John,

Your article proves something narrower than the conclusion you draw from it.

It shows that registry functions were delegated over time for practical coordination purposes. It does not show that the modern RIR system thereby acquired a perpetual right to define the outer limit of its own authority.

That is the missing step.

RFC 1366 and RFC 1466 describe regional registries as delegated service bodies: they were to provide stable regional registration service, allocate according to IANA and IR guidelines, and coordinate with the IR on qualifications and sub-allocation strategy. The IR remained the root and default registry. That is a bounded operational role inside an existing structure. It is not constitutional self-authorship.

Your own historical account also highlights the break. The early RIRs did not arise as fully independent, self-grounding political institutions. They operated under the umbrella of IANA, InterNIC, and U.S. Government-backed arrangements. Once that larger boundary structure receded, the registry layer did not merely continue a narrow clerical function. It increasingly treated open process as the source of its own mandate. That is exactly the move under dispute.

The 1998 White Paper does not rescue that move. It expressly rejected a monolithic model of Internet governance and said the policy applied only to the management of names and addresses, not to a system of Internet governance. It sought a stable process for narrow management and administration issues. That is a much smaller claim than the one you now advance.

The same problem appears in your reliance on ICP-2 and later institutional materials. Even if they speak in the language of bottom-up self-governance, that does not answer the historical question. Those texts describe how the mature RIR system wanted to structure itself. They do not retroactively transform early delegated coordination into a standing license for a registry layer to keep defining the scope of its own power.

So the issue is not whether history included rules, delegation, or regional participation. Of course it did.

The issue is whether that history legitimizes the later claim that a registry chokepoint may use its own participatory machinery to keep extending the reach of its own authority. That conclusion does not follow from the record you cite.

A ledger can be centralized without becoming sovereign. A registration function can be delegated without becoming self-justifying. A community process can exist without being entitled to convert clerical authority into constitutional power.

Historical delegation explains how the system began. It does not legitimize what the system later became.

Once an institution starts expanding its own mandate, turns that mandate against running code, and pushes that expansion to the edge of law — and sometimes beyond it — that is running-code betrayal.[1]

[1]: https://circleid.com/posts/running-code-betrayal-how-the-rir-system-turned-consensus-against-the-technical-community



Lu Heng,

Your acknowledgment of the history of the RIR system — including that it “included rules, delegation, or regional participation” — reflects significant refinement and progress in understanding, given that your prior remarks explicitly named “policy” and “consensus language” as tools of mandate laundering rather than legitimately delegated functions.

Your acceptance of RFC 1466’s description of regional registries as bodies with a legitimate “bounded operational role” that includes coordinating on “qualifications and strategies for sub-allocations” — i.e., regional policy development — is welcome progress indeed.

There is also improved clarity on timing. Previously you suggested the RIR system “slowly transformed” into its governance authority over time, but you now more clearly identify that there was a specific “break” — a point where the RIRs were no longer operating under “the umbrella of IANA, InterNIC, and U.S. Government-backed arrangements” — and make plain that it is this transition that is “the move under dispute.”

The policy direction stated in the White Paper was realized through the creation of ICANN, with a mission of coordination and oversight of Internet technical identifiers. ICANN’s design called for Supporting Organizations to help carry out this coordination function: the Address Supporting Organization (ASO) for numbers, the Domain Name Supporting Organization (DNSO) for names, and the Protocol Supporting Organization (PSO) for protocols. The DNSO ended up as a structure within ICANN, realized via a constellation of Supporting Organizations and Advisory Committees. It is through these structures that the DNS community engages in multistakeholder policy development and governance over the DNS root. The ASO is composed of the RIRs, and the PSO — later phased out — was initially formed by international standards development organizations including the IETF and W3C.

With ICANN’s formation, the U.S. Government substantially vacated its direct oversight role, leaving each of the communities — Names, Numbers, and Protocols — to coordinate through ICANN’s structure. As the White Paper stated, the U.S. Government was prepared to recognize “a new, not-for-profit corporation formed by private sector Internet stakeholders to administer policy for the Internet name and address system.”

(As an important clarification on “policy” and the protocol registries: it was widely recognized that almost all IANA protocol parameter registries were technical in nature,  and the scope of “policy” administration was made explicit – such that only the registries for “the assignment of domain names and the assignment of IP address blocks” presented policy issues requiring consideration outside the IETF processes – in RFC 2860, the Memorandum of Understanding signed March 1, 2000 between the IETF and the newly formed ICANN.)

Your central claim is that community-based governance was never affirmatively authorized — that the registry layer simply treated an open development process as the source of its own mandate, filling what should have been a deliberate policy decision with self-declaration. The historical record does not support that characterization. Instead, it shows that the U.S. Government filled that step explicitly, and did so at each key transition point in the system’s development.

The White Paper’s own text forecloses your “narrow management and administration” reading, as it explicitly called for “bottom-up governance that has characterized development of the Internet to date.” It further states that the decision-making structure “would need to reflect a balance of interests and should not be dominated by any single interest category.” It names IP number registries as one of the stakeholder constituencies to be represented on the new organization’s board. And it prescribes that governments be limited to a non-voting advisory role — expressly vesting governance authority in a private multistakeholder structure. The White Paper does not describe a clerical coordination body. It describes a governance architecture for community-based coordination and oversight of the Internet’s technical identifiers.

The RIRs operate within that framework, under the mandate assigned to them with the exit of the U.S. Government and the realization of the White Paper. The RIRs work with ICANN, which serves key oversight roles such as the approval of global number resource policies developed by the ASO and the approval of new RIRs. With respect to Internet number resources, each member-governed RIR is responsible for the administration of its regional registry in accordance with community-developed policy, and the RIRs work jointly to ensure the global coordination, consistency, and integrity of the Internet Number Registry System. 

Similarly, the DNS community coordinates via ICANN to engage in multistakeholder policy development and governance for the DNS root, and the IETF community engages in open multistakeholder governance of its Internet technical standards and associated protocol registries. 

If one disagrees with the U.S. Government’s decision to exit its oversight role for the Internet’s technical identifier ecosystem and leave it to private-sector multistakeholder governance, that is a fair position to hold — but it is a separate argument. One cannot validly assert that the RIR community has exceeded its mandate by utilizing the very model of private-sector multistakeholder governance that the U.S. Government specifically directed.

John,

You are still collapsing three different things into one.

I have never argued that every rule, every delegation, or every form of regional participation was illegitimate. My point about mandate laundering was always narrower: a limited delegated function can be inflated into a much broader claim of authority. That later inflation is the dispute. So no, acknowledging that RFC 1466 contemplated distributed regional registries does not concede that the registry layer may later treat itself as the author of its own outer boundary. It concedes only that a bounded registration function existed.

RFC 1466 describes a constrained service role, not an open-ended governing one. The IR remained the root and default registry. Regional registries were empowered to provide the network number registration function for a geographic area, to allocate under IANA and IR guidelines, and to coordinate with the IR on qualifications and strategies for sub-allocations. That is delegated operation inside a larger structure. It is not a license for regional bodies to convert coordination into a broader jurisdiction over live networks.

The White Paper does not do the work you want it to do either. Yes, it endorsed private, bottom-up coordination where coordination was needed. But it also explicitly said the policy applied only to management of names and addresses and did not set out a system of Internet governance. It said the aim was a stable process for the narrow issues of management and administration of Internet names and numbers. That is privatized coordination, not a perpetual grant of constitutional self-authorship to registry institutions.

RFC 2860 closes no such gap. It says that the assignment of domain names and IP address blocks presents policy issues outside the IETF–IANA technical MOU. Fine. That shows that some non-IETF policy questions existed. It does not follow that the registry layer may therefore define the outer limit of its own authority by reference to its own policy process. “There are policy issues” is not the same as “the registry may govern itself into broader power.”

