[governance] "Oversight"

David Conrad drc at virtualized.org
Wed Jun 6 15:21:17 EDT 2012 

We're mixing a couple of threads here.  A clarification:

On Jun 6, 2012, at 7:30 AM, McTim wrote:
> I think what drc is trying to tell you  (from his vast firsthand
> experience) is that IF in the incredibly unlikely
> event that the IANA created a rootzone that excluded say .in AND NTIA
> signed off on this change, the TCRs
> from around the world would have to fly to a rootsigning ceremony,
> recreate the keys that are used to sign the
> key that signs the rootzone (a bit of a simplification for ease of
> readability), resign the new zone and then send
> it to Verisign for publication.

As mentioned previously, IANA doesn't create the root zone. In the normal course of events, a TLD admin sends an update to IANA.  ICANN personnel make sure the request comes from an appropriate entity and makes sense, then submits the change requests to NTIA.  NTIA, after making sure ICANN followed documented policies and procedures, authorizes those changes.  Verisign edits the zone, signs it with the Zone Signing Key, and distributes it to the root servers.  The root server operators then publish the zone to the Internet.

If the USG decided .IN should no longer exist in the root zone, they would bypass ICANN and would force Verisign to remove the .IN entry from their database, generate a new zone, sign it, and distribute it to the root servers.  The root server operators would then have to publish the zone.  The point being that even in the worst case, there can be no unilateral action.

The TCRs would only be involved if the private keys stored in both sets of the DNSSEC hardware security modules were destroyed or otherwise made unusable.  In such a case, the TCRs, acting together, can regenerate the DNSSEC Key Signing Key private key. That key is used to sign (make valid) the Zone Signing Key used by Verisign.  TCRs were brought up in response to Norbert's idea of having multiple Key Signing Keys, not in the context of keeping the USG from going rogue.

> In that incredibly far-fetched scenario, all the root-ops would have
> to accept that new zone.  I suggest that at least some would not.

Exactly.

Regards,
-drc


-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t

More information about the Governance mailing list