[ICP2_review] Verisign comment

[Quesada, Christopher]

Verisign appreciates the opportunity to comment on the "Governance Document for the Recognition, Maintenance, and Derecognition of RIRs" and commends its overarching goal of enhancing the resiliency and accountability of the Regional Internet Registry system through an updated Governance Document. As the Registry Operator of .com, .net, and other gTLDs, Verisign depends on the secure, stable, and reliable functioning of the RIR system. This document represents a constructive step toward formalizing a governance structure that is transparent and accountable to the broader internet community, and we offer the following feedback for the ASO AC to consider as it continues to formalize processes around the recognition, ongoing operations, and derecognition of RIRs. Our comments focus on maintaining system integrity through cautious RIR expansion, strengthening evaluation criteria, ensuring operational accountability, and clarifying rehabilitation procedures.



Feedback on the RIR Governance Document Draft

Verisign supports the principles articulated in Article 2, Sections 2.2 and 2.5 that each Service Region should cover a large, multinational area and that the total number of RIRs should remain small. Maintaining a small number of RIRs can help to facilitate the standardization of certain services across all RIRs in a way that supports the global IP addressing ecosystem upon which global operators depend. One key example of this is Resource Public Key Infrastructure (RPKI), a complex system of PKI, Route Origin Authorization (ROA), Autonomous System Provider Authorization (ASPA), Route Origin Validation (ROV), BGPsec router keys, along with other objects derived from the RPKI, which requires careful coordination. If and when the recognition of new RIRs is considered under the updated Governance Document, careful consideration must be given to the potential impacts on the RPKI system. As a TLD operator that depends on consistent routing integrity and trust anchors across the global internet infrastructure, Verisign has a direct interest in ensuring that RPKI is not fragmented or weakened by inconsistent implementations across RIRs. In particular, guidance is needed to address the risks posed by the so-called "0/0 Trust Anchor" problem, which could allow a RIR to overclaim address space,

undermining trust in the global RPKI system.



Additionally, we strongly support the establishment of ongoing requirements, per Article 4, Section 4.1, as well as a routine audit per Article 4, Section 4.2, as both mechanisms can help ensure a high level of performance and accountability across the entire RIR system, such that it continues to support the evolving needs of the internet.



We encourage the ASO AC to consider adding additional specificity to Article 3 regarding the Recognition of Candidate RIRs. Several of the criterion in the current draft are worded somewhat ambiguously, which may pose challenges for the existing RIRs and ICANN to evaluate applications from Candidate RIRs in the future. As an example, the ASO AC could consider setting specific thresholds for criteria such as demonstrating that Resource Holders in a Candidate RIR's proposed Service Region "broadly support" the Candidate, by requiring support from at least 75% of the Resource Holders in the proposed Service Region. In addition, transparency into how such thresholds are measured and verified, through publishing evaluation reports or summaries would improve community confidence in the process and reduce the risk of perceived inconsistency.



Due to the critical function that each RIR and the RIR system plays in the DNS and the broader internet, it is vital that the criteria to both establish and continually operate an RIR be set at an appropriately high level. To that end, we suggest that Article 3, Section 3.1 incorporate a requirement for Candidate RIRs to submit a formal business plan that would demonstrate its financial sustainability, operational readiness, and long-term viability. The ASO AC may also consider adding requirements for qualified third parties to assess the Capability and Impact criteria for recognition outlined in sections 3.1.d and 3.1.e according to clear and objective metrics.



Finally, to further strengthen governance, we recommend that the ASO AC provide greater detail on the Rehabilitation process referenced in Article 5, Section 5.1. The ASO AC could consider doing this in either this Governance Document or separate document focused on the implementation details of operational

requirements. In the event of an RIR's non-compliance with the Governance Document, the broader RIR system would benefit from additional clarity on how compliant RIRs are expected to support the noncompliant RIR and how critical services will be maintained during such periods.



Conclusion

Verisign appreciates the work that has gone into developing this draft Governance Document and supports the broader goal of reinforcing the governance framework for the RIR system as a critical component of global internet infrastructure. We look forward to future iterations of this important document. Verisign's recommendations are intended to help preserve system stability, promote clear and consistent standards, and ensure accountability through well-defined oversight mechanisms.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/icp2_review/attachments/20250523/e8317729/attachment.htm>