the downside to ICANN's history of stonewalling (Auerbach v ICANN and the 22.7 bylaw) is that it erodes trust in ICANN as an agency of any value. Eventually it could be that ICANN TLD's are just as untrusted as HTTP without TLS. This is already largely true for .biz and .info. If it gets bad enough, the internet has shown time and time again it is not only willing, but capable of eschewing monolithic and aged appendages in favour of freedom. 'trustless' is exactly the concept that delivered things like DoH, Signal, and the http/2 requirement of TLS.
Eschewing ICANN would likely not be freedom in any sense, any replacement would not be the work of open and trustless bodies, for any serious replacement would have to come from a swift coup by google, cloudflare and Amazon.
I predict any replacement would likely be open in name only and instead tightly controlled by those three entities at least from the outset. It would be no more "open" than AMP is; even if protocols and specifications are open that's irrelevant if there's a de-facto central source.
It is only by a quirk of history that ISPs not google handle most DNS and DoH "fixes" that.
It would be easy for google to remove ICANN from the loop, it would be almost impossible for anyone else to do so without google's backing. That doesn't lend itself to an open and trustless replacement.
The internet hasn't proven it's "willing or capable" to do anything not delivered via Chrome for a very long time now.
This deal is dirty as hell and I hope they have better luck than Auerbach, but I fear the money to the principals is gone forever. That will mean there's still a pound of flesh to account for, and the next target in line is everybody else.
Was there any trust left to lose then? I've always been under the firm impression that ICANN is a mixture of unhealthy commercial interests and the US government in disguise, neither party inspires a lot of trust in me.
