Re: our pals at ICANN, was Circle of Fifths

Fri, 13 Nov 2009 03:41:26 -0800 

On Mon, Nov 09, 2009 at 01:16:37PM -0800, David Conrad wrote:
> On Nov 6, 2009, at 9:30 AM, Phillip Hallam-Baker wrote:
> > Clearly the root operators are responsible to and accountable to the 
> > Internet community.
> 
> Err, no.
> 
> First, the root server operators are all independent actors performing a 
> service for the Internet community for their own reasons.  They are formally 
> responsible and accountable to different communities, e.g., the folks who run 
> "C" are responsible to their share holders and the folks who run A and J do 
> so under a cooperative agreement with the US government.

        well A is certainly run under agreement with the DoC.  J on the other 
hand...

> 
> Secondly, there are no formal terms of responsibilities nor accountability to 
> the Internet community.  In the past, specific root servers have been 
> operated abysmally poorly and there was nothing that could be done by the 
> "Internet community" to force root server operators to change the way they do 
> things.  With one arguable exception (that of VeriSign) there are no service 
> level agreements, no penalties for failure to perform, and no formal 
> commitments whatsoever.

        There is some intimation that L might be covered under a similar type 
of instrument.
        But I have no real time to investigate further.

> 
> How exactly is that being "accountable to the Internet community"?

        I'm pretty sure you have the right direction here, that the operators 
are accountable to
        their communities.  I've a tough time with a workable definition of 
"Internet Community"
        though.

> 
> > DNSSEC with a single root of trust would transform it from constitutional 
> > monarch to absolute monarch.
> 
> I have no idea what this means.  As I'm sure you are aware, DNSSEC merely 
> allows folks to validate data hasn't been modified between the point in which 
> the data is signed and the validator.  If folks don't want to trust the 
> ICANN/IANA KSK and/or VeriSign ZSK, they're free to import the individual 
> trust anchors however they choose.  There is no magic here.
> 
> Regards,
> -drc
> 
> _______________________________________________
> Ietf mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/ietf

-- 
--bill

Opinions expressed may not even be mine by the time you read them, and
certainly don't reflect those of any other entity (legal or otherwise).

_______________________________________________
Ietf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf

Reply via email to