[DT-F] REVISED: Design Team F kickoff

David Conrad david.conrad at icann.org
Thu Apr 9 18:13:20 UTC 2015 

Hi,

>> Not agreeing or disagreeing (just trying to understand at this point), but if
>> I can cast that as a (proposed) requirement, are you saying:
>> 
>> "Future relationships related to root zone management must provide for an
>> (accredited) independent auditor"
>> 
>> If so, what would you think should be audited?
> 
> One solution I have heard is that IANA makes its revised zone file available
> to an auditor, and the RZ maintainer does the same, and the zone file cannot
> be published until the auditor confirms that they match.

Well, match except for DNSSEC-related stuff since the IANA Function Operator
does not have the root zone Zone Signing Key.  Fortunately, that could be
easily dealt with: simply ignore the DNSSEC-related records during the
comparison.  This also has the advantage that the auditor wouldn't
necessarily need to understand DNS ‹ it'd just be comparing two files to see
if they match. This would allow a wide array of potential auditing firms.

> That conforms that the RZ maintainer does not make any mistakes. It does not
> verify that IANA did not make a mistake once a change is confirmed by the
> registry.

Hmm. Perhaps that last bit could be addressed by having the IANA Function
Operator publicly post the proposed change after validation? The Root Zone
Maintainer could then verify that only the change proposed by the TLD
manager was forwarded by the IANA Function Operator for processing without
having the Root Zone Maintainer have to maintain their own relationship with
the TLD managers.

However, this is getting into implementation which I'm trying to avoid as I
don't think we have the timeŠ (even if it is more fun :))

Regards,
-drc



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/cwg-dtf/attachments/20150409/c9082f39/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4673 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/cwg-dtf/attachments/20150409/c9082f39/smime.p7s>

More information about the cwg-dtf mailing list