05.2007 Securing The Root: A Proposal For Distributing Signing Authority

[Abstract]

Drafters: Brenden Kuerbis, Milton MuellerManagement of the Domain Name System (DNS) root zone file is a uniquely global policy problem. For the Internet to connect everyone, the root must be coordinated and compatible. While authority over the legacy root zone file has been contentious and divisive at times, everyone agrees that the Internet should be made more secure. A newly standardized protocol, DNS Security Extensions (DNSSEC), would make the Internet’s infrastructure more secure. In order to fully implement DNSSEC, the procedures for managing the DNS root must be revised. Therein lies an opportunity. In revising the root zone management procedures, we can develop a new solution that diminishes the impact of the legacy monopoly held by the U.S. government and avoids another contentious debate over unilateral U.S. control. In this paper we describe the outlines of a new system for the management of a DNSSEC-enabled root. Our proposal distributes authority over securing the root, unlike another recently suggested method, while avoiding the risks and pitfalls of an intergovernmental power sharing scheme.

Suggested citation: Brenden Kuerbis and Milton Mueller, “Securing The Root: A Proposal For Distributing Signing Authority” (May 17, 2007). Internet Governance Project. Paper IGP07-002. Available at http://internetgovernance.org/pdf/SecuringTheRoot.pdf

Comments are closed.