On Nov 6, 2009, at 9:30 AM, Phillip Hallam-Baker wrote:
Clearly the root operators are responsible to and accountable to the Internet
community.
Err, no.
First, the root server operators are all independent actors performing a
service for the Internet community for their own reasons. They are formally
responsible and accountable to different communities, e.g., the folks who run
"C" are responsible to their share holders and the folks who run A and J do so
under a cooperative agreement with the US government.
Secondly, there are no formal terms of responsibilities nor accountability to
the Internet community. In the past, specific root servers have been operated
abysmally poorly and there was nothing that could be done by the "Internet
community" to force root server operators to change the way they do things.
With one arguable exception (that of VeriSign) there are no service level
agreements, no penalties for failure to perform, and no formal commitments
whatsoever.
How exactly is that being "accountable to the Internet community"?
DNSSEC with a single root of trust would transform it from constitutional
monarch to absolute monarch.
I have no idea what this means. As I'm sure you are aware, DNSSEC merely
allows folks to validate data hasn't been modified between the point in which
the data is signed and the validator. If folks don't want to trust the
ICANN/IANA KSK and/or VeriSign ZSK, they're free to import the individual trust
anchors however they choose. There is no magic here.
Regards,
-drc
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf