Re: Circle of Fifths

Full disclosure: I serve on the ICANN board of directors, and I chairICANN's Security and Stability Advisory Committee (SSAC). Both ofthese are volunteer, i.e. unpaid, positions, but ICANN does pay mytravel expenses for meetings.

It's mildly amusing to see how this thread has drifted from where itstarted. Also annoying. See inline for responses.


On Nov 5, 2009, at 12:53 PM, John Levine wrote:

As near as I can make out, ICANN collects bucketloads of cash without
really having any idea why. The only rationale seemed to be to pay a
rather surprising large salary to the CEO.


Agreed, except for the surprise part.  The whole staff is paid
impressively large amounts and has been as long as I've been watching
ICANN.  They seem to feel that their peer organizations for
compensation purposes are investment banks rather than other
non-profits.

I don't have access to the salaries of individual employees, and Idoubt you do either. In general, ICANN pays its staff competitivelyin order to attract and retain skilled people. A very large number ofpeople also participate in ICANN as volunteers, similar to the way theIETF, ISOC and other organizations work.

Instead they are currently looking to raise even more money through
the sale of TLDs but last time I heard were curiously uninterested in
providing any material support to the root operators who would be
bearing the expense of supporting these new domains.


If I were a root server operator, it would take an implausibly large
amount of money to be worth the strings that ICANN would attach.  A
key reason that the DNS still works is that there's no root server
contract, so the root operators can individually or jointly tell ICANN
to pound sand if they don't care for the root zone that ICANN offers
them. Hence ICANN is very cautions about changes.


This is multiple pieces of nonsense:

o ICANN is very cautious about changes to the root because that's theright thing to do. A huge amount of work goes into vetting each andevery requested change. To suggest they are cautious only because ofthe root operators is both factually wrong and insulting. It's reallytime to stop bashing the ICANN staff. When they make a mistake,they'll admit it and fix it. The competence level inside ICANN issurely as good as in the IETF and other organizations.

o The idea that the root operators would actually catch or stop errorsin the root zone is more fantasy than reality. The root operators arehighly automated and don't generally look at the content of eachupdate of the root zone. At a recent meeting in the EU, a seniorofficial at a major registry made the claim that the root operatorswere the last line of defense against malicious or capricious behaviorby ICANN or the U.S. Government, and that DNSSEC would diminish theability of the root operators to protect a registry from being removedfrom the root zone. I took the opportunity ask if the root operatorswere, in fact, ready, willing and able to serve in such a capacity.If so, were there realistic plans and practice in place? We're livingin a post 9/11 world where organizations take such questionsseriously. They prepare plans and they practice dealing withcontingencies. I followed up with the root operators at a subsequentmeeting. No such plans exist, and the root operators do not seeminclined to organize themselves to act in such a capacity. (I'm nottaking a position pro or con as to whether they should have such arole. I'm only saying there's no connection between the claim thatthey have this role and any realistic chance that they would actuallydo so today.)

o There's no basis at all for saying anything at all about whatstrings ICANN would attach to support for the root operators. Theroot operators aren't asking for support, so the question simplyhasn't come up.


Steve



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf