On Fri, May 17, 2024 at 6:53 PM John R. Levine <johnl@iecc.com> wrote:
On Fri, 17 May 2024, William Herrin wrote:
That said, ICANN generates the root zone including the servers declared authoritative for the zone.
Nope.
Verisign maintains them under contract to ICANN and NTIA and under direction from ICANN. If ICANN told Verisign to make a change they really didn't want to make, Verisign has just enough wiggle room to delay until the NTIA rep can weigh in. Generally, though, ICANN administers, Verisign implements and NTIA funds the effort.
So they do have an ability to say: nope, you've crossed the line to any of the root operators.
ICANN as the IANA Functions Operator maintains the database of TLD info. They provide this to Verisign, the Root Zone Maintainer, who create the root zone and distribute it to the root server operators. Verisign does this under a contract with NTIA, one of the few bits of the Internet that is still under a US government contract:
This contract is also a part of the story: https://www.icann.org/iana_imp_docs/129-root-zone-maintainer-service-agreeme... Absent interdiction from NTIA it gives ICANN the authority to direct Verisign to do exactly what I said. And Cogent disconnecting the C servers from a sizable part of the Internet is almost certainly sufficient excuse to do it on an "emergency" basis without soliciting comment.
Should ICANN attempt to mess with the distribution of the root zone, let us just say that the results would not be pretty.
Fair. Whether they could, politically, make it stick is a whole other can of worms.
I'm not guessing here, I go to ICANN meetings and talk to these people.
And you've been around since the early days too, but the documents don't always match the talk. The talk reflects intentions. Intentions change faster than contracts when something puts pressure on the system. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/