On Oct 15, 2013, at 2:20 PM, Randy Bush <randy@xxxxxxx> wrote: >> The ccTLD system grew up at a time when many governments were >> fairly hostile to the Internet and/or the DNS (that is different >> from being hostile to, e.g., free and private flow of >> information over the Internet). The ccTLD environment still >> supports ccTLD administrations that are independent of the local >> government unless that government is so hostile to them that it >> is willing to use national law to force them out. One >> consequence of that model is that, for the ccTLD system to >> function, neither IANA nor anyone else needs to figure out who >> is the actual, legitimate, government of a country. Governments >> have a tendency to be quite jealous of their rights to >> "recognize" other governments (or not). Keeping IANA out of >> that business was an explicit goal at the time RFC 1591 was >> written, for multiple reasons. >> >> If the government of a country is the required root of trust in >> that country's ccTLD, we take ourselves several steps closer to >> requiring that governments approve ccTLD administrations (not >> merely not being actively opposed to them). We create an attack >> vector from the government on the ccTLD and registrations in it. >> Unlike shutting down a ccTLD administration by offering to throw >> its membership in jail, the control and mechanisms that implies >> may not require whatever passes for due process in that country. >> And such trust authority can provide a vector for required >> government approval of individual registrations and registrants, >> just as the US Government has turned a general IANA oversight >> requirement into case-by-case approval of root entries. >> >> Be careful what you wish for. > > +1 > Dislike doing this, but: +1 W -- American Non-Sequitur Society; we don't make sense, but we do like pizza!