IETF Logo Mail Archive

Re: Montevideo statement

John C Klensin <klensin@jck.com> Tue, 15 October 2013 09:20 UTC

Return-Path: <klensin@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCC3621F9ED1 for <ietf@ietfa.amsl.com>; Tue, 15 Oct 2013 02:20:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.427
X-Spam-Level:
X-Spam-Status: No, score=-3.427 tagged_above=-999 required=5 tests=[AWL=0.172, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Co9cQ5JUhIiI for <ietf@ietfa.amsl.com>; Tue, 15 Oct 2013 02:20:31 -0700 (PDT)
Received: from bsa2.jck.com (ns.jck.com [70.88.254.51]) by ietfa.amsl.com (Postfix) with ESMTP id E0E2321F9D0E for <ietf@ietf.org>; Tue, 15 Oct 2013 02:20:25 -0700 (PDT)
Received: from [198.252.137.115] (helo=JcK-HP8200.jck.com) by bsa2.jck.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <klensin@jck.com>) id 1VW0nZ-000OIj-Mq; Tue, 15 Oct 2013 05:20:17 -0400
Date: Tue, 15 Oct 2013 05:20:12 -0400
From: John C Klensin <klensin@jck.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, Phillip Hallam-Baker <hallam@gmail.com>
Subject: Re: Montevideo statement
Message-ID: <B61A7F9F00D5C2C2055E7B74@JcK-HP8200.jck.com>
In-Reply-To: <18100.1381543263@sandelman.ca>
References: <ABCF1EB7-3437-4EC3-B0A8-0EDB2EDEA538@ietf.org> <20131007225129.GA572@laperouse.bortzmeyer.org> <4B3BF00B-0916-4EED-A73C-A0EB8B2A78FD@piuha.net> <CAMm+LwjqEX8XUM2RcLWGS0ZR8Ax=wHJjQhnSAoYbntWVeqNgAA@mail.gmail.com> <11948.1381238349@sandelman.ca> <CAMm+Lwgr2PM-pKyeRZW40mdsj12aydmP1cGj+FhxtW2Rpzg7TQ@mail.gmail.com> <18100.1381543263@sandelman.ca>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 09:20:36 -0000

--On Friday, October 11, 2013 22:01 -0400 Michael Richardson
<mcr+ietf@sandelman.ca> wrote:

> Phillip Hallam-Baker <hallam@gmail.com> wrote:
>     > I think that is a better approach actually. The CC TLDs
> are in effect     > members of a bridge CA and ICANN is merely
> the bridge administrator.
> 
> It is an interesting way to say it, and put that way, I like
> it.
>...
> However, it the root of the trust in country X is the
> government of country X, then government can essentially
> internalize/nationalize all the liability associated with
> trusting them.  It would be much like governments do with
> nuclear power: it only works out because the governments
> provide the insurance in the form of legislation...

Without taking a position on the idea, one observation about
possible unintended side effects:

The ccTLD system grew up at a time when many governments were
fairly hostile to the Internet and/or the DNS (that is different
from being hostile to, e.g., free and private flow of
information over the Internet).  The ccTLD environment still
supports ccTLD administrations that are independent of the local
government unless that government is so hostile to them that it
is willing to use national law to force them out.  One
consequence of that model is that, for the ccTLD system to
function, neither IANA nor anyone else needs to figure out who
is the actual, legitimate, government of a country.  Governments
have a tendency to be quite jealous of their rights to
"recognize" other governments (or not).  Keeping IANA out of
that business was an explicit goal at the time RFC 1591 was
written, for multiple reasons.

If the government of a country is the required root of trust in
that country's ccTLD, we take ourselves several steps closer to
requiring that governments approve ccTLD administrations (not
merely not being actively opposed to them).  We create an attack
vector from the government on the ccTLD and registrations in it.
Unlike shutting down a ccTLD administration by offering to throw
its membership in jail, the control and mechanisms that implies
may not require whatever passes for due process in that country.
And such trust authority can provide a vector for required
government approval of individual registrations and registrants,
just as the US Government has turned a general IANA oversight
requirement into case-by-case approval of root entries.

Be careful what you wish for.
    best,
      john

v2.23.0 | Report a Bug | By Email