A possible showdown between ICANN and the US Government?

For the longest time, many ICANN observers have felt that ICANN was not a truly independent organization,  and that the ones really calling the shots was the US DoC. This became evident when the Bush administration successfully blocked the .XXX domain.  Now comes an even more potent dilemma:

 Who gets to sign the ROOT? That is, who keeps the DNSSEC private keys that authenticates the root (and thus, every gTLD and ccTLD, and by inference, every domain and subdomain thereof).  He who holds the private key to root will be the only person able to successfully spoof a cached Nameserver entry. The person holding the root DNSSEC key could, theoretically, spoof the PH nameservers, and then spoof the  Nameservers handling malcanang.gov. If that person were to spoof the MX as well, he could then intercept all incoming mail for gma@malacanang.gov. The only indication that there was an interception would be in the SMTP header (and even then, code can be easily written to alter that).  Interesting, eh? (who knows, the CIA may be spoofing GMA's mail as we speak…)

If the US governent were to hold the keys to the root,  then only the US Government would be able to intercept mail to a DNSSEC domain.

So it's really interesting. Some people are expecting ICANN to move its HQ out of the US (to prevent US meddling). My guess is, either (a) DNSSEC is delayed interminably while this is debated over and over  (thus allowing ICANN to save face) or (b) the US will agree to let some neutral entity like the UN Security Council to hold the key (or even ICANN).

My preference is (b), of course. But my guess is that the Bush Govt will push for (a). Should be interesting.