A response to: Trusted Community Representation for Root KSK

["Martin J. Levy" <martin@xxxxxx>]

To whom it might concern,

As a background: I've attended a Root KSK rollover event as an observer. I've 
followed many more via the webcast. I've participated on the ceremony mailing 
list. My answers are below

----

> 1. Is the current TCR model effectively performing its function of ensuring 
> trust in the KSK management process?


Simply put: yes. The management process along with the ceremony, and hence the 
actual technical actions, are performed in a very public and audited manner. 
The ceremonies in-person group are knowledgeable and (from my point of view) 
provide adequate feedback to the management of any "tweaks" that are needed. 
Over the last 14 events there's been great progress in the quality of the 
"scripting" of the ceremonies.

> 2. Is the current size of the TCR pool appropriate to ensure sufficient 
> participation in the ceremonies, while not overburdening the availability of 
> specific volunteers?


Numerically it's fine; however there's a solid human-factor involved when it 
comes to a TCRs involvement. The pressure is always there for a TCR to attend a 
west-coast or east-coast ceremony. Even for a once a year event; let alone 
twice a year!

A TCR is only human. Humans get married, have kids, change jobs, change home 
cities (or countries), get bored, get distracted, retire or maybe have many 
other life-events that change there ability to attend and execute their role.

Don't get me wrong; every TCR is 100% dedicated to the role; but as I said, 
they are also human.

I'd recommend a slight increase in size; however I'll listen to the technical 
experts on regarding the practical aspects of that.

I'd also highly recommend a staggered approach to a TCRs retirement from the 
role and/or induction into the role. This means it's not a burden should an 
existing TCR need to retire from the role.

> 3. Should there be a minimum level of participation required of a TCR in 
> order to be considered to be successfully discharging their duties?


I believe there's a legitimate need for a TCR to attend at least once a year; 
such that their credentials etc are confirmed to still be valid and untampered 
with. Plus once a year is not much to ask (see funding issues below).

> 4. There is no standard provision to refresh the list of TCRs except when 
> they are replaced due to inability to effectively perform their function. 
> Should there be a process to renew the pool of TCRs, such as using term 
> limits or another rotation mechanism?


Yes. My answer above touches on this issue. I believe it's vital to the full 
process!

> 5. The current model does not compensate TCRs for their services in order to 
> ensure their independence from ICANN.

Correct. However it's very clear from the ceremony mailing list(s), which are 
public, that this is a major issue. Many TCRs have clearly stated that their 
initial funding source (for time, travel, expenses, etc) has dried up. This is 
fully understandable.

If funding was to be provided it would have to:

a) Not come from ICANN.
b) Be provided in a double-blind manner such that corporate entity-X was not 
directly funding TCR person-Y.
c) Cover only out of pocket expenses vs paying for time.
d) Never be considered as "sponsoring the ceremony".
e) Be 100% fully audited and public.
f) Plus more clauses.

Even with those initial thoughts I have to admit I'm still unsettled with the 
concept of funding; however it's unwise to expect TCRs to fund themselves.

> a. Should the model of TCRs paying the costs of their participation be 
> retained?


See above.

> b. Would some form of compensation to offset the expenses incurred by the 
> TCRs detract from their independence in performing the role?


See above. Plus: it's only a detraction if the process is hidden. Making it 
public and open for review solves a lot of this.

> c. If you support compensating TCRs for their expenses, are there 
> requirements or limitations on whom the funding organization should be?


See above. I'll reiterate that it's can't be funded by ICANN (or any DNS entity 
involved in the operation of the root system). Heck; maybe not even by a ccTLD 
or gTLD operator. It's got up be seen as independent and actually be 
independent.

----

I hope these answers are helpful to the process. I'll continue as an avid 
supporter of this open and audited process which provides the global Internet 
community a solid root (pun intended) to build from.

Yours sincerely,

Martin

 Martin J. Levy
 Director IPv6 Strategy
 Hurricane Electric
 760 Mission Court,
 Fremont, CA 94539, USA
 +1 408 499 3801 (mobile)
 martin@xxxxxx (email)
 http://he.net/ (web)