Dear Patrik: OK, I give it yet another shoot. Trying to summarize your point: everybody trusts IANA; IANA performs well; anyway if IANA does not perform as expected, just blame yourself for having trusted it; and perhaps even IANA fixes itself if it fails because they know how to. Two questions: Doesn't IANA become a focal point of accountability for operational mishaps? (The word accountability was cautiously omitted from my previous post.) Is it feasible at all for IANA itself to become like a *global* PKI CA once envisioned (i.e. before 2001)? Do you seriously believe the USG trusts IANA? You know these principles ("... United States ... will therefore maintain its historic role in authorizing changes or modifications to the authoritative root zone file") and the DHS/NIST/Sparta/Shinkuro study. According to these, DNSSEC close to the root means DNSSEC close to the USG. The legitimate opinion that DNSSEC is *just* digital signatures on DNS entries should be supported by more precise procedural guidance on deployment at the root. If it's so easy to apply the technology in a policy-deprived way, tell us how. Mueller and/or Hallam-Baker seem confused. How come the technical community failed to teach them how easy it is to deploy DNSSEC without falling into governance debates? - Thierry Moreau