So the move under dispute is not whether the U.S. Government exited, or whether private actors were expected to coordinate. The move under dispute is what happened next: a historically delegated registry function was treated as if it carried a continuing right to enlarge its own mandate through the same participatory machinery it controlled. That is the missing step in your argument. Your own article states that the system “continues to derive legitimacy” from those ongoing participatory processes. That is exactly the proposition I reject.

And invoking ICANN and the ASO does not solve that problem. An intra-regime approval chain is still the same institutional ecology validating itself. That may describe how the mature system organized its paperwork. It does not prove the existence of a real outer boundary against mandate expansion. This is why historical delegation is not enough. It explains how the system began. It does not legitimize what the system later became.

Once an institution begins expanding its own mandate, turns that mandate against running code, and pushes that expansion to the edge of law — and sometimes beyond it — that is running-code betrayal.

Lu Heng,

I believe we are in agreement on the starting point. RFC 1466 contemplated distributed regional registries operating with a defined mandate: providing registry services within a region under IANA and IR guidelines, and coordinating strategies for sub-allocations. That role was externally bounded at the time by U.S. Government-funded IANA and Internet Registry activities.

You cite the White Paper’s statement that “the policy that follows does not propose a monolithic structure for Internet governance” and its description of “a stable process to address the narrow issues of management and administration of Internet names and numbers” as evidence that only limited, clerical coordination was authorized.

But the word “narrow” in the White Paper refers to ICANN’s scope being limited to names and numbers, as distinct from all of Internet governance — not a restriction of ICANN to purely clerical matters. The very next sentence in that same paragraph reads: “As set out below, the U.S. Government is prepared to recognize…a new, not-for-profit corporation formed by private sector Internet stakeholders to administer policy for the Internet name and address system.”  “

Your reading of “narrow” in isolation, without the sentence that follows, produces a rather selective interpretation of the text that is neither aligned with the intent nor reality, as management and administration of policy for a registry is may easily require activities that are not purely clerical in scope, depending on the nature and complexity of the policy developed by the community.

There is a further difficulty with the “management and administration” framing you invoke. You argue that the White Paper authorized only management and administration, and that what the RIRs do exceeds that authorization. But the management and administration of the Internet number registry system is exactly what the RIRs do. If that phrase defines the boundary, the RIRs are operating squarely within it.

The RIR system is fully consistent with the White Paper’s intent. It does not claim to govern the Internet, does not exercise sovereign authority over network operators, and does not define its own outer limits by self-declaration — its remit is limited to operating the Internet number registry system in accordance with community-developed policy. Its authority is contractual and fiduciary, bounded by corporate law, contract law, and antitrust constraints.

A network operator who believes RIR policy exceeds its proper scope has recourse through courts of applicable jurisdiction, through the contractual and fiduciary frameworks governing the relationship, or through the community’s policy development processes. The RIRs are also subject to oversight by ICANN under recognition provisions that are currently being updated and strengthened through community processes. The authority of the RIR system is not self-established — it is a direct result of operating within the private-sector multistakeholder model the U.S. Government explicitly directed.

John,

The dispute is no longer whether some delegation existed. Of course it did. The dispute is what was delegated, how far it went, and whether a limited coordination role can be stretched into a standing warrant for institutional self-expansion.

RFC 1466 describes regional registries as delegated service bodies operating under IANA and IR guidelines, with the IR remaining the root and default registry. That is a bounded operational function inside a larger structure. It is not a constitutional grant to a private registry layer to become the author of its own outer boundary. ([ntia.gov][1])

The White Paper does not close that gap for you. Yes, it speaks of administering policy for names and addresses. But it also says the policy is limited to names and addresses rather than Internet governance as a whole, and it expressly says it “does not itself have the force and effect of law.” That matters. The United States could privatize or recognize coordination arrangements over functions it actually managed. It could not create, by policy statement, a sovereign-style private power it did not itself possess. If your theory is that a registry may, without clear policy authorization, extinguish recognition for already-running resources supporting networks across continents, with cascading effects for vast numbers of sites and users, that is not “management and administration.” That is naked power. ([ntia.gov][1])

This is why your current move is not a refutation. It is a real-time demonstration of mandate laundering(https://heng.lu/es/mandate-laundering-from-rir-fantasy-to-transition-architecture/). You begin with a limited delegated function. You then stretch phrases like “management” and “administration” until they can absorb far more consequential forms of control. Then you present that enlarged reading as if it had been there all along. For observers, the pattern is not subtle. The very behavior being defended is the behavior under accusation. ([Lu Heng][2])

You also continue to treat the existence of decisions as if it automatically implied centralized authority. It does not. The Internet already runs through local and individual decisions: what software to deploy, what routes to accept, who to peer with, what to filter, and when to disconnect from a bad actor. Decision is everywhere. Central sovereignty is not. So the mere existence of policy questions does not prove that one institutional layer above the registry must hold universally binding discretionary power.

Your fallback to courts, contracts, fiduciary duties, and antitrust is equally revealing. If the answer to a registry acting beyond scope is “sue later,” then the ex ante limit has already failed. And when operators must bear the continuity risk, the business risk, and the downstream losses while the registry side keeps liability caps and disclaimers, that is exactly the structure I described as double extraction(https://heng.lu/on-regional-internet-registries-thick-governance-turns-uniqueness-into-double-extraction/): upside institutionally suppressed, downside left with the operator. ([Lu Heng][3])

The APNIC episode is especially instructive here. The point was never some childish claim that APNIC was Paul Wilson’s “personal company” in the sense of private enrichment. The point was concentration of formal constitutional power. APNIC’s own 2023 governance posts confirmed that the Director General had been the sole Director of APNIC Pty Ltd and the trustee holding the single share. APNIC also confirmed, in a separate post the same day, that under that structure the Directors of APNIC Pty Ltd had the power to amend the By-laws without a Member vote, and that the Directors used a resolution on 12 July 2023 to lower the threshold for By-law change. That is exactly why the earlier criticism landed: the formal power sat in the company side, not where the membership mythology suggested it sat. ([APNIC Blog][4])

Nor does the broader governance record support confidence in automatic self-restraint. AFRINIC’s 2021 WHOIS audit reported millions of IPv4 addresses misappropriated and attributed without justification, including findings tied to internal misconduct. And the ASO’s current ICP-2 update is explicitly framed as an effort to enhance RIR accountability to the broader Internet community. Those are not signs of a model whose boundaries have clearly and reliably held. They are signs of a model whose defects are now too visible to ignore. ([APNIC Blog][5])

So yes, historical delegation existed. But historical delegation is not a solvent that dissolves every later boundary question. It explains how a limited registry function was arranged. It does not legitimize the later enlargement of that function into a discretionary authority sitting above live networks.

Once an institution starts widening its own mandate, turns that widened mandate against running infrastructure, and pushes that widened mandate to the edge of law — and sometimes beyond it — mandate laundering has already matured into running-code betrayal.

[1]: https://www.ntia.gov/federal-register-notice/statement-policy-management-internet-names-and-addresses?utm_source=chatgpt.com “Statement of Policy on the Management of Internet Names and Addresses | National Telecommunications and Information Administration”
[2]: https://heng.lu/es/mandate-laundering-from-rir-fantasy-to-transition-architecture/?utm_source=chatgpt.com “Mandate Laundering: fantasía RIR a transición digital - Heng.lu”
[3]: https://heng.lu/on-regional-internet-registries-thick-governance-turns-uniqueness-into-double-extraction/?utm_source=chatgpt.com “On Regional Internet Registries’ Thick Governance Turns Uniqueness into Double Extraction -”
[4]: https://blog.apnic.net/2023/07/12/updating-apnics-governance-structure/?utm_source=chatgpt.com “Updating APNIC’s governance structure | APNIC Blog”
[5]: https://blog.apnic.net/2021/02/02/a-comprehensive-audit-of-the-afrinic-whois-database/?utm_source=chatgpt.com “A comprehensive audit of the AFRINIC Whois Database | APNIC Blog”

Lu Heng –

I found your last reply quite helpful in understanding some of the source of your concern over the RIR system, and in particular what happened with the White Paper and the U.S. Government’s establishment of ICANN.

