On May 18, 2024, at 03:53, John R. Levine <johnl@iecc.com> wrote: On Fri, 17 May 2024, William Herrin wrote:
That said, ICANN generates the root zone including the servers declared authoritative for the zone. Nope.
So they do have an ability to say: nope, you've crossed the line to any of the root operators. Very very nope.
ICANN as the IANA Functions Operator maintains the database of TLD info. They provide this to Verisign, the Root Zone Maintainer, who create the root zone and distribute it to the root server operators. Verisign does this under a contract with NTIA, one of the few bits of the Internet that is still under a US government contract:
https://www.ntia.gov/page/verisign-cooperative-agreement
Should ICANN attempt to mess with the distribution of the root zone, let us just say that the results would not be pretty. There's a balance of terror here. ICANN carefully never does anything that would make the root server operators say no, and the root server operators carefully avoid putting ICANN in a position where they might have to do that.
John is exactly correct on each of these points. And I guess I’d go a little further and say that ICANN and IANA are separate entities, with IANA predating ICANN by a decade. -Bill