[dns-operations] First Root Zone DNSSEC KSK Ceremony

Brett Frankenberger rbf+dns-operations at panix.com
Sun Jun 6 22:52:08 UTC 2010

On Sun, Jun 06, 2010 at 02:36:18PM -0700, Doug Barton wrote:
> On 06/06/10 10:52, Joe Abley wrote:
>> We have staff on hand who are well-practiced at streaming audio and
>> video over the Internet (e.g. at ICANN meetings) but decided that the
>> best and most predictable way to provide transparency in process was
>> not to stream in real time. This allows us to avoid any possible
>> ambiguity that might otherwise arise about whether the ceremony was
>> executed correctly in the event that we had technical difficulties
>> with the AV stream.
> To me, as an unsophisticated observer, . o O (Hmmm, how can I say this  
> diplomatically) your statement above doesn't make any sense. The most  
> transparent option would be to stream the whole thing live, warts and  
> all. 

That option doesn't exist, though.  The close approximation that is
available is doing their best to stream it.  Then they have to decide
what to do if it fails.

Call it all off and start over the next day (or some other day) after
they fix the streaming?

Decide to proceed without the streaming, and then have some people
wondering if the streaming was deliberately cut off to hide something?

> As you point out the ICANN staff members who have the knowledge and  
> experience of doing the streaming for the ICANN meetings are well  
> qualified to meet this challenge. In the extremely unlikely scenario  
> where there is a problem with the stream, the ambiguity you mention  
> above would be alleviated by the observers, after all, that is their  
> function, right?

So you'd choose to proceed in the event of a failure?  So you're
essentially saying that there's sufficient transparency absent the
streaming.  If that's the cae, they why add the complication of

Speaking strictly with my rational, logical engineer hat on, streaming
makes sense.  If no-streaming is sufficiently transparent, then why not
go ahead and stream it anyway, and have a 99% (I'm assuming a 1% chance
of streaming failure) chance of extra transparency, and 1% chance of
the stream failing and, nevertheless, still sufficient transparency.

However, speaking with my real-world hat on, where I realize that
anything to do with the root domain is political, there are going to be
conspiracy theorists, and so on, I understand that trying to stream and
failing is going to generate a massive firestorm of controversy; much
more than just not trying at all will generate.  I can understand a
decision to avoid that firestorm at the cost of a very slight decrease
on transparency resulting from only distributing the video after the

It's not a clear cut case.  I see arguments on the other side, also. 
But there are real with trying to stream and failing, and I think
you're underestimating them.

     -- Brett

More information about the dns-operations mailing list