[discuss] Possible approaches to solving "problem no. 1"

Milton L Mueller mueller at syr.edu
Sun Feb 16 21:09:42 UTC 2014


-----Original Message-----
From: Steve Crocker [mailto:steve at shinkuro.com] 

> Add and remove are obviously sensitive operations and require careful approval 
> by authorities outside of IANA's clerical role.  

I would question this, or at least ask for elaboration. 

Obviously there is a security risk in any process that alters RZF data, in that it could be exploited by someone to achieve mischievous or malevolent objectives, especially when such changes are a result of an automated process. 

What I don't understand is how adding a "careful approval by authorities" makes anything more secure - if by that you mean manual review of every change by an essentially political entity such as occurs now. So question #1 is "What kind of 'authorities' are you talking about?" Question #2 is "what risks are added or magnified by circumventing root zone changes via a political entity?"

I would note that Verisign updates its TLD zones many times a day. Some of the zones under .com and .net are more significant economically and structurally than many entries in the root zone. And yet no 'authority' other than VRSN engages in "careful approval" of those changes. Verisign can, however, be sued if it mucks something up and damages organizations or people, can it not? Are we confusing the internal security of IANA/ICANN's process with a governance process? In that respect, I think David Conrad's suggestion of structural separation of certain functions makes more sense than a notion of "careful approval by authorities."

Milton Mueller
Professor, Syracuse University School of Information Studies

More information about the discuss mailing list