You state:

“The United States could privatize or recognize coordination arrangements over functions it actually managed. It could not create, by policy statement, a sovereign-style private power it did not itself possess. If your theory is that a registry may, without clear policy authorization, extinguish recognition for already-running resources supporting networks across continents, with cascading effects for vast numbers of sites and users, that is not ‘management and administration.’ That is naked power.”

I fully agree that ‘the United States could privatize or recognize coordination arrangements over functions it actually managed’ – and that is precisely what occurred with the transition of USG’s authority over the IANA registries to the private-sector multistakeholder governance model realized by ICANN.

You go further to state “It could not create, by policy statement, a sovereign-style private power it did not itself possess”, indicating that registry operations “without clear policy authorization” that result in loss of recognition for existing allocations with “cascading effects for vast numbers of sites and users” do not constitute legitimate management and administration.

To address that, it will be necessary to consider the policy authority of those doing policy development, but first let’s confirm the historical record regarding U.S. Government operational authority over the IANA registries.

The Internet Assigned Numbers Authority – IANA – is not a single registry but an umbrella set of functions covering three distinct families: protocol parameter registries, DNS root-zone management, and Internet number resources. The term “IANA” was formally coined in 1988, but the function predates the name — Jon Postel began maintaining assignment lists informally in 1972 and continued under DARPA contracts at USC-ISI from 1976 onward. These registries were not abstractions; they were real tables — first notebooks, then databases — maintained under U.S. Government arrangements and authority.

When IETF protocols require extensible fields whose values must be centrally coordinated to ensure interoperability, they specify an IANA registry to be set up and maintained. There are thousands of such registries — port numbers, MIME types, protocol identifiers, and more — each with defined assignment policies involving documentation, evaluation, and, where appropriate, expert review. Each entry in the registry is associated with a specific technical specification or purpose.

The DNS root zone registry and the general purpose Internet number registries are different in kind. Their entries are not fixed by specification but allocated to specific parties – a domain name to an operator, an IP address block to an organization – and therefore require clear policy to determine what entries are made, updated, or removed. This is why policy questions arise for these registries and not for most technical protocol parameters – and why RFC 2860 explicitly recognizes that the policy issues arising from “the assignment of domain names and the assignment of IP address blocks” fall outside purely technical coordination.

The record answers your claim directly. The IANA registry functions were operated under U.S. Government contract — funded by DARPA and NSF, with designated operators holding authority derived from those contracts. The U.S. Government funded the work, designated the operators, and held legal and operational authority over registry administration. The premise that the United States ‘could not create…power it did not itself possess’ does not hold: the USG possessed and exercised that authority, and ICANN’s formation was a transfer, not a creation.

Turning to the question of “clear policy authorization”: operational authority over the IANA registries was held by the U.S. Government and exercised through its contractors, but policy authority for those registries — the authority to develop their administration policies — was never centralized in the IANA or the USG. It resided with the relevant technical and operational communities.

For protocol parameter registries, policy authority is unambiguous: the IETF defines these registries and the policy for their population through its protocol specifications, and IANA implements those specifications.

For Internet number resources, policy authority resided with the operational community from the earliest days. IANA recognized the regional registries (RIPE NCC, APNIC) as the appropriate bodies to develop address policy, and RFC 2050, published in 1996 and approved by the IESG as ‘an accurate representation of the current practice of the IP address registries,’ documents what that community-held authority produced: a globally coordinated allocation framework already fully operational before ICANN existed.

For the DNS root zone, policy authority also pre-existed ICANN — and had been exercised without controversy under U.S. Government contract for decades. IANA held overall coordination and management of the DNS; TLD managers operated as trustees with defined responsibilities to both their local and global communities; and redelegation criteria existed and were applied as documented in RFC 1591. ICANN’s formation did not originate this authority, but rather moved it under a multistakeholder institution accountable to the global Internet community.

The historical record makes clear that ICANN’s formation did not create policy authority. It consolidated and formalized mechanisms for community-based policy development that already existed — documented in RFC 2050 for number resources, RFC 1591 for DNS, and the IETF’s specifications process for protocol parameters, all predating ICANN. Even the U.S. Government’s own direction in the 1998 White Paper reflects this orientation: the stated goal was that ‘The private process should, as far as possible, reflect the bottom-up governance that has characterized development of the Internet to date.’ That is an instruction to preserve and extend an existing model, not to originate anything new.

The resulting structure is straightforward: ICANN holds operational authority over the IANA registries, while the names, numbers, and protocol communities develop policy for their respective registries through open, fair, and transparent multistakeholder processes. You have repeatedly asserted that communities cannot legitimately exercise policy development authority and then have those policies administered by organizations overseen by the same multistakeholder communities – yet that is precisely the governance model established at ICANN’s formation and later reaffirmed through the IANA Stewardship Transition in 2016. None of the communities involved is engaged in ‘mandate laundering’ or exercising authority beyond that explicitly recognized within the ICANN structure.

John,

I do not dispute the historical point that the United States funded, designated, and supervised operators for the IANA registries. That much is clear. But that point does far less work than you want it to do. Control over a contractor performing coordination functions is not the same thing as a lawful power to create a private institutional layer with open-ended authority over globally deployed resources.

That is the first gap in your argument.

The White Paper itself makes the limit plain. It says it does not itself have the force and effect of law. It says it was not proposing a monolithic structure for Internet governance. And it says it was not expanding the functional responsibilities of the new corporation beyond those currently exercised by IANA. So even on its own terms, it was about transferring and privatizing coordination functions, not minting a new supranational authority that could later enlarge its own mandate by reference to its own processes. [1]

That is why your formulation still fails at the critical step. The United States could transfer or recognize coordination arrangements over functions it actually managed. It could not, by policy statement, grant a form of private power it did not itself possess. And what it did not possess was some general warrant to let a registry layer, without clear and specific policy authorization, extinguish recognition for already-running resources with massive downstream operational consequences and then call that ordinary “management and administration.”

Your second move fails for a similar reason. You point to RFC 2050, RFC 1591, and long-standing community practice and say this shows policy authority already lived in the operational communities before ICANN. But those materials show, at most, that policy questions and community practices existed. They do not prove that the same institutional ecology may define the boundary of its own authority for all time.

RFC 2050 is especially weak support for your claim. Its own IESG note says it was an accurate representation of current registry practice, not an endorsement or recommendation of that policy. In other words, it was descriptive of what registries were doing, not a constitutional grant of perpetual legitimacy for whatever the mature RIR system would later become. Likewise, RFC 1591 shows delegated responsibility and trusteeship in DNS administration. It does not establish a general principle that a registry-like body may bootstrap itself from delegated coordination into ongoing self-authorship. ([rfc-editor.org][2])

RFC 2860 does not save the argument either. Yes, it says that policy issues exist for domain names and IP address blocks outside the IETF’s purely technical coordination role. Fine. That proves there were policy questions. It does not prove that the registry layer therefore acquired a standing right to decide how far its own power extends. “There are policy issues” is not the same as “the registry may constitutionally govern itself into broader authority.” ([rfc-editor.org][3])

That is why what you are doing here is not a refutation of my charge. It is a live demonstration of it. You start with limited operational control and historically bounded delegation. You then move to descriptive documents of current practice. You then slide from those facts into the much stronger claim that today’s RIRs are legitimate because the same communities develop policy and the same institutional structure administers it. That is the exact move I called mandate laundering(https://heng.lu/mandate-laundering-from-rir-fantasy-to-transition-architecture/): taking a narrower delegated role and laundering it into a broader theory of authority.

