nanog mailing list archives
Re: Ukraine request yikes
From: David Conrad <drc () virtualized org>
Date: Tue, 1 Mar 2022 12:08:30 -0800
On Mar 1, 2022, at 12:16 AM, George Herbert <george.herbert () gmail com> wrote:
Ukraine (I think I read as) want ICANN to turn root nameservers off, revoke address delegations, and turn off TLDs for Russia.
More or less. The Government Advisory Committee member from Ukraine has asked ICANN to: - Revoke .RU, .рф, and .SU (all Russian-managed ccTLDs) As the GAC member undoubtedly knows, that’s not how ICANN works. Barring a court/executive order in ICANN’s jurisdiction (and even then, it gets a bit sticky see https://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/11/13/dc-court-rules-that-top-level-domain-not-subject-to-seizure/ <https://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/11/13/dc-court-rules-that-top-level-domain-not-subject-to-seizure/>), ICANN essentially treats ccTLDs as national sovereign resources. A third party, no matter how justified, requesting a change of this nature will not go anywhere. Simply put, ICANN is NOT a regulator in the forma sense, it is a private entity incorporated in California. The powers that it has are the result of mutual contractual obligations and it’s a bit unlikely the Russian government has entered into any contracts with ICANN, particularly those that would allow ICANN to unilaterally revoke any of the Russian ccTLDs. - "Contribute to the revoking for SSL certificates for the abovementioned domains.” I’m not sure what this even means. - Shutdown the root server instances operated by ICANN that are within Russia ICANN could conceivably do this unilaterally, but there are a lot more root server instances operated by other RSOs (including RIPE NCC, Verisign, ISC, and NASA). Even if all the RSOs shut down their instances, it’d merely increase latency for root queries by a small amount unless all DNS traffic to the RSO IPs were blocked at Russian borders. And even then, Russia has been “testing” operating in a disconnected mode, so it’s highly likely there are root server equivalents in Russia that would continue to resolve root queries. However, as mentioned, the UA GAC member probably knows all this and I imagine the intent of this letter was less to cause the requested actions to actually occur than it was to raise the profile of the conflict in the Internet governance context. Regards, -drc
Attachment:
signature.asc
Description: Message signed with OpenPGP
Current thread:
- Re: ICANN Response (Re: Ukraine request yikes), (continued)
- Re: ICANN Response (Re: Ukraine request yikes) Jason Kuehl (Mar 03)
- Re: ICANN Response (Re: Ukraine request yikes) Brian R (Mar 03)
- Re: ICANN Response (Re: Ukraine request yikes) Sean Donelan (Mar 03)
- Re: Ukraine request yikes Matthew Petach (Mar 01)
- Re: Ukraine request yikes virendra rode (Mar 01)
- Re: Ukraine request yikes David Conrad (Mar 01)
- Re: Ukraine request yikes Matt Hoppes (Mar 02)
- Re: Ukraine request yikes Bruce H McIntosh (Mar 02)
- Re: Ukraine request yikes Miles Fidelman (Mar 02)
- Re: Ukraine request yikes Bryan Fields (Mar 02)
- Re: Ukraine request yikes virendra rode (Mar 01)
- Re: Ukraine request yikes David Conrad (Mar 01)
- Re: Ukraine request yikes Rubens Kuhl (Mar 01)
- Re: Ukraine request yikes David Conrad (Mar 01)
- Re: Ukraine request yikes Bryan Fields (Mar 01)
- Re: Ukraine request yikes Brian R (Mar 01)
- Re: Ukraine request yikes George Herbert (Mar 01)
- Re: Ukraine request yikes JASON BOTHE via NANOG (Mar 01)
- Re: Ukraine request yikes Rubens Kuhl (Mar 01)
- Re: Ukraine request yikes Fred Baker (Mar 01)
- Re: Ukraine request yikes John Levine (Mar 02)