--On Friday, October 11, 2013 22:01 -0400 Michael Richardson
<mcr+ietf@xxxxxxxxxxxx> wrote:
> Phillip Hallam-Baker <hallam@xxxxxxxxx> wrote:
> > I think that is a better approach actually. The CC TLDs
> are in effect > members of a bridge CA and ICANN is merely
> the bridge administrator.
>
> It is an interesting way to say it, and put that way, I like
> it.
>...
> However, it the root of the trust in country X is the
> government of country X, then government can essentially
> internalize/nationalize all the liability associated with
> trusting them. It would be much like governments do with
> nuclear power: it only works out because the governments
> provide the insurance in the form of legislation...
Without taking a position on the idea, one observation about
possible unintended side effects:
The ccTLD system grew up at a time when many governments were
fairly hostile to the Internet and/or the DNS (that is different
from being hostile to, e.g., free and private flow of
information over the Internet). The ccTLD environment still
supports ccTLD administrations that are independent of the local
government unless that government is so hostile to them that it
is willing to use national law to force them out. One
consequence of that model is that, for the ccTLD system to
function, neither IANA nor anyone else needs to figure out who
is the actual, legitimate, government of a country. Governments
have a tendency to be quite jealous of their rights to
"recognize" other governments (or not). Keeping IANA out of
that business was an explicit goal at the time RFC 1591 was
written, for multiple reasons.
If the government of a country is the required root of trust in
that country's ccTLD, we take ourselves several steps closer to
requiring that governments approve ccTLD administrations (not
merely not being actively opposed to them). We create an attack
vector from the government on the ccTLD and registrations in it.
Unlike shutting down a ccTLD administration by offering to throw
its membership in jail, the control and mechanisms that implies
may not require whatever passes for due process in that country.
And such trust authority can provide a vector for required
government approval of individual registrations and registrants,
just as the US Government has turned a general IANA oversight
requirement into case-by-case approval of root entries.
Be careful what you wish for.
best,
john