> Florian Weimer <mailto:[email protected]> > Sunday, November 30, 2014 2:08 AM > > Wouldn't be a first to step to cover root server *operators* (and root > DNS server sites) to audits, lift them out of obscurity, and introduce > some form of accountability?
accountability may be too strong a word for the art of the possible in this case. a long time ago someone from icann (who is now long gone) presented me (as isc president) with a proposed MoU that allowed either party unilateral termination without cause, and specified that f-root's address block (192.5.4.0/23) would become icann's property if the agreement were ever terminated. after a few hours of "wtf?" from both sides, i ended negotiations around the MoU and determined that no root name server operator could ever be "accountable to" the icann corrupt-o-thon, and that our accountability had to be much broader. years later, using a different negotiator on the icann side, an MoU was negotiated between icann and isc. it's online, see reference #8 at <http://icannwiki.com/ISC>, noting that all of the "Key People" listed on that page have moved on from ISC, but their current team is excellent. additional anti-obscurity measures such as audits and additional MoU's are worth discussing. the root server operators now have a very cordial relationship to ICANN and they provide the core of the RSSAC. see <https://www.icann.org/resources/pages/rssac-4c-2012-02-25-en> for some contact info on getting started with that sort of initiative. > > It's not a bad idea to make sure that the data that goes into the root > system isn't compromised, but right now, anyone can already review > that, and there is even some public documentation for the update > process. Contrast this with the situation on the operator side, where > important information such as site selection criteria is only > available under NDA (if at all). each rootop has its own method of site selection. this is both an anti-capture mechanism and a diversity-assurance mechanism. i believe that most rootops would be willing to speak on the record about their site selection criteria if asked, and without an NDA. note that i'm speaking of my beliefs, and not as a spokesman for any rootop other than F (before) and C (now), because the rootops as an aggregate entity have no spokesperson. -- Paul Vixie
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