The problem becomes even clearer when you say the 2016 stewardship transition reaffirmed the model. What was transitioned was stewardship of the IANA functions and ICANN accountability arrangements around those functions. That is not the same thing as a fresh global authorization for RIRs to keep expanding the scope of their own power over live networks and operators. Stewardship transition is not a constitutional blank check. ([icann.org][4])

And this is where running-code betrayal(https://heng.lu/running-code-betrayal-how-the-rir-system-turned-consensus-against-the-technical-community/) returns. A registry function can be centralized as a matter of bookkeeping. That never meant the bookkeeper became sovereign. Once the same institutional layer starts using elastic readings of its mandate against already-running systems, and once the answer to excess is reduced to ex post litigation under low-liability contracts, you no longer have thin coordination. You have double extraction(https://heng.lu/on-regional-internet-registries-thick-governance-turns-uniqueness-into-double-extraction/): operators bear the dependence, the continuity risk, and the downside, while the registry side claims the choke point with limited exposure.

So no, the historical record does not prove what you say it proves. It shows that coordination functions were delegated, that some policy practices predated ICANN, and that privatization formalized certain arrangements. It does not show that a private registry layer acquired a perpetual right to define the limits of its own authority. That is the move under dispute.

Once a limited coordination function is inflated into a self-justifying institutional mandate, turned against running infrastructure, and defended after the fact as mere administration, mandate laundering has already ripened into running-code betrayal(https://heng.lu/running-code-betrayal-how-the-rir-system-turned-consensus-against-the-technical-community/).

[1]: https://www.ntia.gov/federal-register-notice/statement-policy-management-internet-names-and-addresses “Statement of Policy on the Management of Internet Names and Addresses | National Telecommunications and Information Administration”
[2]: https://www.rfc-editor.org/rfc/rfc2050 “RFC 2050: Internet Registry IP Allocation Guidelines”
[3]: https://www.rfc-editor.org/rfc/rfc2860.html “RFC 2860: Memorandum of Understanding Concerning the Technical Work of the Internet Assigned Numbers Authority”
[4]: https://www.icann.org/en/announcements/details/stewardship-of-iana-functions-transitions-to-global-internet-community-as-contract-with-us-government-ends-1-10-2016-en “Stewardship of IANA Functions Transitions to Global Internet Community as Contract with U.S. Government Ends”

Lu Heng -

Please clarify this statement - 
“The United States could transfer or recognize coordination arrangements over functions it actually managed. It could not, by policy statement, grant a form of private power it did not itself possess.“

Are you asserting that USG lacked the authority to transfer operational authority of the IANA registries to ICANN “because it did not possess such”?

It actually occurred, so if please be quite clear about why you believe that they could not do so…. Thanks!

John,

No. That is not what I said.

I am not arguing that the U.S. Government lacked authority to transfer operational stewardship of the IANA functions to ICANN. I am drawing a different distinction.

A government can transfer administration of coordination functions it actually managed. What it cannot do, by policy statement, is conjure into existence a private power it did not itself possess. And the power now being implied by the mature RIR model is not merely “operational stewardship.” It is something much more serious: the supposed ability, without clear and specific policy authorization, to extinguish recognition for already-running resources in a way that can cascade across borders, disrupt networks, and affect enormous numbers of dependent sites and users.

That is the point.

Handing over the ledger is one thing. Handing over — or later discovering — a private authority to exercise that kind of chokepoint power is another. The United States never had some freestanding sovereign warrant to let a private registry layer decide, through its own evolving internal processes, that it may impose that kind of consequence on globally deployed infrastructure and call it ordinary “management and administration.”

And that is not a hypothetical concern. In the AFRINIC case, this is precisely the scale of power that was publicly demonstrated in practice: a registry posture under which already-running resources supporting infrastructure far beyond one region could be treated as if their continued recognition were subject to institutional will despite the absence of clear policy authorization for that result.

So no, I am not disputing that operational stewardship of the IANA functions moved. I am disputing the much stronger conclusion you keep trying to smuggle in from that fact. Transfer of coordination functions does not answer the later question: how did a bounded registry role become a claimed power to sit at a chokepoint over live networks and assert consequences the original transfer did not clearly and specifically authorize?

That later step is the issue. That is the move under dispute.

[1]: https://www.icann.org/en/announcements/details/stewardship-of-iana-functions-transitions-to-global-internet-community-as-contract-with-us-government-ends-1-10-2016-en"Stewardship of IANA Functions Transitions to Global Internet Community as Contract with U.S. Government Ends”

Lu Heng —

I am glad we are in agreement that the U.S. Government had the authority to transfer operational stewardship of the IANA functions to ICANN. You contend, however, that the USG could not “conjure into existence a private power it did not itself possess” — then characterize the power now being implied by the mature RIR model as being not merely “operational stewardship.”

This concern rests on a misunderstanding of the nature of the IANA registries and how they function within the Internet.

IANA registries arise from the IETF’s standards process. When protocols require coordinated values to ensure interoperability, the specifications call for establishment of registries and define how they are to be administered. Like the protocols themselves, use of these registries is voluntary. No one is compelled to use the IETF’s protocols or the associated registries — but the world has overwhelmingly converged on their use because they work well for providing global interoperability.

What you characterize as “chokepoint power” is not a power conjured by policy statement or discovered after the transition. It is the practical consequence of billions of people and organizations voluntarily choosing to build on this common technical framework. The registry system did not acquire leverage over live networks by expanding its mandate. Networks became dependent on the registry system because operators around the world chose to make use of IETF’s protocols, the DNS system and Internet number registry system.

It is also important to be precise about what these registries are. They are not records of external activity. Their entries are the authoritative associations that make globally unique identifiers usable in a coordinated system. A domain name delegation or an IP address allocation does not serve as a ‘record’ of some independent fact — it establishes the association between an identifier and a party under defined rights to that entry in an exclusive manner (which can be enormously helpful in facilitating interoperability). Administration of a registry inherently includes authority to administer the registry entries therein — including their continuation or withdrawal under established policy — and hence was not a power discovered or expanded after the transition. It is the core operational function of the registry itself. That authority is bounded by that function — maintaining globally unique identifiers to enable interoperable communication — and does not extend beyond it.

From the outset, the IANA function exercised (or delegated as appropriate) the authority necessary to operate these registries in accordance with applicable policies and technical specifications — including making, modifying, and, where necessary, removing entries. Those actions could have operational consequences for networks relying on those identifiers. That was not a later development. It was inherent in the role.

We were fortunate to have Jon Postel — a man both highly principled and practical — holding the reins for decades and wielding this authority with exceptionally fine judgment. The U.S. Government retained the ability to intervene, but to my knowledge never exercised it with respect to protocol parameter registries or Internet number resources — only with respect to domain names, which carry far greater real-world visibility and commercial implications. Postel himself understood that personal stewardship was not a sustainable model. In his own words, describing what the transition process was working to achieve, he wrote: ‘we are close to accomplishing the challenge laid down in the White Paper: to create a global, consensus nonprofit corporation with an international board, transparent and fair procedures, and representation of all the various Internet constituencies, from the technical people who created and have nurtured the Internet from its earliest days, to the commercial interests who now see it as an important business tool, to individual users from around the globe.’ [1] That is not the language of someone who believed the authority he had long exercised should remain concentrated in a single individual or government. It is the language of someone who understood that the right answer was to distribute that authority into a structure accountable to everyone who depended on it.

The constraint on the registry role has never been constitutional in the sense you describe, but functional — the requirement to operate globally unique identifier systems in accordance with established policy and technical standards. No externally imposed “boundary” ever existed in registry administration other than the registry requirements specified in IETF’s standards and the U.S. Government’s oversight capacity (which became vestigial after ICANN’s formation and was phased out with the IANA Stewardship Transition.) Despite his successful personal stewardship of the IANA Functions, Postel recognized that the communities that used the registry were best suited to address policy issues through appropriate policy development. With respect to Internet number resources specifically, the operational community was already developing and implementing Internet number resource policy — as documented in RFC 2050 — before ICANN existed, and continued to do so after ICANN’s formation.

