On Technical (and Political) Risks

As we noted earlier, Public Interest Registry wants to implement DNSSEC in the .org zone. DNSSEC makes the domain name resolution process more secure, but it’s complicated to implement. According to ICANN's regulations, this is a “new registry service” and it has to be reviewed by a committee of technical experts to assess its impact on the security and stability of the Internet before it can be approved. (If you know the history, you could call this the “Sitefinder-catcher”).

The ICANN Registry Services Technical Evaluation Panel (RSTEP) released its report on PIR's proposal June 4. The report, like so many things associated with DNSSEC implementation, has fascinating implications which are buried in technical details that few people will understand. The report is worth reading, however — not so much for what it says about the PIR proposal specifically (it will be approved) but to obtain a better idea of some of the techno-economic issues associated with DNSSEC implementation.

One conclusion that could be drawn from the report is that the US government's insistence on maintaining control of the root zone file is actually decreasing Internet security. Although “security and stability” is often the mantra of those seeking to rationalize US unilateral control, the simple fact is that many people in the Internet operations and policy aren’t at all comfortable with the idea of giving one government unilateral oversight of the Internet's DNS root signing keys. This means, in effect, that the US role has made it impossible to implement DNSSEC the way it was originally envisioned during the standard’s development — by signing the DNS root zone and distributing a single DNS trust anchor. So registries like PIR that want to implement DNSSEC are forced to operate their own trust anchor.

Guess what? The RSTEP report notes that most of the security and stability risks associated with PIR's proposals are related to the unsigned root zone. As the report says on page 11, “If the root zone were signed, it would not be necessary for PIR themselves to distribute and support a trust anchor for the .org zone. Many of the stability issues analyzed in this report would either not exist at all, or would be much more tractable, if the root were already signed.” See our earlier report for some discussion of how to sign the root while escaping the divisive political cul de sac of US political oversight.

Another interesting implication of the report is that many of the other security risks associated with DNSSEC implementation have to do with the compulsory vertical separation of registrar and registry functions. It seems that maintaining the ongoing security of zones would be much simpler for registrants if the process were more integrated. We understand, of course, the huge benefits delivered by having registrar competition. What we have here is a trade-off that is typical in regulatory policy between security and end user convenience on the one hand, and lower prices and diverse service alternatives on the other.

Given the importance of tradeoffs like these in shaping risk, it would be nice if these technical committees of ICANN had more economics expertise to complement the DNS technical experts. A lawyer or two with expertise in the liability issues wouldn't hurt, either.

As for PIR’s proposal, let them give it a try. The RSTEP report notes that while implementation of DNSSEC involves security risks (as does any new implementation), those risks “can be effectively mitigated by policies, decisions, and actions to which PIR either has expressly committed in its proposal or could reasonably be required to commit.”

(Disclosure: Milton Mueller is a member of PIR’s Advisory Council, appointed by the Noncommercial Users Constituency.)

Comments are closed.