Draft Guidelines and Security Technologies

[James Ellis <jte@cert.org>]

The CERT Coordination Center strongly supports the stated goal in this accreditation process of "protecting the stability and operational integrity of the Internet."  Our comments below are provided from an intent to promote continuous improvement in overall Internet security.

Access to SLD technical contact information has proven to be a vital means of notifying unaware sites of intrusions and break-in attempts to machines within their domain.  Both response teams and individual sites that become aware of an intrusion use this information to contact other sites involved.  Our experience is that the receiving sites almost always appreciate contacts made for this purpose.  We support those sections of the guidelines that mandate the continued collection and availability of technical contact information.

Section I.D. states that "… DNS services must be reliable, secure, …"  In support of this, we recommend adding a specific principle that permits the accreditation process to require the use of security technologies, for example:

"The registration system should promote the widespread deployment and use of technologies that will increase the security of the Domain Name System.  Accreditation requirements should evolve to benefit from improvements in security technology."


Thank you for considering these comments.  If we can provide any further information, please do not hesitate to let us know.

				James Ellis, jte@cert.org
				CERT Coordination Center, cert@cert.org