What changed was the structure around it — from informal stewardship by a single trusted individual to accountable, community-based governance in which the relevant communities develop policy and hold the implementing institutions to account.  The formation of ICANN did not create new authority. It made existing authority more transparent, more accountable, and more durable.

The scale of reliance on this system today is not evidence of overreach. It is the cumulative result of billions of people and organizations voluntarily choosing to depend on the IETF’s protocols, ICANN’s coordination, and the RIRs’ registry administration to achieve global interoperability. There is no sovereign authority at work — only the network effects of a system the global community built, chose, and continues to rely upon. If there are legitimate governance concerns about how that system operates, the answer is engagement in the open, transparent, multistakeholder processes through which its policies are developed and implementation overseen — not a claim that the authority to administer the registries was never legitimately held.

[1] Jon Postel, Testimony before the U.S. House of Representatives, October 1998. Available at: http://www.internetafricanews.com/Cotonou/jonpostel_en.pdf

John,

Your latest comment does not solve the problem. It makes it clearer.

You say the registry system’s leverage is simply the practical consequence of billions of people and organizations voluntarily choosing to build on a common technical framework. But that confuses adoption with consent.

Operators adopted common protocols and identifier systems because interoperability required coordination. That does not mean they granted a perpetual blank check to a registry layer to exercise open-ended discretionary power once the whole ecosystem became dependent on it.

Lock-in is not the same thing as meaningful choice. People use LINE in Japan, iMessage in the United States, WhatsApp in many countries, and WeChat in China not because each system is continuously and affirmatively chosen in some fresh constitutional sense, but because network effects and collective switching costs make exit difficult even when users dislike the system. The same logic applies here. Widespread reliance does not prove ongoing consent. It proves dependence.

And converting dependence into legitimacy is exactly mandate laundering. A narrow coordination function becomes embedded in critical operations. Switching becomes prohibitively costly. Then that lock-in is redescribed as “the community chose us,” and used to justify broader and broader power at the registry layer.

That is why your argument about “authoritative associations” does not answer the dispute. Of course a registry administers entries. But saying continuation or withdrawal is “inherent” to the role simply assumes the very point in dispute. It does not show that a registry layer has clear authority, without specific policy authorization and an external boundary, to use that role against already-running resources whose operational and economic reality was built by operators, not by the registry. It is like saying a land registry may change title by its own judgment simply because it keeps the book. That is absurd. Keeping the record is not the same thing as owning the power to rewrite underlying rights whenever the registry decides.

In fact, your latest comment states the problem directly. You say the constraint on the registry role has never been constitutional, and that no externally imposed boundary ever existed beyond technical requirements and fading U.S. Government oversight. That is not a defense. That is the mechanism. Once that outside oversight receded, the same institutional ecology could develop policy, administer policy, and describe the limit of its own authority. That is exactly the laundering move I have been describing.

Nor does “voluntary use” justify what follows from that structure. Once operators are locked into the ecosystem, the registry layer sits at a chokepoint. If that chokepoint is then used to exercise discretionary power without a clear external boundary, and operators are told the answer is to litigate after the damage is done, the system is no longer merely coordinating. It is exploiting lock-in until someone is bled dry in court or the conduct finally crosses a legal line.

That is also why this is not answered by saying the world depends on a common framework. Of course it does. The question is whether reliance on interoperability can be converted into a standing license for a registry layer to enlarge its own mandate and then redescribe that enlargement as ordinary administration. It cannot.

Once dependence is repackaged as legitimacy, once a bounded coordination role is turned into discretionary power over already-running infrastructure, and once that power is defended by saying “the network chose to depend on us,” mandate laundering(https://heng.lu/es/mandate-laundering-from-rir-fantasy-to-transition-architecture/) has already matured into running-code betrayal(https://heng.lu/running-code-betrayal-how-the-rir-system-turned-consensus-against-the-technical-community/).

And when operators bear the continuity risk, the business risk, and the downside while the registry keeps the chokepoint with limited exposure, that is double extraction(https://heng.lu/on-regional-internet-registries-thick-governance-turns-uniqueness-into-double-extraction/).

Lu Heng —

We are agreed that operators utilize the Internet number registry and the DNS because they provide near-ubiquitous coordination necessary for successful global interoperability.

Furthermore, it is readily apparent that the widespread success of the Internet results in formidable network effects that make meaningful consideration of alternatives difficult, in a manner that is indeed similar to the highly popular messaging applications that you noted for comparison.

However, you have drawn the wrong conclusion, because you actually understate the “lock-in” effect. This requires considering the core purpose of the Internet registries, because unlike your examples, Internet registries serve a distinct purpose that is central to this discussion. The DNS and Internet number registry systems exist to provide uniqueness, and that means that “switching costs” cannot be meaningfully assessed, as one cannot have two systems simultaneously providing uniqueness.

That lock-in does not nullify the authority to administer the Internet registries — you already acknowledged that the U.S. Government had the authority to transfer the stewardship of IANA functions to ICANN — but it does increase the obligation of ICANN, the RIRs, and the broader multistakeholder community to exercise that authority responsibly, transparently, and accountably.

The answer to that governance obligation is not theoretical — it has already been implemented. The affected communities are governing their own registries. The names community governs through ICANN’s GNSO and ccNSO. The numbers community governs through elections for each RIR governing body. The protocol parameters community governs through the IETF. The DNS and Internet number registry systems are governed by the very communities that depend on them, through institutions they built and continue to control.

This is not the ungoverned chokepoint your argument requires; it has more transparency and accountability to its community than most comparable critical infrastructure anywhere in the world.

Lock-in is a governance problem. The multistakeholder model is the answer to that problem — and it is already operating. If you have specific concerns about how the registry systems are governed or the policies under which they operate, those concerns belong in the policy development forums and governance processes where the affected communities make decisions, including the scope and mandate of registry functions.

John,

Global uniqueness is a technical requirement. It is not a justification for stronger governance by the registry layer. Confusing those two things is the entire error in your argument.

If there can only be one live system providing common uniqueness, then the only rational conclusion is the opposite of yours: that layer must be thinner, harder, and more externally bounded. You need one book. You do not need one sovereign. The need for one land title ledger does not mean the land registry should define the scope of its own power. It means the registry should be kept on a short leash, because the consequences of abuse are so high.

That is why your lock-in argument fails. Once operators cannot realistically exit, “active community participation” inside the same institutional environment is not a real limit on power. It is dependence being redescribed as legitimacy. Telling people trapped in the system to solve scope problems by participating more in the ritual that defines scope is exactly what I mean by mandate laundering(https://heng.lu/mandate-laundering-from-rir-fantasy-to-transition-architecture/).

And your own formulation exposes the circularity. You say concerns about scope belong in the same forums where the affected community decides the scope and mandate of registry functions. That is not a boundary. That is the same room writing the terms of its own authority. Glass walls do not fix that. Elections do not fix that. Meetings do not fix that. If the same institutional ecology can expand, interpret, and defend its own mandate, then the limit is not real.

Lock-in also does not prove consent. People remain on messaging platforms because group switching costs are high, not because each platform has earned some continuing constitutional approval. The same is true here. Operators adopted a common uniqueness system because interoperability required it. That does not mean they endorsed a private institutional layer sitting above them with expanding discretionary power over continuity, recognition, and operational stability.

And because uniqueness makes exit so hard, your conclusion is not just wrong. It is backwards. The stronger the lock-in, the weaker the discretionary authority must be. The more unavoidable the coordination layer becomes, the less political life it should have. Otherwise the chokepoint becomes a governing structure.

