[DT-F] REVISED: Design Team F kickoff

Cheryl Langdon-Orr langdonorr at gmail.com
Wed Apr 8 10:15:37 UTC 2015 

I think Independant Auditor is a good thing to look at and discuss, it of
course is well inside my own comfort zone  of working with, gaining
accreditation for and maintaining QAS  for our ISO9000/14000 series
clients, HACCP processes and NATA accredited labs that is more akin to my
'day job' so I guess no real surprises there...


*Cheryl Langdon-O**rr ...  *(CLO)

about.me/cheryl.LangdonOrr
[image: Cheryl Langdon-Orr on about.me]
  <http://about.me/cheryl.LangdonOrr>


On 8 April 2015 at 19:48, Jaap Akkerhuis <jaap at nlnetlabs.nl> wrote:

>  David Conrad writes:
>
>  >
>  > >Given that Design Team D proposes to do away with the NTIA
>  > >authrization step[2] and that the CWG takes accept it seems to me that
>  > >the task is merely describing the changes needed in the current
>  > >procedure.
>  >
>  > The current procedure is documented at a high level in SAC067, figure #1
>  > (and its description) on pages 13 and 14. In the near term, the
>  > authorization step (step 3 in figure #1) can probably most simply be
>  > addressed by having ICANN instead of NTIA "push the button" to authorize
>  > the change.
>
> I was actually triggered by the phrase "architecture for publication
> of the Root Zone" in Alan's mail. I read that as a slightly bigger
> task (including root zone server operators etc.) then just the
> threeway exchange we have currently.
>
>  >
>  > Some examples of potential/theoretical problems in the current system I
>  > can think of:
>
> Most of these practical problems do actually already exists.
>
>  >
>  > 1. Since no other party sees proposed changes until they are published,
>  > the IANA Function Operator role can theoretically propose a change
> outside
>  > of policy that will be published to the root Whois and/or root zone.
>
> Yes, and that brings the discussion about a last resort appeals panel
> back. I do think that not all changes will have a severe impact. But
> changes which looks like (re-)delegations might indeed requite more
> examinations then ther is now.
>
>  >
>  > 2. Since the Root Zone Maintainer role holds the DNSSEC-signing key and
>  > publishes the signed root zone, they have the theoretical ability to
>  > unilaterally make out of policy changes to the root zone.
>
> Yup, as is now.
>
>  >
>  > 3. It is possible for a single party involved in root management to deny
>  > service at each interface between parties in the existing system, e.g.:
>
>  > A) IANA Function Operator refusing to process requests from the TLD
>  > manager;
>  > B) the Root Zone Administrator refusing to authorize changes submitted
> by
>  > the IANA Function Operator; or
>  > C) the Root Zone Maintainer refusing to implement changes submitted by
> the
>  > IANA Functions Operator and authorized by the Root Zone Administrator.
>
> So we should look to what would be happening now in these cases and
> then see that similar measures will be taken.
>
>  >
>  > 4. Checks and balances between the IANA Function Operator and Root Zone
>  > Maintainer roles are largely implemented via contractual obligations
> with
>  > the Root Zone Administrator.
>  >
>  > Note that #1, #2, and #3 can be either accidental (mistakes or failures)
>  > or malicious (via attacks or an "insider threat" --
>  > http://en.wikipedia.org/wiki/Insider_threat).  In many "critical
> systems"
>  > cases I'm aware of, these kinds of risks dealt with by having some sort
> of
>  > "two person rule" (http://en.wikipedia.org/wiki/Two-man_rule).
> Obviously,
>  > as we do not have a "two person rule" now, we (the Internet's users)
> rely
>  > on #4 to mitigate the risks associated with #1-#3. It's probably worth
>  > noting that in a worst case, any remedy would be after the fact.
>
> Yes, after the fact and you wat to be able to undo these (mistakes or
> failures) as quickly a possible to prevent more damage.
>
>  >
>  > >>- Current NTIA operational involvement and if/how this needs to be
>  > >>replaced or compensated for.
>  >
>  > Removing NTIA from the operational aspect of the Root Zone Administrator
>  > role is relatively straight forward as mentioned above. However,  the
>  > removal of the NTIA contractual obligations may suggest a need for
> greater
>  > reliance on built-in mechanisms to ensure appropriate principles are
> met.
>
> Given that everything is up in the air, I wonder (thinkig out looudly)
> whether currently we can point to these problems and point out that in
> future a better solution needs to be found, For now some ad-hoc
> mechanism (ICANN, Independent Auditors) could replace the NTIA
> operational role.
>
>         jaap
> _______________________________________________
> cwg-dtf mailing list
> cwg-dtf at icann.org
> https://mm.icann.org/mailman/listinfo/cwg-dtf
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/cwg-dtf/attachments/20150408/c8515f53/attachment.html>

More information about the cwg-dtf mailing list