A few points: It is pretty clear to me that Phillip Hallam-Baker is talking about the creation of a single trust anchor through digitally signing the DNS root, not as one commenter suggested, the creation of one or more “roots of trust” aka DLV registry trust anchors. The risk outlined by Hallam-Baker of having a single entity sign the DNS root is also pretty clear. To date, the response of root server operators to the risk of uncoordinated changes to the root zone file has been their ability to simply send root zone file requests to an alternative root. There hasn’t been a need to do so, but maintaining this threat to coordination around a single root zone file achieves a delicate balance and prevents the powerful country which oversees the content of the root from forcing disruptive changes. However, as Phillip Hallam-Baker points out, with the determination of the private key and signing of the root by a single entity (AND, importantly, the wide distribution of the corresponding public key among Internet hosts), maintaining this threat becomes immensely more difficult, if not impossible. Having a single entity sign the root dramatically increases the costs associated with using an alternative root, it locks people in to an existing system. And likewise, it dramatically increases the power of the entity overseeing the content of the root zone file. Finally, Hallam-Baker’s suggestion for multiple signers of the DNS root is along the lines of what the IGP has previously suggested in our paper. However, we along with members of the technical community clearly recognize the operational risk of having too many signers; therefore we recommended limiting the number to three entities. In determining the three entities, we suggested non-governmental organizations, initially with limited liability, working in contractual arrangement with the root zone maintainer and registries.