Politics at play in DNS CERT debate
ICANN chief Rod Beckstrom may have shot himself in the foot when he claimed at the Nairobi meeting that the domain name system is “under attack” and “could stop at any given point in time”.
Beckstrom wants ICANN to create a new CERT, Computer Emergency Response Team, to coordinate DNS security, but he’s now seeing objections from country-code domain managers, apparently connected to his remarks last month.
Chris Disspain of auDA, Australia’s .au registry, has just filed comments on behalf of the ccNSO council, which he chairs, saying it’s not clear whether there’s any need for a DNS CERT, and that ICANN is moving too fast to create one.
It’s pretty clear from the ccNSO statement that Hot Rod’s fairly blunt remarks at the GAC meeting in Nairobi, which I transcribed in full here, have influenced the ccNSO’s thinking on the matter:
the comments of ICANN’s CEO and President, Rod Beckstrom, to governmental representatives in Nairobi, have the potential to undermine the productive relationships established under ICANN’s multi-stakeholder model, cause damage to the effective relationships that many ccTLD operators have developed with their national administrations and discounted the huge efforts of many in the ICANN and broader security community to ensure the ongoing security and stability of the Internet
Disspain had already strongly written to Beckstrom, during the ICANN meeting, calling his comments “inflammatory” and reiterating some of the points made in the latest ccNSO filing.
Beckstrom’s response to Disspain’s first letter is here. I would characterize it as a defense of his position.
It seems pretty crazy that something as important as the DNS has no official security coordination body but, as Disspain points out, there are already some organizations attempting to tackle the role.
DNS-OARC, for example, was set up to fulfill the functions of a DNS CERT. However, as founder Paul Vixie confessed, it has so far failed to do so. Vixie thinks energies would be better spent fixing DNS-OARC, rather than creating a new body.
ICANN’s comments period on its DNS CERT business case is open for another couple of days. It’s so far attracted only a handful of comments, mostly skeptical, mostly filed by ccTLD operators and mostly suggesting that other organizations could handle the task better.
If Beckstrom’s aim in Nairobi was to reignite the debate and Get Stuff Done by scaring stakeholders into action, he may find he’s been successful.
However, if his aim was to place ICANN at the center of the new security initiative, he may ultimately live to regret his remarks.
Either way, I expect DNS security will eventually improve as a result.
Recent Comments