JdeBP> [...] Verisign is unlikely to co÷perate in the revocation
JdeBP> of its own authority.

WS> How does this work again? ICANN has a contract with Verisign
WS> to manage the registry right?

It's not the "com." and "net." registries that are what I was
referring to. _In addition_ to running the "com." and "net."
content DNS servers (and the registries from which their databases
are generated), Verisign _also_ manages the two ICANN "." content
DNS servers at and

The scenario plays out like this: If Verisign refuses to revert
to toeing the line, the next port of call is to have the root server
organizations delegate "com." and "net." to some _other_ company,
that will. However, in the case of one root server organization,
ICANN, Verisign is one of the companies that runs the organization's
own "." content DNS servers. Verisign could thus _also_ refuse to
toe the line if it came to ICANN re-delegating "com." and "net.".

WS> I would think they may have broken the contract with this
WS> move so ICANN could take it back and bid it out again to
WS> someone else?

That depends from the exact terms of the contract, if there is one.
Reading ICANN's articles of incorporation and bylaws makes me wonder
whether it even has the power to make such contracts (given that they
only mention oversight and advice, and not the actual provision of
"." content DNS server itself). I also strongly suspect that, if
such a contract exists, its terms _don't_ prohibit what Verisign
has done.

I further suspect that none of the other root server organisations
have a contract with Verisign, either, and are wondering what is
going to happen in the event that Verisign really does decide not
to revert to toeing the line and to be obstinate (or, worse,
decides to deploy one of the various new denial-of-service weapons
that people have just given to it over the past few days).