[dns-operations] Verisign's SEC filing

Eric Brunner-Williams ebw at abenaki.wabanaki.net
Sat Feb 4 12:20:02 UTC 2012 

+1 to Jim's comments on the limited duties to disclosure to the SEC,
and the possible later duties to disclose.

Quoting a bit of Andrew's comment Jim snipped:

>>  ... It's true that Verisign is not a public
>> utility and it doesn't have the responsibility of transparency that we
>> might expect from such a utility.

Assuming that the DoC has delegated rule making authority to a
501(c)(3) (such things do happen), and the 501(c)(3) operates within
the restrictions of the Administrative Practices Act, requiring notice
and comment for all rule making actions, sometimes called
"transparency", and entering into contracts with non-governmental
entities, then it is possible for the 501(c)(3) to have made
disclosure of operational failure a general condition of contracted
parties, independent of any other regulatory duty.

I would also distinguish between access restricted secondary zone file
editors (e.g., ICANN accredited registrars with limited access to
.COM., .ORG., .NET., ... zones) as contracted parties with the
501(c)(3), and the (unique) unrestricted access of the IANA root zone
editor and publisher (viz, VGRS as the operator of "." (as well as the
(unique) unrestricted .COM. and .NET. zone file editor). Both are
"contracted parties", but the scope of operational failure by
registrars, and registry operators other than the operator of ".", is
significantly different from the scope of operational failure of the
operator of "." -- that does seem to be the whole point of "security
and stability", however popular and misguided it is to identify
"security and stability" with the completeness and correctness of the
WHOIS databases.

In my view, and IANAL nor do I play one on the net or teevee, the
absence of timely disclosure by VGRS to ICANN, and also the absence of
timely disclosure by VGRS and/or ICANN to the DOC, are reasonable
subjects to examine for duty, and possible breach of duty, and what
policy needs to be developed to deal with operational failure by
unique critical infrastructure operators.

My two beads worth,
Eric

More information about the dns-operations mailing list