Full disclosure: I serve on the ICANN board of directors, and I chair
ICANN's Security and Stability Advisory Committee (SSAC). Both of
these are volunteer, i.e. unpaid, positions, but ICANN does pay my
travel expenses for meetings.
It's mildly amusing to see how this thread has drifted from where it
started. Also annoying. See inline for responses.
On Nov 5, 2009, at 12:53 PM, John Levine wrote:
As near as I can make out, ICANN collects bucketloads of cash without
really having any idea why. The only rationale seemed to be to pay a
rather surprising large salary to the CEO.
Agreed, except for the surprise part. The whole staff is paid
impressively large amounts and has been as long as I've been watching
ICANN. They seem to feel that their peer organizations for
compensation purposes are investment banks rather than other
non-profits.
I don't have access to the salaries of individual employees, and I
doubt you do either. In general, ICANN pays its staff competitively
in order to attract and retain skilled people. A very large number of
people also participate in ICANN as volunteers, similar to the way the
IETF, ISOC and other organizations work.
Instead they are currently looking to raise even more money through
the sale of TLDs but last time I heard were curiously uninterested in
providing any material support to the root operators who would be
bearing the expense of supporting these new domains.
If I were a root server operator, it would take an implausibly large
amount of money to be worth the strings that ICANN would attach. A
key reason that the DNS still works is that there's no root server
contract, so the root operators can individually or jointly tell ICANN
to pound sand if they don't care for the root zone that ICANN offers
them. Hence ICANN is very cautions about changes.
This is multiple pieces of nonsense:
o ICANN is very cautious about changes to the root because that's the
right thing to do. A huge amount of work goes into vetting each and
every requested change. To suggest they are cautious only because of
the root operators is both factually wrong and insulting. It's really
time to stop bashing the ICANN staff. When they make a mistake,
they'll admit it and fix it. The competence level inside ICANN is
surely as good as in the IETF and other organizations.
o The idea that the root operators would actually catch or stop errors
in the root zone is more fantasy than reality. The root operators are
highly automated and don't generally look at the content of each
update of the root zone. At a recent meeting in the EU, a senior
official at a major registry made the claim that the root operators
were the last line of defense against malicious or capricious behavior
by ICANN or the U.S. Government, and that DNSSEC would diminish the
ability of the root operators to protect a registry from being removed
from the root zone. I took the opportunity ask if the root operators
were, in fact, ready, willing and able to serve in such a capacity.
If so, were there realistic plans and practice in place? We're living
in a post 9/11 world where organizations take such questions
seriously. They prepare plans and they practice dealing with
contingencies. I followed up with the root operators at a subsequent
meeting. No such plans exist, and the root operators do not seem
inclined to organize themselves to act in such a capacity. (I'm not
taking a position pro or con as to whether they should have such a
role. I'm only saying there's no connection between the claim that
they have this role and any realistic chance that they would actually
do so today.)
o There's no basis at all for saying anything at all about what
strings ICANN would attach to support for the root operators. The
root operators aren't asking for support, so the question simply
hasn't come up.
Steve
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf