[EURO-Discuss] Short bio for the election of the Euralo representatives to the ALAC

[Lutz Donnerhacke]

On Thu, Aug 28, 2008 at 05:22:17PM +0200, JFC Morfin wrote:
> I think we would be really interested to know your opinion on @large
> oriented whys, cons and pros of DNSSEC vs. other possibilities.

DNSSEC introduces a public key infrastructure. There is a lot of FUD around,
but a working DNSSEC provides decentral certification services for free. DNS
is capable to hold SSL certificates as well as S/MIME and openPGP keys.
That's the main reason for opposing DNSSEC from some industry heavily
involved into certification business: They fear to lose their business.

This way DNSSEC offers freedom of obtaining certificates in their self
managed (sub)domains.

Of course, classical certificates are able to check more than holding the
domain. They are necessary to build legal reationships for business
contracts. Thats why they check that the owner of the certificate is the
right one regardless of the current DNS state (which might be under attack).
But for most cases, the difference will not relevant for the private user.

> where could we find an @large readable documentation on DNSSEC, its 
> governance needs, etc. Should it be operated under ICANN or as an IGF 
> enhanced cooperation (I understand that ICANN planned to catalyse a 
> DNSSEC dedicated structure gathering the TLD Managers?).

> Should ALAC not be a partner into it?

Of course, that's why I voluteer for a DNSSEC track on the AtLarge summit in
Cairo. Preparing this track requires to collect and write such materials.