[CWG-Stewardship] DNSSEC wrinkle...

James Gannon james at cyberinvasion.net
Tue Jun 9 09:12:26 UTC 2015 

Hey all,
DNSSEC does not modify the standard execution path and/or is not used for the development of intrusion software and thus won’t be subject to any of the controls that may be put in place by the signatory states to the Wassenaar Arrangement. So the IANA either in its current or future form should not have any interactions with the export controls proposed.

For anyone interested I wrote about some of the background and potential impact of the arrangement as a guest post on IGP: http://www.internetgovernance.org/2015/05/25/wassenaar-turning-arms-control-into-software-control/ 

-James




On 09/06/2015 04:46, "cwg-stewardship-bounces at icann.org on behalf of manning" <cwg-stewardship-bounces at icann.org on behalf of bmanning at karoshi.com> wrote:

>for the 41 countries that are affected…   The IANA process for DNSSEC might need some explanation as well as DNSSEC support on a global basis.
>———
>
>The Wassenaar Arrangement (full name: The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies) is a multilateral export control regime (MECR) with 41 participating states including many former COMECON (Warsaw Pact) countries.
> 
>An FRN issued on 5/20/2015 https://www.federalregister.gov/articles/2015/05/20/2015-11642/wassenaar-arrangement-2013-plenary-agreements-implementation-intrusion-and-surveillance-items describes a proposal by Department of Commerce’s Bureau of Industry and Security (BIS) for a license requirement for the export, reexport, or transfer (in-country) of systems, equipment or components specially designed for the generation, operation or delivery of, or communication with, intrusion software; software specially designed or modified for the development or production of such systems, equipment or components; software specially designed for the generation, operation or delivery of, or communication with, intrusion software; technology required for the development of intrusion software; Internet Protocol (IP) network communications surveillance systems or equipment and test, inspection, production equipment, specially designed components therefor, and development and production software and technology therefor.
> 
>The FRN notes that BIS is seeking information about the effect of this rule and would appreciate the submission of comments, and especially answers to the following questions:
>
>1. How many additional license applications would your company be required to submit per year under the requirements of this proposed rule? If any, of those applications:
>a. How many additional applications would be for products that are currently eligible for license exceptions?
>b. How many additional applications would be for products that currently are classified EAR99?
>
>2. How many deemed export, reexport or transfer (in-country) license applications would your company be required to submit per year under the requirements of this rule?
>
>3. Would the rule have negative effects on your legitimate vulnerability research, audits, testing or screening and your company's ability to protect your own or your client's networks? If so, explain how.
>
>4. How long would it take you to answer the questions in proposed paragraph (z) to Supplement No. 2 to part 748? Is this information you already have for your products?
>
>* The ADDRESSES section of this proposed rule includes information about how to submit comments.
>
>———
>manning
>bmanning at karoshi.com
>PO Box 12317
>Marina del Rey, CA 90295
>310.322.8102
>
>
>
>_______________________________________________
>CWG-Stewardship mailing list
>CWG-Stewardship at icann.org
>https://mm.icann.org/mailman/listinfo/cwg-stewardship

More information about the CWG-Stewardship mailing list