On 11/4/16 10:05 PM, John R. Levine wrote:
For that purpose they need not come to ICANN for protection; they already have the tools they need - digital certificates from the established certificate authorities around the world.
This is an impressively disingenuous argument. I have a couple of dozen certificates on my web and mail servers, and they say no more than that the entity proffering the certificate is the same one that passed a trivial test to see that it controlled a domain name or web server. Disingenuous? Is that the new way to spell "clever". ;-)
With what I propose the IGO's can easily set up their own highly exclusive CA and make it clear that if the cert chain does not originate there then the name is bogus. Easy to do. And it requires no expansion of ICANN's role. Obviously the desire of some parties here is to regulate because, well, it is fun to be a regulator and tell people what to do and build ever expanding organizational org charts. It is far less fun back off, be "hands off", and let people and IGO's solve their own problems with the technical tools that internet innovation has provided. Barry S. raised a good question - Which is because ICANN's nose is already under the tent we may as well let the entire camel inside. My response is that we should push the nose back outside and get ICANN out of the role of regulating business practices and leave that to authorities that have better legislative and judicial credentials. --karl--