[dns-operations] zdnet blog: ICANN and IANA's domains hijacked by Turkish hacking group
brunner at nic-naa.net
Thu Jul 3 00:16:57 UTC 2008
Keith Mitchell wrote:
> It does seem to me rather strange that reliance is placed on a 3-party
> registrar for such critical infrastructure domains. ISTM that for such
> domains, ICANN/IANA ought to be allowed to run a non-resale "internal"
> registrar rather than use an external party. I am straying away from
> operational space here, but this would have the additional merits of not
> showing preference to any particular registrar, and being proof against
> any malicious intent at any such registrar. I think this kind of
> approach is the established practice at various ccTLDs.
None of us (registrars) cares which registrar ICANN picks, this is about
the same as caring which $1 bill, out of a very large number of $1 bills
in circulation, is in your wallet.
If you are trying to make a security and stability case, go ahead and
try. You may end up saying NetSol/VGRS, and overlook the nuisance that
ICANN was created with the task of transforming a monopoly market into a
If you are trying to make a failover case, that's more interesting.
Registrars have failed, and we expect registries will too, so there's
the business continuity and escrow sets of issues for loss of function
and loss of control, respectively, and the actual transfer from the
expiring registrar or registry to the gaining registrar or registry.
A reference to "various ccTLDs" could mean a manually operated system
with limited backups to VGRS/Afilias/NeuStar operational art for owned
properties to AFNIC or DENIC practice. It is a wide, to the point of
meaninglessness, range to attempt a policy or operational practice
Seriously, if failover interests you its a wicked small club, Pat Jones,
me and ... possibly you. But ICANN should stick to Alpo. Canned horse
with rice is good for canines.
More information about the dns-operations