VeriSign, often criticized for trying to exercise too much control over the net, counter-proposes that its role be enlarged. Under its proposal (.pdf), the root zone file will be signed using keys it distributes to the root server operators and if enough of them sign the file, then it is considered official.
For some reason Verisign thinks they should be able to sign the root keys instead of ICANN. I can see absolutely no reason why that would be a good idea.
