can probably most simply be
> > addressed by having ICANN instead of NTIA "push the button" to authorize
> > the change.
>
>I was actually triggered by the phrase "architecture for publication
>of the Root Zone" in Alan's mail. I read that as a slightly bigger
>task (including root zone server operators etc.) then just the
>threeway exchange we have currently.
For the record, my intent was that I was referring to the 3-way
communications as transformed to 2-way without the NTIA (plus
anything new we introduce!). Certainly following that, the zone file
would be made available to the root operators, but I was not
envisioning the mechanics of that changing at this time.
Alan
> >
> > Some examples of potential/theoretical problems in the current system I
> > can think of:
>
>Most of these practical problems do actually already exists.
>
> >
> > 1. Since no other party sees proposed changes until they are published,
> > the IANA Function Operator role can theoretically propose a change outside
> > of policy that will be published to the root Whois and/or root zone.
>
>Yes, and that brings the discussion about a last resort appeals panel
>back. I do think that not all changes will have a severe impact. But
>changes which looks like (re-)delegations might indeed requite more
>examinations then ther is now.
>
> >
> > 2. Since the Root Zone Maintainer role holds the DNSSEC-signing key and
> > publishes the signed root zone, they have the theoretical ability to
> > unilaterally make out of policy changes to the root zone.
>
>Yup, as is now.
>
> >
> > 3. It is possible for a single party involved in root management to deny
> > service at each interface between parties in the existing system, e.g.:
>
> > A) IANA Function Operator refusing to process requests from the TLD
> > manager;
> > B) the Root Zone Administrator refusing to authorize changes submitted by
> > the IANA Function Operator; or
> > C) the Root Zone Maintainer refusing to implement changes submitted by the
> > IANA Functions Operator and authorized by the Root Zone Administrator.
>
>So we should look to what would be happening now in these cases and
>then see that similar measures will be taken.
>
> >
> > 4. Checks and balances between the IANA Function Operator and Root Zone
> > Maintainer roles are largely implemented via contractual obligations with
> > the Root Zone Administrator.
> >
> > Note that #1, #2, and #3 can be either accidental (mistakes or failures)
> > or malicious (via attacks or an "insider threat" --
> > http://en.wikipedia.org/wiki/Insider_threat). In many "critical systems"
> > cases I'm aware of, these kinds of risks dealt with by having some sort of
> > "two person rule" (http://en.wikipedia.org/wiki/Two-man_rule). Obviously,
> > as we do not have a "two person rule" now, we (the Internet's users) rely
> > on #4 to mitigate the risks associated with #1-#3. It's probably worth
> > noting that in a worst case, any remedy would be after the fact.
>
>Yes, after the fact and you wat to be able to undo these (mistakes or
>failures) as quickly a possible to prevent more damage.
>
> >
> > >>- Current NTIA operational involvement and if/how this needs to be
> > >>replaced or compensated for.
> >
> > Removing NTIA from the operational aspect of the Root Zone Administrator
> > role is relatively straight forward as mentioned above. However, the
> > removal of the NTIA contractual obligations may suggest a need for greater
> > reliance on built-in mechanisms to ensure appropriate principles are met.
>
>Given that everything is up in the air, I wonder (thinkig out looudly)
>whether currently we can point to these problems and point out that in
>future a better solution needs to be found, For now some ad-hoc
>mechanism (ICANN, Independent Auditors) could replace the NTIA
>operational role.
>
> jaap
>_______________________________________________
>cwg-dtf mailing list
>cwg-dtf at icann.org
>https://mm.icann.org/mailman/listinfo/cwg-dtf
More information about the cwg-dtf
mailing list