ICANN's Trusted Community Representative (TCR) program, which proposes to distribute signing authority for the DNS root zone among representatives of the Internet community, was launched by ICANN about two weeks ago.
DNSEXT Working Group participant Thierry Moreau observes that
basically, the concept (and details) of TCRs is the ICANN answer to the concern over a strengthening of DNS control, [and over allowing] international participation. The concept of TCR is also original – no other crypto deployment ever required, or seemed to require, a similar level of transparency.
But, despite the good intentions, Moreau has questions:
since ICANN has given no indication of TCR recruitment results (e.g. “Got a sufficient number of candidates that look serious upon a superficial review of submitted data”), we can only speculate about the orderly progress towards DNS root signature in a few weeks.
Unfortunately, nobody seems to care. It seems that all the talk in WSIS/IGF is going absolutely nowhere if the technical control [of DNSSEC implementation] is left wholly in the hands of USG partners. There is thus a considerable gap between governance commentators and actual practice. Note that a similar gap exists between actual practice and the crypto experts criticisms of PKI (these experts would have to complain about some aspects of DNSSEC root key management, but they are silent these days).
Moreau's points are important. Our impression is that root signing will turn out similar to ICANN's other adventures into improving governance. That is, while rightly focused on the important goals of participation and transparency, there will be a lack of real diversity in how the root zone is governed. We'll likely see the usual suspects from the Internet technical community participate (e.g. Sweden's Kirei).
But, honestly, this is not entirely ICANN's fault. Who, other than the USG, really has an interest (particularly an economic one) in a signed root? And even if Internet users worldwide were demanding DNSSEC, many network operators, e.g., in China, Russia, etc., likely won't even use a signed root zone. So why bother participating in the theater?