[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Confirming the Nominet position
Date: Wed, 26 May 2004 16:21:02 +0100
From: "Jay Daley" <jay@nominet.org.uk>
Message-ID: <OF5FFD6E1A.CB26AC0B-ON80256EA0.002E76FF-80256EA0.005471E3@nominet.org.uk>
| 1. Showstopper
| Zone file enumeration is a show-stopper for us that will prevent us from
| fully implementing DNSSEC. So if DNSSEC stays in its current form then we
| will have to make a local determination about how/what we implement, which
| is still to be decided. Our reason for this is our view of what is the
| appropriate policy to act in the best interests of our local community,
| which for some time has been to deny access to our zone files.
Actually, that's fine. No-one (here anyway) can force anyone to
implement anything. If you don't implement DNSSEC, or just partially
implement it (somehow), that's your choice. Sometime in the future, if
UK users wonder why their DNS security isn't up to the standard of everyone
else's, you can explain to them why that is in their best interests. If
they agree with your explanation, and justification (you can blame this
WG for forcing NSEC on DNSSEC if you want) then no problems. If they
don't agree with you, then as I understand how nominet works (which I very
well might not), you'd eventually end up replaced by someone who would
implement DNSSEC.
| 3. Legal mumbo jumbo
[...]
| However, for those of you that have asked, this is the gist of our legal
| advice...
|
| As compilations, zone file databases are protected under EU law by
| ?Database Right?. As a derivative work of the main register from which
| they are sourced, they are likely also to attract copyright protection in
| addition to or in place of database right.
Leaving aside the question of whether or not those rights actually
exist in the DNS zone files (a topic that can be debated, but namedroppers
is not the correct forum for that), what needs explaining is not what
those are, but why you'd want to enforce them. That copyright exists
in some work (like perhaps this e-mail) doesn't mean that the holder of
the right is required to enforce it against anyone else. Go ahead, copy
this message as much as you like without my permission - I won't be coming
after you.
The laws here aren't ones that are forcing anyone into any action wrt
the DNS zone files (unlike perhaps whois data), nothing in them is
compelling you to restrict access to the zone file.
The rationale for this can't rationally be to protect the domain name
owners from having their data found - the DNS data (particularly this
kind of DNS data - delegations in upper level domains) is publicly
available, it has to be to work. The data can be found anyway.
The only thing that NSEC is making easier is extracting a more complete
list of what is in the domain (if not necessarily a perfect one), more
quickly than without NSEC. That difference cannot really make any
difference to anyone who is registering a name - whether they get "found"
in an hour, or a week, cannot be of any material difference.
What's left is the desires of the TLD (or similar) operator themselves,
and how they want to handle this data.
Is there any compelling reason that can be offered as to just why it is
so important to you as a TLD operator to prevent zone enumeration?
Anything compelling enough that this WG should go back and start making
changes (and perhaps even worse, adding options - just about the last thing
the DNS needs now are even more different ways to do things).
Please don't tell me "our stakeholders demand it" - like Ted Hardie,
mention of "stakeholders" in a context like that drives me insane. If
your stakeholders (whatever that means) have good reasons, just tell me
the reasons. If they don't, then they're irrelevant to me, and should be
to you as well.
kre
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>