[wav-part]

I am not suggesting every client do their own mapping, that is not a naming system at all. There has to be very large consenus for a naming system to be effective. I just pointed that out to show that dns is not under any gov control. Its under a control of an entity that can be punished.

However who gets to have dnsroot is just a value of a config in DNSSEC. The value itself should not be used to criticize DNSSEC cause its changeable.

[akerl_]

How do you punish .com if they misbehave? Move every site off .com?

[wav-part]

No. You just map .com to another key with an agreement that new .com owner pre signs and map existing .com subs the right way. An unaware xxx.com does not need to do anything. As long as its done publically with a bang and enough consensus, disruption should be minimal.

Again this is unavoidable in any system that need trust. Thats why I like PoW DNS.

[tptacek]

Who is "you"? The people we're afraid of manipulating .COM control the DNS. Google can't "map .com to another key". Their option would be to leave .COM; that is the gun DNSSEC would give to the USG to hold against Google's head.

[wav-part]

You is firefox/chrome/etc. Yes you can. The ownership of .com is not as exclusive/protected as .xxx or xxx.com. Thus the firefox/chrome/etc can map it to anyone they feel. Considering so many high value .com subnames, .com can be transferred to neutral party or even dnsroot. USG do not own ".com" string. No one does. Just like ".".

[tptacek]

Your claim here is that a browser vendor could somehow fork the DNS and use its own .COM? Explain how that could possibly work.

[wav-part]

Anyone can fork DNS. Its just a (name, key) map. As long as its done with enough consensus, it can be done. Mismanagement of .com is serious enough to demand that kind of change.

Lets say .com gets mismanaged. Community is infurious. firefox/chrome/etc demands that . remap .com to new more trustable entity. If . does not. firefox/chrome/etc then remap . to new more trustable entity, because .com must be as trustable as ., because .com is that important. New . give back ownership of all tlds to their previous owners. Except for .com. .com goes to the more trustable entity as intended. New .com then does again similar import of all good xxx.com.

In this whole incident, no one loses the ownership of their names except for .com and possibly . .

Now no gov can touch *.com. Though its different for cctld. Those are owned by their respective govs. Same goes for gtld. But no one gets to mess with . .com .org .net.