That is also why this cannot last forever. Once a registry layer insists on turning global uniqueness into global governance, it starts taking power that properly belongs elsewhere: to sovereigns, to courts, to contracts, and to operators themselves. Such an arrangement can survive for a while under technical opacity, habit, and procedural ritual. But it is inherently unstable. It only takes one serious incident, and one person translating this complicated ritual into plain language for governments that do not understand it, for engineers who care about running code, and for operators who care about balance sheets and continuity, to make the absurdity obvious: a small private room should not be deciding Internet continuity at continental scale.

And when operators carry the lock-in, the continuity risk, the switching impossibility, the litigation burden, and the downstream loss while the registry keeps the bottleneck, that is double extraction.

So no, global uniqueness does not require stronger governance by the registry layer. It requires stronger limits on the registry layer. Once lock-in is invoked to justify a thicker institutional mandate, mandate laundering has already matured into running-code betrayal.

https://heng.lu/mandate-laundering-from-rir-fantasy-to-transition-architecture/
https://heng.lu/on-regional-internet-registries-thick-governance-turns-uniqueness-into-double-extraction/
https://heng.lu/running-code-betrayal-how-the-rir-system-turned-consensus-against-the-technical-community/

Lu Heng —

I did not argue that global uniqueness justifies stronger governance authority — I said the opposite: that uniqueness makes exit impossible, and therefore “increases the obligation … to exercise that authority responsibly, transparently, and accountably” — so please do not misrepresent my statements.

More accountable governance does not require “stronger governance authority,” but it does require greater community participation. The very nature of a globally unique registry means that accountability to the affected community requires participation by that community in establishing the scope of registry functions. You assert there must be an external boundary — but a boundary that excludes the affected community from participating in governance cannot produce accountability. In practice, the only coherent external boundary for a globally unique system with no sovereign is the community that depends on it — governing itself through open and transparent processes.

You argue circularity when I say concerns about scope belong in the same forums where the affected community decides the scope and mandate of registry functions — but that is simply self-governance: a community coming together to make decisions through constructive deliberation. It is a remarkably common way of organizing cooperative systems, and it is precisely what the USG directed when it established ICANN.

You are right that unconstrained discretionary authority in a locked-in system is dangerous, and I agree. But the answer is not a frozen registry — it is community-developed policy that defines, constrains, and evolves the registry function as the Internet itself evolves. The community’s role is to define the the type and range of services. That is not the problem. That is the solution.

You have argued that the registry system’s authority is self-referential — that its mandate is self-declared and its governance a closed loop. But the mandate was not self-declared. It was explicitly given by an external party, in this case the USG.

The U.S. Government made a deliberate policy choice in the 1998 White Paper: to transition coordination of names and numbers to community-based self-governance. The White Paper’s direction was clear: the communities that depend on the system would govern through open, transparent, multistakeholder processes, reflecting “the bottom-up governance that has characterized development of the Internet to date.” That direction was implemented through the establishment of ICANN, with its specific governance structure, and the transfer of operational responsibility for the IANA functions to ICANN.

That mandate of community self-governance was confirmed through the 2016 IANA Stewardship Transition, when the U.S. Government relinquished its vestigial oversight via a detailed transition plan developed by the names, numbers, and protocol communities — the largest multistakeholder process ever undertaken, involving more than 26,000 working hours, 33,000 mailing list messages, and 600 meetings — including the involvement of governments through the GAC.

You may disagree with private-sector, community-based self-governance, but it was explicitly directed to the respective communities by the USG through the creation of ICANN and reaffirmed in 2016. That mandate — and the authority for each community to engage in bottom-up self-governance — was given openly and on the record.

John,

Your latest reply does not rescue the model. It makes its absurdity easier to see.

If global uniqueness means that a room of a few dozen people can affect Internet continuity at continental scale, that does not sound like governance. It sounds like fantasy. The more unavoidable the uniqueness layer becomes, the less discretionary power that room should have. One common book may be necessary. One small private political class is not.

That is why your appeal to “the affected community” fails. The room is not the community. Operators, governments, courts, engineers, businesses, and users do not become identical merely because a process claims to speak in their name. A small process with a specialized language is still a small process. Calling it “the community” does not make it external to the registry layer. It just lets the registry layer borrow the community’s name while keeping the power inside the same room.

And the history is not the success story you keep implying. What we actually saw was not some clean tradition of self-constraining governance. We saw corruption, concentrated control, one-man-company structures, insider ritual, and post hoc justification. We saw real industrial comments discounted because they did not speak insider language and because some used AI drafting assistance. That is not an open community calmly governing itself. That is a guild deciding which voices count as legitimate.

The broader RIR/NRO response makes the contradiction even clearer. When organized outside support appears and the answer is that the process must be protected from “capture,” that gives the game away. If the process really were the community, then broad support from operators and affected participants would simply be the community speaking. The moment support from actual affected actors is treated as a threat, the premise collapses. The room is no longer being described as the community. The room is being protected from the community.

So your argument fails at both ends.

First, the past does not show a healthy and reliably self-binding system. It shows a structure that survived for a long time through opacity, path dependence, insider control, and weak external challenge.

Second, longevity does not let that same structure pull itself up by its own bootstraps and become the constitutional author of its own mandate. Years of operation do not turn a narrow coordination function into a legitimate right of self-expansion.

That is why the right conclusion is obvious, not difficult. A globally unique coordination layer must be kept thinner precisely because the consequences of abuse are so large. Once a few insiders can shape continuity for millions of sites, users, businesses, and networks, the system has already moved far beyond coordination. That is mandate laundering(https://heng.lu/es/mandate-laundering-from-rir-fantasy-to-transition-architecture/).

And when that laundered mandate is turned against already-running infrastructure, that is running-code betrayal(https://heng.lu/running-code-betrayal-how-the-rir-system-turned-consensus-against-the-technical-community/).

This is also why the arrangement is brittle. It only takes one serious incident, and one person translating the ritual into plain language for governments, engineers, and operators, for the absurdity to become obvious: Internet continuity at continental scale should not depend on the discretionary politics of a small private room.

John,

Your latest reply is a neat institutional trick: criticism becomes participation, past failure becomes continuous improvement, a U.S. policy transition becomes an infinite mandate, and even a thinner alternative is absorbed as confirmation of the existing model. That is not accountability. It is a self-sealing theory.

Start with your first point. You say opacity, path dependence, insider control, and weak external challenge are merely problems in how governance operated “at times,” not evidence against the mandate itself. By that standard, North Korea or any durable authoritarian system could say the same thing: yes, there are imperfections, but the structure remains in place, has lasted, and continues to function. That is not a test of legitimacy. It is just survival redescribed as success.

In a globally unique, hard-to-exit system, repeated governance failure is not a side issue. It is evidence about incentives. APNIC itself had to explain in 2023 that its governance reform would remove the Director General as sole Director and shareholder of APNIC Pty Ltd, and another APNIC post explained that the company directors could amend the APNIC By-laws without a member vote. That is not a small blemish in a perfectly self-binding model. It is the kind of constitutional oddity that should never sit under a system claiming broad community legitimacy. ([1])

The ICP-2 process tells the same story. The NRO’s proposed principles now include audit, continuity, derecognition, ecosystem stability, and anti-capture. If the old model had actually solved these questions, why is the system now writing them in after decades? The very presence of an “anti-capture” principle proves that “the community” is not a magic unified subject. Someone must decide which voices count as community and which voices count as capture. That is precisely where insider power hides. ([2])

The comment process shows the same pathology. The Register reported that almost half of 298 responses to the ICP-2 questionnaire were treated as duplicate comments, possibly AI-generated, and that a speaker defended those responses by pointing out that many people in Internet governance are not native English speakers. That is exactly the problem: real industrial input can be discounted because it does not speak the ritual language of the room. A process that filters participation through insider style and then calls itself “the affected community” is not the community. It is a guild with a microphone. ([3])

Your second point is worse. You say the mandate was given externally by the U.S. Government, so it cannot be self-derived. But the U.S. Government is not God. It could transfer coordination arrangements it actually managed. It could not grant a private institutional system an infinite recursive authority to define the future scope of its own power over live networks, operators, and businesses across continents. If you claim such a power was “explicitly given,” then show the sentence that grants it.

An explicit mandate can still be laundered. Laundering does not require secrecy. It happens when a narrow function is stretched, the stretch is normalized through internal procedure, and the expanded result is later described as if it had always been included. That is exactly what is happening here. You begin with coordination of names and numbers. You end with a private room claiming the authority to define the scope of registry power in a locked-in global system. That is not a clean transfer. That is mandate laundering.

And your final paragraph gives away the game. You say my criticism is participation, and that even a thin-layer alternative would become another affirmation of your existing model. So if I object, I am participating. If I propose a replacement, I confirm your model. If affected operators organize, the system calls it capture. If someone sues, the system calls it disruption. If the room asks a sovereign government for special status during a legal crisis, it calls that preserving stability.

That is not community self-governance. That is an accounting trick where every possible outcome is booked as revenue for the institution.

The NRO’s own 2022 letter to the Mauritius Government makes the contradiction visible. It described RIRs as private regional bodies managing number resources, then urged the government to consider AFRINIC’s request for recognition as an international organization; the letter was signed by Paul Wilson, John Curran, Oscar Robles, and Hans Petter Hollen. If the affected community and ordinary legal accountability were sufficient, why run to a sovereign for special international-organization treatment when litigation became inconvenient? ([4])

So no, I do not accept that your model is “working today.” A model that needs anti-capture rules, derecognition mechanisms, after-the-fact governance repair, special legal-status appeals, and procedural discounting of outside participation is not a healthy self-binding system. It is a chokepoint trying to preserve discretion while calling the preservation “community.”

My point remains simple: the more unavoidable the uniqueness layer becomes, the more narrowly it must be constrained. Keep the common record thin. Push thick disputes outward to courts, contracts, sovereigns, and operators. Do not let the same room define the boundary, police the boundary, and then declare every objection to be proof that the boundary works.

Once a limited coordination mandate is stretched by the same institutional environment that benefits from the stretch, and every challenge is absorbed as participation or confirmation, mandate laundering is no longer theoretical. It is happening in real time.

[1]: https://blog.apnic.net/2023/07/12/updating-apnics-governance-structure/ “Updating APNIC’s governance structure | APNIC Blog”
[2]: https://www.nro.net/policy/internet-coordination-policy-2/proposed-icp-2-version-2-principles/ “Proposed ICP-2 Version 2 Principles | The Number Resource Organization”
[3]: https://www.theregister.com/2025/03/02/internet_governance_update/ “Internet governance is suddenly busy with big challenges • The Register”
[4]: https://www.nro.net/nro-letter-to-mauritius-government/ “NRO Letter to Mauritius Government | The Number Resource Organization”
https://heng.lu/on-who-gets-to-speak-for-a-continent-a-community-or-the-end-user/
https://heng.lu/mandate-laundering-from-rir-fantasy-to-transition-architecture/
https://heng.lu/running-code-betrayal-how-the-rir-system-turned-consensus-against-the-technical-community/
https://heng.lu/on-regional-internet-registries-thick-governance-turns-uniqueness-into-double-extraction/
https://heng.lu/on-internet-number-resources-are-not-political-property/
https://heng.lu/from-double-extraction-to-sovereignty-inversion-how-nations-lose-sovereign-control-to-rirs-for-us100/

Lu Heng —

The dispute is not whether the U.S. Government had limits on what it could transfer. It did. The dispute is whether what was actually transferred — operational responsibility for the IANA registries under community-based governance — falls within those limits. It plainly does.

You write: “But the U.S. Government is not God. It could transfer coordination arrangements it actually managed. It could not grant a private institutional system an infinite recursive authority to define the future scope of its own power over live networks, operators, and businesses across continents. If you claim such a power was ‘explicitly given,’ then show the sentence that grants it.”

The U.S. Government transferred operational responsibility for the IANA registries to a community-based governance structure — that is the entirety of the claim. You already acknowledged that the USG had the authority to transfer such control over the IANA registries, and that what was transferred to ICANN was placed under community-based self-governance.

No “infinite recursive authority” is being asserted. What exists is the authority to manage and administer the IANA registries, as exercised over time through community-based governance.

The mandate for self-governance of those registries by the affected community was explicitly directed by the U.S. Government and has been continuously reaffirmed. You ask to “show me the sentence.” The 1998 White Paper is that sentence: a transition to private-sector, bottom-up coordination reflecting “the bottom-up governance that has characterized development of the Internet to date.” That is not an implied mandate. It is the one that was given — establishing private-sector, bottom-up coordination within a defined coordination role.

You then compare the RIR system to an authoritarian structure. The difference is simple: in an authoritarian system, participants have no mechanism to change leadership. In the RIR system, each RIR has a member-elected governing board that can be changed through elections.  Candidates that hold positions which have support among the membership get elected, i.e. a very direct accountability mechanism. 

You declined to address my prior question about your proposed alternative, so I’ll ask it with more clarity: If your proposed alternative enables the affected community to develop and change policy over time — including redefining scope and operation — then it is, by definition, community-based self-governance. It does not escape the model you are criticizing — it is the model.

If instead your “thin layer” is constrained to fixed rules or a predetermined scope that the community cannot meaningfully change, then it is not self-governing — it is operating under a bounded mandate (to use your phrase). In that case, the question becomes unavoidable: who will define those constraints in that proposed alternative system?

John,

You are still running two entirely different things through the same blender and presenting the puree as an argument.

The first is the initial specification of a new system: what narrow function it serves, what objective validation rules it uses, what changes are even admissible, and how those changes are adopted in practice. Every real system has to start somewhere. A bridge needs an engineer before it gets traffic. A protocol needs an initial specification before it gets deployment.

The second is what the present RIR model does: a locked-in institutional layer sits on top of live infrastructure, keeps the recognition lever in its hand, and then uses the same room, the same procedures, and the same vocabulary to reinterpret and enlarge the scope of its own authority after the world is already dependent on it.

Those are not the same thing.

Treating them as identical is like saying a bridge blueprint and a toll collector redrawing the national road map are morally the same event because both involve “rules.” They are not. One is system design. The other is a chokepoint discovering political ambition.

That is why your framing remains wrong. The real issue is not “self-governance or external authority.” The real issue is who holds the residual control rights when the contract is incomplete, the case is ambiguous, and the scope of the registry function is disputed. In plain English: when the line is blurry, who gets the last practical word?

Your model still answers: the same institutional environment that benefits from saying “the line moved.”

That is the whole problem.

You say no “infinite recursive authority” is being asserted. Fine. Then show where the recursion actually ends. If the same process can define the mandate, revise the mandate, interpret the mandate, enforce the mandate, and then decide whether the mandate has been exceeded, then the recursion is already there. One need not call it “infinite” to notice the trick. One only has to ask where the chain stops. So far, the answer remains: it stops where the same room says it stops.

That is not a boundary. That is a mirror with minutes.

And the absurdity becomes even easier to see once one strips away the incense. In your recent exchange-point analogy, the theory has quietly become: you need not participate, but you must obey, because the “community” made the rules. At that point, the phrase **community self-governance** has already been hollowed out. The world below is no longer governing itself. A much smaller governance class is governing the world below in the name of “the community.”

