Hi! Late to the game, as always (sorry!), I've found a passage in RSSAC001v2 which I thought the WP already had handled, as it was discussed prior to establishing the WP. To me it's a reminiscence from the past that has turned into a warning light. It's the text about "to publish ... implementation details". While that might have been acceptable for systems in the role of critical infrastructure on the Internet 20 years ago, I would strongly argue that that is no longer the case. With the constant onslaught of attacks that we see on today's internet, divulging implementation details publically must be seen as rather bad advice. Security is paramount for the root server system and all other critical infrastructure systems. That said, diversity within the RSS is an important property of the system, and at least the RSOs must be able to collaborate around implementations to ensure some degree of diversity. Therefore I suggest changing the text of [E.3.6-A] to read as follows: CURRENT (OLD): [E.3.6-A] Each RSO is expected to publish documentation that describes key implementation choices to allow interested members of the Internet community to assess the diversity of implementation choices across the RSS as a whole. SUGGESTED (NEW): [E.3.6-A] In order to facilitate diversity within the RSS, each RSO is expected to share, under non-disclosure agreement, with the other RSOs, details that describe key implementation choices. The explanatory text underneath still works, I believe. Note that the suggested text in no way prevents an RSO from sharing implementation details regarding its own installation with anyone it sees fit, but and RSO is expected to share such details with _at_least_ the other RSOs. Best regards, /Liman -- #---------------------------------------------------------------------- # Lars-Johan Liman, M.Sc. ! E-mail: liman@netnod.se # Senior Systems Specialist ! Tel: +46 8 - 562 860 12 # Netnod AB, Stockholm ! http://www.netnod.se/ #----------------------------------------------------------------------