On 4/22/25 13:26, Andrew McConachie wrote:
Resolved (2024.07.29.06), the Board reserves .INTERNAL from delegation in the DNS root zone permanently to provide for its use in private-use applications. The Board recommends that efforts be undertaken to raise awareness of its reservation for this purpose through the organization's technical outreach.Note that the action ("reserves .INTERNAL from delegation") is relative to a purpose, "to provide for its use in private-use applications". I would therefore argue that "delegation" here implicitly means a "normal delegation" because it would hand over control to some other operator, defeating the purpose.This is an overly creative interpretation of the Board’s resolution. It implicitly adds a modifier preceding “delegation” where none exists. The Board did not resolve to “reserve[s] .INTERNAL from [normal|secure] delegation”. They resolved to “reserve .INTERNAL from delegation”. The resolution could not be more clear.
Are you sure? To quote from https://www.icann.org/en/icann-acronyms-and-terms/delegation-en:
The assignment of administrative authority for a domain to a registry operator. A registry operator to which this authority is delegated assumes the responsibility for operating and maintaining the authoritative name servers for a given domain.
The fact of the matter is that some people want “no delegation” and some people want “insecure delegation”. That ship has sailed, and we ended up with “no delegation”.
I would be surprised if the Board could not issue a clarification about what exactly it meant when saying "delegation" here. If they meant what I've quoted from the ICANN glossary above, then my proposal stands.
DNSOP can’t change that.
We agree! But we (the IETF liaison?) could ask the board the above question.
for .internal this really can’t be changed at this point.
I believe it is within the general power of the the Board to issue clarifications and fix oversights. But we really need to move this discussion away from DNSOP, as we can only go in circles here. Cheers, Peter -- https://desec.io/ _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
