• English
  • サイトマップ


Top  >  トピックス  >  2010年  >  JPRSがICANNによるコメント募集に対して意見を提出

トピックス: 2010年




Invitation for Public Comment: Proposed Strategic Initiatives for Improved DNS SSR and Global DNS-CERT Business Case(ICANN)



  1. DNSに特化した新しい組織を作ることよりも、現状で機能しているCERTなどとの融合・連動を最初に検討すべき

  2. DNS-CERTの運用コストとして提示されている400万ドルはコストが大きすぎる

  3. 更にISPや企業といったDNS参照側、あるいは、JANOGなどのDNS運用に関連する人々の意見も広く聞くべき


Please find comments to "Global DNS-CERT Business Case" below.
Thank you for giving us this opportunity.

Hiro Hotta, JPRS (.JP ccTLD)

===== comments =====

We appreciate and welcome the opportunity for the community to consider closely about upgrading DNS-related SSR (security, stability, and resiliency). We agree to the view in the proposed document that no highly-established framework excel at DNS SSR exists, especially response to incidents involving DNS. We agree that DNS SSR should be enhanced continuously as threat grows. To that end, we generally agree on the concept of DNS-CERT, if it refers to a "concept" not to an "organization or functions within an organization."

Let us comment on some points regarding the implementation of DNS-CERT concept.

  1. organizational framework

    Currently there exist organizations/teams for security maintenance such as DNS-OARC and national CERTs. Their activities are trusted by the community in general, at least to some extent. So, we think enhancing capabilities of existing organizations should be considered first, rather than creating yet another organization. Generally, it's not a good idea to make information channel structure complex from the viewpoint of avoiding confusion and cost. In addition, organization too specialized in DNS cannot play an appropriate role, since incidents usually result from not a single cause but from combination of multiple causes. Therefore, cooperated analysis, discussion, and drafting of organizational framework among existing organizations including ICANN are highly expected to come up with a good framework.

  2. operational cost

    Efficiency of the structure to maintain DNS SSR should be pursued, since we believe $4M is a huge amount. Again, this leads us to the image that DNS-CERT function should be overlaid onto the existing organizational framework such as current CERTs. Using domain name registrants' money means taking responsibility for the security of registrants at the level of registrants' satisfaction in compensation for their money.

  3. outreach effort

    CERT-like frameworks are different country by country, and organization by organization. In addition, there are various kinds of players in network operation including DNS operation. Therefore, outreach is essential for all these players to trust the framework and implementation of the DNS-CERT concept. Current proposal document seems to give less focus on resolver DNS side than authoritative DNS side. There are quite a few organizations/groups such as *NOGs and local DNS operators groups that are closely-related to DNS operation. More outreach effort is expected in the current consulting phase and in the implementation phase of DNS-CERT concept.


Copyright©2001-2017 Japan Registry Services Co., Ltd.