On Feb 15, 2010, at 5:21 PM, Phillip Hallam-Baker wrote: > It is now generally accepted that PEM was undeployable because the > single root model is not workable. And this is the fault of IANA and/or ICANN how? > ICANN was well aware that the lack of opt-out would prevent deployment > of DNSSEC in .com as early as 2000. Even if "ICANN" was aware (doubtful), do you really think the DNSEXT working group would value ICANN's position more than, say, VeriSign's? > They had a responsibility to tell > the IETF that this was a non-negotiable requirement and that failure > to meet it would mean that ICANN would be unable to deploy DNSSEC. Do you honestly believe ICANN can dictate to the IETF community (or anybody else with the exception of contracted parties) how to do much of anything? You have a very odd view of how ICANN works. > Ten years later the only part of ICANN that seems to interest them is > the idea that they will have sole control of the root zone You are aware, of course, that ICANN isn't even the party that is going to be signing the root zone, right? And how the root KSK is being managed? Sounds to me like you just want to bash ICANN. This gets boring after a while. Regards, -drc _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf