On Nov 6, 2009, at 9:30 AM, Phillip Hallam-Baker wrote: > Clearly the root operators are responsible to and accountable to the Internet community. Err, no. First, the root server operators are all independent actors performing a service for the Internet community for their own reasons. They are formally responsible and accountable to different communities, e.g., the folks who run "C" are responsible to their share holders and the folks who run A and J do so under a cooperative agreement with the US government. Secondly, there are no formal terms of responsibilities nor accountability to the Internet community. In the past, specific root servers have been operated abysmally poorly and there was nothing that could be done by the "Internet community" to force root server operators to change the way they do things. With one arguable exception (that of VeriSign) there are no service level agreements, no penalties for failure to perform, and no formal commitments whatsoever. How exactly is that being "accountable to the Internet community"? > DNSSEC with a single root of trust would transform it from constitutional monarch to absolute monarch. I have no idea what this means. As I'm sure you are aware, DNSSEC merely allows folks to validate data hasn't been modified between the point in which the data is signed and the validator. If folks don't want to trust the ICANN/IANA KSK and/or VeriSign ZSK, they're free to import the individual trust anchors however they choose. There is no magic here. Regards, -drc _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf