
<html>

  <head>

    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <div class="moz-cite-prefix">Rudi,<br>

      <br>

      Fine. That's a known threat with a process in place. Can you tie

      that into any specific accountability process involved with the

      hypothetical transfer of authority from the NTIA to some successor

      entity or is this a threat that is independent of contract renewal

      and/or a transfer of the contracting authority?<br>

      <br>

      Eric<br>

      <br>

      On 12/18/14 10:08 AM, Rudolph Daniel wrote:<br>

    </div>

    <blockquote

cite="mid:CA+uaoiWBGW66OLThgS-xohdxT1bSvhHeop7NcEKkoYjR2qEB6w@mail.gmail.com"

      type="cite">

      <p dir="ltr">Or/and, I would suggest, the breaking of the rootzone

        cryptographic keys by some entity, individual or agency.<br>

        I am not aware of how unbreakable the current system is.</p>

      <p dir="ltr">Rudi Daniel<br>

        ICT consulting &amp; LED lighting<br>

        784 430 9235</p>

      <div class="gmail_quote">On Dec 18, 2014 1:57 PM, "Eric

        Brunner-Williams" &lt;<a moz-do-not-send="true"

          href="mailto:ebw@abenaki.wabanaki.net">ebw@abenaki.wabanaki.net</a>&gt;

        wrote:<br type="attribution">

        <blockquote class="gmail_quote" style="margin:0 0 0

          .8ex;border-left:1px #ccc solid;padding-left:1ex">

          <div bgcolor="#FFFFFF" text="#000000"> Dear Colleagues,<br>

            <br>

            ICANN has disclosed that the email credentials of several

            members of staff have been compromised. [1]<br>

            <br>

            I suggest that a credible scenario is the compromise of some

            resource critical to some accountability process. The form

            of compromise may be loss of the resource, such as the loss

            of a cryptographic key, or the disclosure of the resource,

            such as email credentials.<br>

            <br>

            The accountability process compromised could be any one or

            more of the Corporation's ByLaws Redress Mechanisms [2], or

            those which are external to the Corporation [3].<br>

            <br>

            I will follow up with Staff on the existing Business

            Continuity Plan of Record, as credential loss and/or

            disclosure should fall within the Corporation's BC PoR, and

            it may be somewhat pertinent at the moment.<br>

            <br>

            Regards,<br>

            Eric Brunner-Williams<br>

            Eugene, Oregon<br>

            <br>

            <br>

            [1] <a moz-do-not-send="true"

              href="https://www.icann.org/news/announcement-2-2014-12-16-en"

              target="_blank">https://www.icann.org/news/announcement-2-2014-12-16-en</a><br>

            [2] (a) Reconsideration, (b) Independent third-party review,

            (c) Periodic review, and (d) Ombudsman.<br>

            [3] (a) Affirmation of Commitments, (b) Jurisdiction of

            California and the United States, (c) Other Jurisdictions,

            and (d) Contractual requirements.<br>

          </div>

          <br>

          _______________________________________________<br>

          Ccwg-accountability4 mailing list<br>

          <a moz-do-not-send="true"

            href="mailto:Ccwg-accountability4@icann.org">Ccwg-accountability4@icann.org</a><br>

          <a moz-do-not-send="true"

            href="https://mm.icann.org/mailman/listinfo/ccwg-accountability4"

            target="_blank">https://mm.icann.org/mailman/listinfo/ccwg-accountability4</a><br>

          <br>

        </blockquote>

      </div>

    </blockquote>

    <br>

  </body>

</html>