On 8/06/11 1:39 PM, Jay Daley wrote:
Taken from my previous email and added to a bit: The root zone has a very different trust model from .nz: -- Every change to the root zone is independently checked by an external agency and then by the root operators before they accept it into their servers. In .nz the single registry is fully responsible for changing the zones and distributing them and serving them. -- In the root many of the participants are openly hostile, if not actually at war with each other. In NZ the participants are known to each other and have independent trust relationships. -- There is no overall regulatory framework backed up by a strong regulator for the root, which .nz does have with DNCL. -- In the root, there is no split between operations and policy, whereas in .nz this is clearly split between NZRS and DNCL.
Additionally, the root does not change very often and does not have any form of SLA on how quickly those changes are made, so introducing processes that create significant operational delays is not a problem for the root. Root zone changes often take days. This contrasts strongly with .nz where we have a tight SLA that requires us to publish changes within an hour and a bit of receiving them and have metrics governing how much downtime is allowed per server, how quickly changes propagate, how quickly we serve responses, etc.
Sorry, you're talking processes, not models. You can set up the process to be as efficient as you need it to be - that doesn't change the model. But if you're talking about "how much trust can we afford?", I think you'll find little traction here, given the history of this gTLD, NZRS and InternetNZ. Because I see that as "how little trust can we get away with having to pay for?" ~mark