nanog mailing list archives

Re: Ukraine request yikes

From: David Conrad <drc () virtualized org>
Date: Tue, 1 Mar 2022 12:08:30 -0800

On Mar 1, 2022, at 12:16 AM, George Herbert <george.herbert () gmail com> wrote:

Ukraine (I think I read as) want ICANN to turn root nameservers off, revoke address delegations, and turn off TLDs 
for Russia.

More or less. The Government Advisory Committee member from Ukraine has asked ICANN to:
- Revoke .RU, .рф, and .SU (all Russian-managed ccTLDs)

As the GAC member undoubtedly knows, that’s not how ICANN works. Barring a court/executive order in ICANN’s
jurisdiction (and even then, it gets a bit sticky see
https://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/11/13/dc-court-rules-that-top-level-domain-not-subject-to-seizure/

<https://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/11/13/dc-court-rules-that-top-level-domain-not-subject-to-seizure/>),
ICANN essentially treats ccTLDs as national sovereign resources. A third party, no matter how justified, requesting a
change of this nature will not go anywhere. Simply put, ICANN is NOT a regulator in the forma sense, it is a private
entity incorporated in California. The powers that it has are the result of mutual contractual obligations and it’s a
bit unlikely the Russian government has entered into any contracts with ICANN, particularly those that would allow
ICANN to unilaterally revoke any of the Russian ccTLDs.

- "Contribute to the revoking for SSL certificates for the abovementioned domains.”

I’m not sure what this even means.

- Shutdown the root server instances operated by ICANN that are within Russia

ICANN could conceivably do this unilaterally, but there are a lot more root server instances operated by other RSOs
(including RIPE NCC, Verisign, ISC, and NASA). Even if all the RSOs shut down their instances, it’d merely increase
latency for root queries by a small amount unless all DNS traffic to the RSO IPs were blocked at Russian borders. And
even then, Russia has been “testing” operating in a disconnected mode, so it’s highly likely there are root server
equivalents in Russia that would continue to resolve root queries.

However, as mentioned, the UA GAC member probably knows all this and I imagine the intent of this letter was less to
cause the requested actions to actually occur than it was to raise the profile of the conflict in the Internet
governance context.

Regards,
-drc

Attachment: signature.asc
Description: Message signed with OpenPGP

Current thread:

Re: ICANN Response (Re: Ukraine request yikes), (continued)
- - - Re: ICANN Response (Re: Ukraine request yikes) Jason Kuehl (Mar 03)
    - Re: ICANN Response (Re: Ukraine request yikes) Brian R (Mar 03)
    - Re: ICANN Response (Re: Ukraine request yikes) Sean Donelan (Mar 03)
- Re: Ukraine request yikes Matthew Petach (Mar 01)
  - Re: Ukraine request yikes virendra rode (Mar 01)
    - Re: Ukraine request yikes David Conrad (Mar 01)
  - Re: Ukraine request yikes Matt Hoppes (Mar 02)
    - Re: Ukraine request yikes Bruce H McIntosh (Mar 02)
    - Re: Ukraine request yikes Miles Fidelman (Mar 02)
    - Re: Ukraine request yikes Bryan Fields (Mar 02)
- Re: Ukraine request yikes David Conrad (Mar 01)
  - Re: Ukraine request yikes Rubens Kuhl (Mar 01)
    - Re: Ukraine request yikes David Conrad (Mar 01)
    - Re: Ukraine request yikes Bryan Fields (Mar 01)
    - Re: Ukraine request yikes Brian R (Mar 01)
    - Re: Ukraine request yikes George Herbert (Mar 01)
    - Re: Ukraine request yikes JASON BOTHE via NANOG (Mar 01)
    - Re: Ukraine request yikes Fred Baker (Mar 01)
  - Re: Ukraine request yikes Daniel Suchy via NANOG (Mar 01)
    - Re: Ukraine request yikes John Levine (Mar 02)
  - Re: Ukraine request yikes Glen Turner (Mar 02)

(Thread continues...)