[DT-F] [CWG-Stewardship] Several questions for DT-F

[David Conrad]

[Back to Design Team "F"]

Milton,

> If separation between RZM and IANA RZ editing is intended to provide
> two-factor authentication, then it implies a certain level of autonomy among
> the parties, does it not? RZM cannot be a passive recipient of IANA
> instructions that are automatically implemented ­ can they? Or is there some
> way to automate the exchange between IANA and VRSN that still allows some kind
> of additional error or security check or some way to filter out of policy
> abuses?

I still do not believe this is the right time to explore implementation
options as there are a lot of them, each with their own pros and cons, and I
believe it more important to identify actual requirements before jumping
into implementation choices.  However, for the sake of argument, one
potential implementation choice:

As we discussed earlier, if you place an audit function after the editing
and signing of the zone but prior to distribution, the auditor can verify
that change proposed matches the change implemented.  Any change that shows
up in the (signed) root zone that was not in the set that was proposed to
IANA would be indicative of either accident or nefariousness. (Also, since
the zone is signed, the auditor would not be able to make undetectable
changes, if that's a worry).  In this model, the two party controls are the
(a) root zone editor/signer and (b) the root zone auditor/distributor.

Regards,
-drc




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/cwg-dtf/attachments/20150417/909a9f0a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4673 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/cwg-dtf/attachments/20150417/909a9f0a/smime.p7s>