> The ccTLD system grew up at a time when many governments were > fairly hostile to the Internet and/or the DNS (that is different > from being hostile to, e.g., free and private flow of > information over the Internet). The ccTLD environment still > supports ccTLD administrations that are independent of the local > government unless that government is so hostile to them that it > is willing to use national law to force them out. One > consequence of that model is that, for the ccTLD system to > function, neither IANA nor anyone else needs to figure out who > is the actual, legitimate, government of a country. Governments > have a tendency to be quite jealous of their rights to > "recognize" other governments (or not). Keeping IANA out of > that business was an explicit goal at the time RFC 1591 was > written, for multiple reasons. > > If the government of a country is the required root of trust in > that country's ccTLD, we take ourselves several steps closer to > requiring that governments approve ccTLD administrations (not > merely not being actively opposed to them). We create an attack > vector from the government on the ccTLD and registrations in it. > Unlike shutting down a ccTLD administration by offering to throw > its membership in jail, the control and mechanisms that implies > may not require whatever passes for due process in that country. > And such trust authority can provide a vector for required > government approval of individual registrations and registrants, > just as the US Government has turned a general IANA oversight > requirement into case-by-case approval of root entries. > > Be careful what you wish for. +1