Home / Blogs

Can ICANN Please Stop Shooting Itself in the Foot?

One would think with an annual budget in excess of 60 million dollars a year and a staff of upwards of 140 (including consultants), that someone would have figured out how to prevent the organization from repeatedly shooting itself in the foot. Unfortunately not even a year of star-fish management oversight by the likes of Rod Beckstrom seems to have done the trick. Exhibit One, earlier this week on CircleID we learned about the first Root Zone DNSSEC KSK Ceremony on Wednesday 2010-06-16 in Culpeper, VA, USA. Of course given the significance of this event one would reasonably assume that ICANN might mention this somewhere on the main page of their website?

Unfortunately when one goes to the ICANN website and looks at the “Announcement” section they find zip, zero, nada, zilch. Perhaps ICANN misplaced this significance news worthy event in the new “Press Room” section of ICANN’s website. Strike Two, nothing to be found their either. Internet users are left to reading CircleID to find out about this rather significant event, and an obscure URL link buried on the ICANN website.

Recognizing the significance of this event, however, ICANN has made space available in an adjacent room at their Culpeper, Virgina facilities for observers who wish to attend the event. Observers will be able to watch the proceedings within the ceremony room in real-time using a closed-circuit audio-visual feed from the ceremony room, and staff will be available to answer questions those attending might have about what they are seeing. Here is a real novel idea for ICANN to consider for those internet stakeholders that may not be able to attend this event in person, make it available via a live video stream for the whole world to see.

While it seems that ICANN continues it propensity to shoot itself in the foot, does the community need to start worrying about when ICANN takes aim at other more vital organizational body parts?

By Michael D. Palage, Intellectual Property Attorney and IT Consultant

Filed Under


Sounds like a recording from the event Jeremy Hitchcock  –  Jun 6, 2010 8:16 PM

Sounds like a recording from the event will be available after the event sometime.  Realtime video was ruled out because the “most predictable way to provide transparency in process was not to stream in real time.”

Why should the entire Internet community have to wait? Michael D. Palage  –  Jun 6, 2010 8:37 PM

If people in the overflow room will be able to see the event live via closed circuit TV why not the rest of the world? Should the rest of the world be able to ask questions of ICANN staff as oppose to only those that are in physical attendance?

So the people in attendance not only get to watch the event live but then they get a free dinner after the event, what a deal.

thanks for the interest in signing the root zone Joe Abley  –  Jun 6, 2010 11:05 PM


Many thanks for your interest in the deployment of DNSSEC in the root zone. A couple of comments on your note.

(a) The ongoing design and planning for the deployment of DNSSEC in the root zone has been discussed in public for many months, in public engineering and Internet operations meetings such as the IETF, NANOG, RIPE, LACNIC, MENOG and NZNOG and also by e-mail in around twenty public, technical mailing lists. Apologies if our efforts in technical communication managed to miss you.

(b) The design of the key ceremony itself was first published in the document “Root Zone DNSSEC KSK Ceremonies Guide”, dated February 2010. The date of the first ceremony was circulated in a public status update on May 18, sent to many public mailing lists in multiple languages, shortly after it was finalised internally. It was not first announced on CircleID.

(c) There is a prominent link on the ICANN web page (it’s the large “key” icon on the left-hand side above the words “Root DNSSEC”) which takes you to the project web page, where all documentation, presentations and status updates continue to be published. If you have specific feedback regarding ICANN’s web page that you want to be heard, you’ll find guidance under the “Contact” link on the front page.

We appreciate your feedback regarding the advantages you see to streaming the proceedings of the ceremony in real time. We’ve received a lot of feedback from the technical engineering community on our plans since we started it, the overwhelming majority of which was sent to .(JavaScript must be enabled to view this email address), as we requested, since having it arrive in one place helps us track and incorporate the many useful suggestions people have sent us. None of the feedback received to date has indicated interest in watching the ceremony remotely, in real-time, although it was something that we considered nevertheless.

We made an operational decision not to stream video from the ceremony in real-time, but instead to make full unedited video from the event available after the fact (but before the signed root zone is deployed). The first ceremony is likely to take in excess of six hours to complete, and will involve over twenty people executing a fairly arcane procedure that is important to execute carefully and correctly; operational prudence seemed to suggest that concentrating on executing a successful ceremony ought to take priority over managing real-time video distribution.

I will note that there are many other aspects to how we are executing the ceremonies which are entirely driven by the need for transparency. The first ceremony will include 14 people with no affiliation to any of the organisations involved in signing the root, from many countries around the world, who will carry out substantive roles. These people are volunteers who will not receive payment for attending (or reimbursement of expenses). An accredited SysTrust auditor will be be present, and we plan to complete a SysTrust audit on the systems and processes involved.

We may yet revisit the decision to stream the ceremony in real-time, if we are confident we can do so without any risk to the successful execution of the ceremony. Please consider your feedback received and noted.

Joe Abley
Director, DNS Operations

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



New TLDs

Sponsored byRadix


Sponsored byVerisign


Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global