[Dnssec-deployment] dealing with broken TLD name servers
drc at virtualized.org
Thu Jul 1 15:27:48 EDT 2010
On Jun 30, 2010, at 8:15 AM, Paul Vixie wrote:
> it's definitely missing a section, "No lossage from EDNS and IP
> Fragmentation" and if you'll say a little more about the GNSO/CCNSO PDP
> i'll get out of your hair here and instead go bother somebody else.
Did Francisco provide sufficient information?
> ICANN in its technical coordination function should be able to act
> unilaterally on a public health basis.
First, given ICANN does not have unilateral control over the root zone, we _can't_ act unilaterally. In order for a root zone change to occur, ICANN's IANA staff must submit an authorization request to the US Dept. of Commerce who makes a determination whether to authorize the request or not. If the request is authorized, it is forwarded to VeriSign who implements the change. Personally speaking, I have some skepticism that he US Dept. of Commerce would authorize a non-ccTLD administrator initiated request even if ICANN's IANA staff were to ignore all existing policy and submit it to them for authorization.
Secondly, my personal observation over 4.5 years of working at ICANN is that the vast majority of the Internet community do _NOT_ want ICANN to be the Internet's mommy or police force (whether they even want ICANN to be in a coordinative role is debatable). However, I could be wrong. If you believe ICANN should have the ability to take unilateral actions against sovereign nations, I believe the folks you would need to convince would be in the ccNSO and the GAC (and probably the US Dept. of Commerce, but that's a separate issue).
Again, personally speaking, but I don't think you'd get much argument from ICANN's IANA staff -- we see (and get notified) of a stunning amount of brokenness at the TLD level and it can be ... distressing to not do something to fix it.
>> Yes. However, if a ccTLD operator insists on making a change that is
>> known to be broken, ICANN will make the change.
Actually, I should have said "ICANN will submit the change request".
> that's a structural defect in "internet governance". how can we address it?
I'm guessing you'd most likely need to make a fundamental change to the role of the IANA functions operator. That's not something ICANN can do unilaterally.
More information about the Dnssec-deployment