[Dnssec-deployment] dealing with broken TLD name servers

Eric Brunner-Williams ebw at abenaki.wabanaki.net
Thu Jul 1 06:25:35 EDT 2010

On 6/30/10 6:27 PM, Francisco Arias wrote:
> At least for new gTLDs there is something that can be done right now.
> Currently there is a public comment period about, among other things,
> Specification 6 of the Draft Registry Agreement for new gTLDs.

I want to point out that raising the bar for applicants, and currently 
the SLAs in the Draft Applicant Guide are in excess of those the 
COM/NET/NAME operator is currently contractually obligated to achieve, 
creates costs.

> Specification 6 covers most of the technical standards that a new gTLD
> has to comply. It lists the RFCs and includes a Service Level
> Agreement with its respective real time monitoring system, that would
> have caught the issue that started this thread. Suggestions on how to
> improve it are more than welcomed.

It is reasonable to ask what cost has been created in this specific 
instance of signing a zone which has been externalized to third parties.

Failure to provide defensible asserted externalized costs 
significantly in excess of the cost of correctly identifying and 
fixing the root cause, is not useful.

> Draft Registry Agreement can be found at:
> http://icann.org/en/topics/new-gtlds/draft-agreement-specs-clean-28may10-en.pdf
> Anyone can submit comments, before 21 July 2010, by email to
> <4gtld-base at icann.org>. The full list of comments already submitted
> can be seen at:
> http://forum.icann.org/lists/4gtld-base/
> If anyone would like more information, please contact me off-list in
> "francisco.arias at icann.org"

The technical interest in the subject motivating at least two early 
adopters has no accompanying economic or policy basis, and this 
experience, particularly its use in causing advocacy for further 
increases in cost and risk with no obvious benefit to the adopter, 
makes zone signing, if mandatory to implement, lacking of any other 

In the 35 years since country codes were adopted, for scaling purposes 
only, only one non-national demographic, the Catalans, have obtained 
authorization to operate a registry.

I'd like to see that situation improved upon, and I suggest that 
caution is prudent when suggesting additional costs to applicants.


More information about the Dnssec-deployment mailing list