Sigh, I always forget that default reply is not to the list.
-------- Original Message --------
Subject: Re: [nznog] I don't trust the NZRS DNSSEC procedures... Yet
Date: Wed, 08 Jun 2011 12:41:05 +1200
From: Mark Harris
Organization: Technology Research and Consultancy Services
To: Jay Daley
In any system, ours as proposed for .nz, or the TCR system for the root, collusion between multiple bad actors can lead to controls being subverted and key material stolen.
What makes this more likely than one bad actor with the whole of the key available to them? If the actors are chosen well, splitting the key reduces risk, rather than increase it. Which leads me to the point about trusting individuals to run the system. You need to publish the processes by which the people will be checked, so that the community can have trust that the individuals chosen will always be trustworthy, because untrustworthy persons won't make it through the process. Any system which is built around known individuals has already failed, when it comes to reliability. The risk is inherent.
We are more than happy to publish older versions of the DPS forever and a day, though I can't yet commit that we will make diffs available as well.
With respect, Jay, it's not rocket science to do this. Wikipedia offers a good model for displaying differing versions - just restict the authors.
Adding DNSSEC does not increase the control that NZRS has over .nz or the risks from bad actors within NZRS and so adding a TCR step for that would be disproportionate.
And yet it's not. Adding a TCR would engender trust from the community you need to trust you, so not adding a TCR will be the risk that is disproportionate. ;-) Checks and balaces, Jay. ~mark