Hi, I hesitate to mention this as it may be seen as pedantic and can potentially be distracting, but since we're talking about underpinning principles and criteria, one point that I think needs to be made very clear:
In this light, I would read the GAC communiqué text not as saying that the IANA functions operator must obey any instruction given by a government (who issued the instruction? What was the authority that it had to do so?), but that the [FOIWG report] should not prevent the IANA functions operator from acting in line with a legitimate request, properly made and where the final battle has happened. I wasn¹t there, of course, when the communiqué was drafted, so I will have to rely on Elise for chapter and verse on what the text conveys for her and her government.
To state the obvious, the IANA Function Operator (in conjunction with the Root Zone Maintainer) have direct operational impact on the operations of the DNS. The instructions given by governments MUST NOT (to use IETF phrasing) have negative impact on those operations. For example, due to the way DNSSEC works, it is possible that a misconfiguration of a TLD, e.g., as directed by well-meaning but perhaps not fully technically astute government employees, can have direct impact on the operation of the root zone as a whole (specifically, a class of misconfigurations can significantly increase the load on the root servers). The IANA Function Operator must be allowed to reject requests that threaten the stability of the DNS. That is, the phrase "the IANA functions operator must obey any instruction" is not in the best interests of the security, stability, and resiliency of the Internet's DNS. The "any" part of that must be limited to those instructions that do not have negative impact on the global DNS. Regards, -drc