[dns-operations] When TLDs have apex A records

[k claffy]

On Mon, Jul 06, 2009 at 10:04:36AM -0700, David Conrad wrote:
  Hi kc,
  
  On Jul 6, 2009, at 9:06 AM, k claffy wrote:
  >is there an icann web page that points to all the technical
  >guidance/analysis received for both the wildcard issue and the
  >gTLD expansion issue?  it might help refine this conversation.
  
  The technical guidance relating to the wildcard/synthesis stuff is  
  summarized in SAC006 
  (http://www.icann.org/en/committees/security/ssac-report-09jul04.pdf ), 
  SAC015 (http://www.icann.org/en/committees/security/sac015.htm),  and 
  SAC041 (http://www.icann.org/en/committees/security/sac041.pdf).

i see 3 studies mentioned in these URLs:

-- an 85-page heavily researched and peer-reviewed study from 5 years ago 
which does include verisign's slide set starting on page 57 of the first
URL above, showing all the negative impacts they found (page 65-68 of 
pdf, marked page 58-61 on paper) but deemed "minor", "inconvenient",
or "moderate").  both sides of the story are presented there, and 
many technical folk consulted, including processing all comments 
received during an open comment period.  survey said: Bzzt to TLD wildcards.

-- a 43-page RSTEP report in 2006 evaluating a similar proposal for .travel
	http://www.icann.org/registries/rsep/tralliance_report.pdf
with (again) a wide range of technical input sought, including a month 
of open comment period, all included in the report, and RSTEP also found
that 'risk exceeds benefit', including a warning RSTEP offered about 
unexpected interaction with non-standard methods for implementing IDNs..

-- a 17-page January 2008 study on DNS response modification 
	 http://www.icann.org/en/committees/security/sac032.pdf 
which offers preliminary findings and recommendations based on
the best data SSAC could find. conclusion again: not only is DNSflex
a bad idea, but we should promote DNSSEC to remove it as an option.

this looks like one of the most well-researched, well-justified
regulations ICANN has ever imposed on the Internet.  i don't think
phrases like "we'll have to agree to disagree" fit the situation;
all available evidence indicates that icann has not only made the 
right regulatory decision for security and stability of the Internet, 
but also represented the will of the majority, including an 
unprecedented number of independent (unpaid) expert opinions.  
a role model of good governance. 

  As you're aware, there is a study currently underway regarding root  
  zone scalability.

and unfortunately here we have the opposite.  essentially all public
commentary has spoken out against the originally proposed (unlimited)
TLD expansion, and the demand for additional research has been overwhelming,
but ICANN has responded by putting a gag order (NDA) on anyone they fund
to study it, leaving ICANN with complete control over what is published
(otherwise CAIDA could have helped OARC w their study.)  obviously this
will create the perception that ICANN is holding itself to much lower
standards of transparency and accountability than it holds others.
a role model of bad governance.  

i would not be surprised if folks are struggling to separate the more
politically loaded gTLDexpansion topic from one on which we actually
have legitimate consensus.  but as you pointed out, that's not what this
thread was about, and that conversation really belongs elsewhere (not
sure where, maybe the list needs a suggestion)

k