Re: Verisign vs. ICANN

[Paul Vixie <vixie () vix com>]

> > > And if they do, what's to stop the root operators from doing this.
> >
> > the root server operators don't act collectively.
>
> While correct, your statement does not answer the original question. :)

i consider it directly responsive.  one of the ways to keep a root server
operator from doing something, statistically speaking at least, is to tell
them that some other root server operator is doing it.

> > > Flipped on its head, what's to stop the root operators from
> > > circumventing anything Verisign or any other TLD operator does?
> >
> > root server operators don't control the root zone, they only publish
> > it.  some combination of itu (via the iso3166 process), icann/iana,
> > ietf/iab, and us-DoC are the folks you'd go to if you wanted a toplevel
> > wildcard.
>
> Actually, the root server operators absolutely do _control_ the root 
> zone in very obvious operationally relevant ways.
>
> Whether that control could be used - improperly or not - to, say, 
> insert a wildcard record strikes me as much the same question as the 
> Verisign action which started this thread....

you will never find a more tightly woven hive of independence and diversity.

the only things all 12 operators have ever been able to agree on are that
(1) the root zone should be published with maximum reachability and uptime,
(2) the root zone should not be edited by the root server operators, and
that, finally, (3) there should never be a (3).
-- 
Paul Vixie