That is not a semantic quibble. It is the entire move described in [Mandate Laundering](https://heng.lu/mandate-laundering-from-rir-fantasy-to-transition-architecture/). A narrow coordination function is wrapped in just enough ritual, regional rhetoric, and policy language to make it look like something grander than it is. The telephone book slowly acquires a theology. The bookkeeper begins speaking in constitutional tones. If a telephone book starts explaining the theory of legitimate authority to the city, something has gone badly wrong.

This is also why your White Paper sentence is still doing comic levels of overwork. “Private-sector, bottom-up coordination” describes a method for coordinating a defined function. It does not magically transubstantiate into a perpetual right for the future holder of the registry to retain residual authority over every later ambiguity. Method is not jurisdiction. Process is not scope. A voting room is not a constitution. And a transfer of stewardship is not a sacrament conferring semi-divine afterlife powers on the recipient.

Your election argument has the same defect. Elections determine who sits in the chair. They do not, by themselves, determine how large the chair may become. A member-elected board may replace managers. It does not therefore get to redefine customer property, continental continuity, or the outer edge of institutional power. A land registry may have procedures; it does not thereby inherit title-altering powers from the fact that it keeps the ledger. A bank may have shareholders; that does not make it the proper tribunal for deciding what money is. A process can replace officeholders and still leave the underlying structure absurd.

That is why the authoritarian comparison matters even if the institutions are not identical. The point is not that RIRs are states. The point is that **persistence plus process** is not the same thing as legitimacy. Plenty of durable systems can say: we have rules, we have elections, we continue to function, leadership can change. The relevant question is not whether the machinery moves. The relevant question is whether the machinery credibly limits power when exit is costly, the affected population is far larger than the electorate, and the institution sits atop a uniqueness choke point.

And the “affected community” is not the RIR electorate. It includes operators, downstream customers, balance sheets, creditors, transit providers, courts, sovereigns, and users whose continuity may be affected without ever having cast a vote, joined a mailing list, or heard of the room at all. Turning that entire universe into “the community” because a subset of members elect directors is not description. It is an accounting trick. It books a small governance class as if it were the whole market. I wrote more on that in [On Who Gets to Speak for a Continent, a Community, or “The End User”](https://heng.lu/on-who-gets-to-speak-for-a-continent-a-community-or-the-end-user/).

This is where your question about the replacement model also goes wrong. You keep mistaking the founding specification of a thinner system for the present model’s later self-expansion. They are not cousins. They are enemies.

A thinner system can have an initial specification without becoming a policy sovereign. A rule can be proposed without binding anyone. A software version can be published without becoming law. A validation condition can be offered without becoming an edict. It becomes real only when independent actors actually adopt it. The author is not sovereign. Adoption is the test.

That is how the network layer already works. Operators decide what software to run. They decide what routes to accept. They decide who to peer with. They decide what to filter. Decisions are local. Consequences aggregate. Nobody in one room acquires continental authority merely because enough people happen to run the same protocol stack. The logic is decentralized even when the result is global.

That is the difference you keep missing.

In your model, a small institutional process can make a scope decision in the name of “the community,” and the consequences can land on people who never voted, never consented, never priced the risk, and often have never heard of the room. That is not localized decision. That is centrally imposed consequence in community costume.

In a thinner technical model, the substrate is tightly specified around what justifies its existence: common state, uniqueness, provenance, auditability, and objective validation. Thick disputes — ownership, fraud, sanctions, contracts, sovereign claims, continuity conflicts — are pushed outward to institutions that actually have authority to decide them. The registry layer remains what it can honestly be: a book, not a throne.

That is the decisive difference.

Your model begins with a registry and keeps sneaking toward a governor. Mine begins with a narrow substrate and refuses to let the substrate audition for Olympus. Yours says: the room decides, and the world below must adapt. Mine says: proposals live or die by independent adoption, while the common layer remains brutally limited. Yours accumulates discretion at the chokepoint. Mine drains it away.

This is also why the economics matter. In your model, the practical option value of ambiguity sits with the institution. When the boundary is unclear, the room gets the upside of interpretation while operators absorb the downside of dependence, continuity risk, litigation cost, and delayed certainty. That is not neutral coordination. It is the logic described in [Double Extraction](https://heng.lu/on-regional-internet-registries-thick-governance-turns-uniqueness-into-double-extraction/).

And once a system that borrowed its legitimacy from serving live infrastructure begins using that accumulated discretion against the very infrastructure below it, the result is not some noble flowering of governance. It is what I called [Running-Code Betrayal](https://heng.lu/running-code-betrayal-how-the-rir-system-turned-consensus-against-the-technical-community/).

So no, the unavoidable choice is not “self-governance or external authority.” That is your theatrical false binary.

The unavoidable choice is whether a globally locked-in uniqueness layer should hold residual power over the future expansion of its own scope. My answer is still no. The more unavoidable the layer becomes, the less discretionary power it should keep.

Once the initial specification of a narrow technical system is rhetorically equated with an incumbent room expanding its own mandate over people who never heard of it, the argument has already left the ground of governance and wandered into mythology. The bookkeeper is no longer keeping the book.

He is fitting himself for a lightning bolt.

Lu Heng —

You have focused on the real issue: when the contract is incomplete, the case is ambiguous, and the scope is disputed — who gets the last practical word?

The system you propose is one where “thick disputes — ownership, fraud, sanctions, contracts, sovereign claims, continuity conflicts — are pushed outward to institutions that actually have authority to decide them.” 

(I will again assert that is already the case with the RIR system — members receive services under contract, RIRs operate within established legal frameworks including contract law, corporate law, and courts of jurisdiction, and disputes are already subject to litigation – but recognize you feel otherwise…)

However, taking your statement at face value, you have not explained how your thin distributed system will handle interactions with those institutions. When a directive or order appears, its impact often requires interpretation, and sometimes even clarification or correction. How exactly does that occur in your thin layer? In dealing with those institutions, authority is still being exercised somewhere, even if it is hidden in code out of sight of those impacted.

In a global system for uniqueness with widespread adoption and significant lock-in effects, the right answer is not to hide authority, but to make it visible and constrain it through accountable governance. The mechanism is straightforward: open participation, transparent policy development, elected oversight of administration, and recourse through law. That is the community establishing and enforcing the limits on how authority is exercised.

You argue that this is circular — the same institutional environment defines, interprets, and enforces its own scope. But that describes any functioning governance system. The relevant question is whether those processes are open to challenge and accountable to those affected. In this case, they are.

You are also correct that the affected community is broader than any formal electorate. Operators, customers, and others who depend on the system may never participate directly. But the answer is not to remove governance — it is to expand participation and ensure meaningful avenues for input and redress. A “thinner” system does not solve this. It simply moves authority somewhere else — without saying where, or providing any mechanism for accountability. If not the community, then who — and how?

Your alternative rests on decentralized adoption: proposals live or die by whether independent actors choose to accept them. That model works for routing because routing does not require a single authoritative record. Operators are free to make and revise their routing choices and the network converges. But a uniqueness registry is different. It exists precisely to maintain one consistent, globally recognized state. And while operators may adopt it by individual decision, once they are using it the same network effects preclude easy exit — so the comparison to routing decisions fails. The operator may get an initial choice, but will still be subject to the decisions of that distributed registry — with no easy exit and no clear visibility or recourse when something goes wrong.

Residual authority cannot be eliminated from such a system. It can only be structured and constrained. The current model does exactly that: community-developed policy, open processes, and governance accountable to those who depend on the system. It is not perfect. But it is a coherent answer to a real problem.

Your “thin registry” offers no comparable answer. When exit is costly and the stakes are high, unconstrained discretion is dangerous. We agree on that. But the answer is not to pretend that discretion can be removed or buried in software. The answer is to constrain it through policy, transparency, and accountability to those who depend on the system.

That is what community governance is for. It is not an incidental feature. It is the mechanism by which residual authority is kept visible, bounded, and answerable — rather than left to emerge without accountability in whatever form fills the vacuum.