DNSSEC-bis problem, politics or technical?

[William Muriithi]

Hello Pals,

Looked at DNSSEC recently and it really look like it can be going somewhere
finally. Not sure though, but it seems like most of the technical problems
at least have finally been ironed out. Ok, I will hedge that and say I would
not mind to be corrected.

Now, I was curious how the political side of it is shaping up and I can only
see discussion before the new USA government, read a little dated. There is
serious fear that DNSSEC would finally allow the governments - specifically
USA government to have control over the Internet - that is, if they end up
being the trustee to the root key signing key (KSK). After thinking about
it, I do agree its a problem, but can not think of any alternative that look
better. Has there been any agreement on this issue or is there someone here
in the know of what will likely be the be the compromise.

One last question, it look like other than Window 7 and Linux (Not sure if
all distro, but aware that fedora 11 has dnssec capable resolver), will it
ever be possible to back port these new resolvers to the old install base?
For example to XP or RHEL 5. It may take too long for there to be heavy use
of dnssec if this never happen.

Anyway would be happy to see discussion on this, especially if someone has
experience with it


Regards,

William
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20090623/01f0c3e4/attachment.html>