Internet pioneer Phillip Hallam-Baker, the former principal scientist at Verisign, in a letter to the Department of Commerce, is claiming that the current DNSSec root signing agreements betwen ICANN and Verisign is a, "profoundly destabilizing technology"...

 

 

 

He description of the freedom to choose other competing providers of DNS root services represents, "an opportunity of exit" for other sovereign governments, and this includes the average ISP and Joe user as well, sitting at home enjoying an evening surfing favorite sites in the Inclusive Name Space.

 

ICANN and Verisign plan on implementing DNSSec before the end of 2009 at the key and signing levels, with an opt-in for TLD Holders.

 

As Hallam-Baker explains it, the option to choose from the various competing providers of root services, or even the ability for a sovereign government, ISP, or corporate Intranet provider to establish their own custom DNS name space is a, "safety valve that keeps ICANN and the US control of ICANN in check."

 

Increasing tension over US Control of critical resources on the Internet have the Chinese, French, Brazillian, Russian, and Egyptian representatives to ICANN in a precarious position over their concerns for their part in shaping the Internet, and it's available resources in their respective nations.

 

The Department of Homeland Security was warned of the potentially explosive nature of proceeding with the advance of DNSSec, after clearly being pointed out by DNK, LLC, a contracted consulting group, which said that the signing of ICANN's legacy root system and the key management will likely result in battle lines being drawn over it's acceptance on an international level.

 

The gross politicization of core internet standards, RFCs and DNSSEC as of late is covered in detail in DNK's report, including how all of this occured.

 

Paul Vixie of ISC stated, ""If you hold the [DNSSEC] keys you can decide who is the root zone file editor and who are the root servers. You hold the keys to the Internet kingdom." Not quite, as a two tiered system offered up by Internet Technologist Thierry Moreau is but one obvious opt-out for Universities and other organizations (and competing providers of root services) to consider implementing, while still opting-in.

 

With all of the political posturing to protect DNS Roots from injection of harmful data, DNSSec neither scales well in comparison with other protocols nor co-exists nicely with the other various root service providres around the world.