<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div>Hi,</div><div><br></div><div>A few suggestions/observations:</div><div><br><div><div>On Feb 15, 2014, at 8:29 AM, Milton L Mueller <<a href="mailto:mueller@syr.edu">mueller@syr.edu</a>> wrote:</div><blockquote type="cite"><div lang="EN-US" link="blue" vlink="purple"><div class="WordSection1"><p class="MsoNormal">Appendix 1: Problem Statement from the 1net list<o:p></o:p></p><p class="MsoNormal"><o:p> </o:p></p><p class="MsoNormal">1. The Internet Assigned Names and Numbers Authority (IANA) has as one of its functions the administration of changes in the Internet DNS root zone file. </p></div></div></blockquote><div><br></div><div>The changes IANA staff perform are more than simply proposing edits to the DNS root zone (as something of an aside, I'd note that the implementation of the root zone does not have to be a file: that's just an implementation choice). IANA staff also modifies the root zone registration (aka "Whois") database, a task that does not involve Verisign but does involve NTIA (for authorization).</div><div><br></div><div>Perhaps "... administration of changes in the Internet's DNS root zone and associated registration databases."?</div><br><blockquote type="cite"><div lang="EN-US" link="blue" vlink="purple"><div class="WordSection1"><p class="MsoNormal">The team that performs the IANA functions is employed by ICANN, the Internet Corporation
for Assigned Names and Numbers.<br>
<br>
2. ICANN has a zero-cost contract with the US government to perform the IANA functions. <span style="font-family: Calibri, sans-serif; font-size: 11pt;">The US government approves all changes made to the root zone. Another contractor to the US government, Verisign, operates the</span></p></div></div></blockquote><div><br></div><div>The term "operates" here is odd -- the root zone is just data; it doesn't operate. A better term might be "maintains". </div><div><br></div><blockquote type="cite"><div lang="EN-US" link="blue" vlink="purple"><div class="WordSection1"><p class="MsoNormal"><span style="font-family: Calibri, sans-serif; font-size: 11pt;"> authoritative root zone file and its contract
requires it to implement changes approved by the US government.</span></p></div></div></blockquote><br></div><div>It's more accurate to say "cooperative agreement" instead of "contract", although I'm not sure what the differences actually are.</div><div><br></div><div>Also, it is worth noting that "implement" is actually 3 separable tasks:</div><div><br></div><div>a) edit the root zone data</div><div>b) DNSSEC-sign the root zone data</div><div>c) make the edited and DNSSEC-signed data available for the root servers to serve</div><div><br></div><div>As I've mentioned in the past, having all three of these tasks performed by a single entity is (IMHO) a vulnerability/bug that has bitten us before.</div><div><br></div><div>I might suggest: "... file and its cooperative agreement requires it to edit, DNSSEC-sign, and distribute the resulting zone data as approved by the US government."</div><div><br></div><div><blockquote type="cite"><div lang="EN-US" link="blue" vlink="purple"><div class="WordSection1"><p class="MsoNormal">3. It has been a requirement for the contractor providing the IANA function to be incorporated, maintain a physical address, and perform the IANA functions in the US, resulting in the provision of the IANA function being subject to </p></div></div></blockquote><div><br></div>Nit: "functions", not "function" (last reference to IANA in the sentence).</div><div><br><blockquote type="cite"><div lang="EN-US" link="blue" vlink="purple"><div class="WordSection1"><p class="MsoNormal">US law and political influence.<br>
<br>
4. Objections have been raised to US government involvement in this process on several grounds, including </p></div></div></blockquote><div><br></div><div>"regarding US" instead of "to US"?</div></div><div><br><blockquote type="cite"><div lang="EN-US" link="blue" vlink="purple"><div class="WordSection1"><p class="MsoNormal">exclusivity and concerns of trust. <span style="font-family: Calibri, sans-serif; font-size: 11pt;">Objections have also been raised to movement of the function to various intergovernmental organizations.</span></p></div></div></blockquote><br></div><div>"regarding movement" instead of "to movement"?</div><div><br></div><div><blockquote type="cite"><div lang="EN-US" link="blue" vlink="purple"><div class="WordSection1"><p class="MsoNormal">5. Acceptable solutions for assignment of the IANA root zone function should meet several criteria: (1) protection of root zone management from political or other improper interference; (2) integrity, stability, continuity, security and robustness of the administration
of the root zone; <span style="font-family: Calibri, sans-serif; font-size: 11pt;">(3) widespread trust by Internet users in the administration of this function; (4) support of a globally interoperable root zone; and (5) agreement regarding an accountability mechanism for this function. </span></p></div></div></blockquote><div><br></div><div><div>I'm not sure what 4 means.<br><br></div><div>If the goal here is to be comprehensive regarding criteria, it might be worthwhile to be a bit more specific about the term "security". That term is often defined to be "confidentiality, integrity, and authentication" (aka "CIA", but that acronym may be unfortunate here :)) but often also includes "access control", "nonrepudiation", "availability", and "privacy". IANA staff (at least in the past, I suspect now as well) are required to abide to varying degree to all of these in the performance of their jobs. Then there are infrastructure related concerns, e.g., "stability" and "resiliency" (perhaps covered by "robustness" above) and policy related concerns, e.g., "transparency", "openness", "auditability", "responsiveness", "improvability", and "efficiency" in addition to "accountability". I'm probably missing a few.</div></div><div><br></div></div><div><blockquote type="cite"><div lang="EN-US" link="blue" vlink="purple"><div class="WordSection1"><p class="MsoNormal">6. A number of potential solutions have been proposed; however, there has been no consensus on any of them.<o:p></o:p></p>
</div></div></blockquote><br></div><div>Yea verily.</div><div><br></div><div>Regards,</div><div>-drc</div><div><br></div></div><style><!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style></body></html>