[governance] "Oversight"

parminder parminder at itforchange.net
Thu Jun 7 13:00:34 EDT 2012 

David,

I must again thank you for all the authoritative details which have been 
very illuminating, even if we seem to slip into disagreements when 
expressing opinions about how actors may behave in different situations etc.

I take form the discussion that you and many of the so called tech 
community are convinced that US government cannot do anything bad to the 
Internet's architecture vis a vis what has been called the CIRs and the 
associated phenomenon. According to you the system is too well 
distributed for this to happen. Now, let me accept for the sake of my 
present argument that this is indeed true. If so, why would you and 
others be against giving a UN body exactly the same role as the US gov 
has at present, as long as the relevant guarantees that the distributed 
system will be maintained as present vide an international agreement, 
which inter alia cannot be changed without US and its allies agreeing to 
any change.  Can you please specifically answer this question. While as 
you say, that UN body will not be able to do anything bad to the 
Internet, as you claim at present US government cannot do, such an 
arrangement will satisfy so many in the non US world, and then we can 
have a smooth cordial sail for ever, and much of the acrimony which so 
regularly arises on this count will be gone. Is it not a worthy goal to 
seek.

In other words, why does an arrangement looks so innocent when when in 
the hands of the US government, and the same arrangement when shifted to 
an international body backed by inviolable international law  becomes 
the resounding shrill cry of 'UN control of the Internet'.  Can you help 
me understand this apparent paradox.

And there can be no doubt that US law and exercise of US's executive 
power is much more liable to arbitrary use and possible sudden changes 
than international law and its execution. The fact that many US based 
and pro US actors simply dont accept this simple and patently clear fact 
is quite, well, bugging to most non US actors, if not outright 
disrespectful of equality of people, groups and countries, which is a 
very very serious thing. One should realise that an international law/ 
treaty based organisation simply cannot but act in strict adherence to 
the law, and the law cannot be changed without the consent of all, or at 
least of a very big majority, and certainly certainly not without the 
consent of US, EU etc. Be absolutely assured of this.... So creating 
this spectre of a China along with an Iran suddenly starting to dictate 
how the Internet will be run is such a big a lie and deliberate 
delusion, and it is also such an affront to people's intelligence. At 
the same time I am all for civil society to be very watchful of what 
happens at the UN or ITU etc as we are watchful what happens with the US 
gov or India gov. But a sense of balance will do us all good.





On Thursday 07 June 2012 12:51 AM, David Conrad wrote:
> We're mixing a couple of threads here.  A clarification:
>
> On Jun 6, 2012, at 7:30 AM, McTim wrote:
>    
>> I think what drc is trying to tell you  (from his vast firsthand
>> experience) is that IF in the incredibly unlikely
>> event that the IANA created a rootzone that excluded say .in AND NTIA
>> signed off on this change, the TCRs
>> from around the world would have to fly to a rootsigning ceremony,
>> recreate the keys that are used to sign the
>> key that signs the rootzone (a bit of a simplification for ease of
>> readability), resign the new zone and then send
>> it to Verisign for publication.
>>      
> As mentioned previously, IANA doesn't create the root zone. In the normal course of events, a TLD admin sends an update to IANA.  ICANN personnel make sure the request comes from an appropriate entity and makes sense, then submits the change requests to NTIA.  NTIA, after making sure ICANN followed documented policies and procedures, authorizes those changes.  Verisign edits the zone, signs it with the Zone Signing Key, and distributes it to the root servers.  The root server operators then publish the zone to the Internet.
>
> If the USG decided .IN should no longer exist in the root zone, they would bypass ICANN and would force Verisign to remove the .IN entry from their database, generate a new zone, sign it, and distribute it to the root servers.  The root server operators would then have to publish the zone.  The point being that even in the worst case, there can be no unilateral action.
>
> The TCRs would only be involved if the private keys stored in both sets of the DNSSEC hardware security modules were destroyed or otherwise made unusable.  In such a case, the TCRs, acting together, can regenerate the DNSSEC Key Signing Key private key. That key is used to sign (make valid) the Zone Signing Key used by Verisign.  TCRs were brought up in response to Norbert's idea of having multiple Key Signing Keys, not in the context of keeping the USG from going rogue.
>
>    
>> In that incredibly far-fetched scenario, all the root-ops would have
>> to accept that new zone.  I suggest that at least some would not.
>>      
> Exactly.
>
> Regards,
> -drc
>
>
>    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20120607/8bce97be/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t

More information about the Governance mailing list