(top posting because I'm citing a fairly lengthy chunk of Howard's dissertation below) This is a really good, dispassionate summation, in my personal opinion. I would like to comment on issue #2... Granting solely for the sake of argument that there was no legal obstacle to Verisign's action, it seems that there were at least three approaches for them to choose from in rolling out the wildcard/ Sitefinder scheme: 1) Although no protocol changes were involved, submit an IETF draft a 'la the RFC process and at least get some working group discussion if not formal RFC action. Rationale is that the operational impact of this type of action at the TLD level is equally as critical to the infrastructure as the protocol issues normally dealt with by IETF. 2) Discuss in good faith and in advance with ICANN prior to implementing. 3) Treat it as a corporate operational policy issue....like when big Tier 1's have modified peering policy in the past...."people might not like it but they can't stop us from doing it." Obviously option 3 is the most aggressive and most unilateral approach. And just as obviously, there is plenty of precendent and procedure in favor of options 1 and 2 that would have leapt out as being more responsible to any objective person.
-----Original Message-----
After attending the afternoon ICANN Security & Stability Committee meeting, I realized that the issues involved fall into several related but independent dimensions. Shy person that I am *Cough*, I have opinions in all, but I think it's worthwhile simply to be able to explain the Big Picture to media and other folk that aren't immersed in our field.
1. Governance issues --------------------
Did Verisign have the right, regardless of technical merit, to do what it did without prior warning? I'm simply saying "did they do anything contractually or otherwise legally forbidden", not "was it strongly counter to the assumptions of the Internet" or "were they mean and nasty."
The news/political interest here is whether any other group should or could have affected this, or if we need new governance mechanisms.
Has this revealed any conflict of interest issues? To what extent should a registry be able to act unilaterally? These points are meant to be examined here in the context of law, regulation and governance, as opposed to the less formal points in #2.
2. Process (slightly different than governance) issues. ------------------------------------------------------
Moving away from the letter of their contracts, what should they have done (if anything) about open comment and forming consensus? This is vaguely making me wonder if they had evidence of WMDs....oops, wrong controversy.
Assume they had no requirement for prior discussion. What, if any, requirements did they have for testing and validating their approach, given that a top-level registry is in a unique connectivity position with special privileges.