Internet and e-mail policy and practice
including Notes on Internet E-mail


Click the comments link on any story to see comments or add your own.

Subscribe to this blog

RSS feed

Home :: ICANN

25 Oct 2005

ICANN Gets the Root Zone, Too ICANN

A small but intriguing paragraph in the VeriSign settlement says that ICANN gets to maintain the root zone. I thought they did now, but when I look at the copies of the root zone I download from Verisign's FTP server, I see that Verisign does, following advice from ICANN.

This has two and a half effects. The most obvious is political—if ICANN rather than VRSN is distributing the root zone, it removes the symbolic significance of VeriSign running some of the root servers. The second is DNSSEC key management. Until now, the contents of the root zone have been pretty boring, a list of names and IP addresses of name servers. If DNSSEC is deployed in the root, which is not unlikely in the next few months, ICANN rather than VeriSign will hold the crypto keys used to sign the root zone. If a tug of war develops, whoever holds the keys wins, since without the keys, you can't publish a new version of the root with changed or added records unless you publish your own competing set of keys and can persuade people to use them. (Take that, ORSC.)

The half thing is that the agreement requires that when VeriSign sends ICANN zone info updates, ICANN has to apply them within a week. Since IANA has been taking a month to handle updates, this means IANA will have to get their act together enough to provide bad rather than horrible service on domain updates unless they provide a special express channel for TLDs that have contracts with ICANN, and give the current horrible service to everyone else.

posted at: 15:00 :: permanent link to this entry :: 0 comments
Stable link is


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

Domain Name Registration Data at the Crossroads
55 days ago

A keen grasp of the obvious
My high security debit card
521 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse

© 2005-2018 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.