[CWG-Stewardship] Several questions for DT-F

Gomes, Chuck cgomes at verisign.com
Fri Apr 17 17:38:19 UTC 2015 

Greg,

You seem to have information that the rest of us do not have, or at least that I do not have.  I have no idea what NTIA is going to do with the Cooperative Agreement.  Where did your understanding come from?

Chuck

From: cwg-stewardship-bounces at icann.org [mailto:cwg-stewardship-bounces at icann.org] On Behalf Of Greg Shatan
Sent: Friday, April 17, 2015 11:02 AM
To: David Conrad
Cc: cwg-stewardship at icann.org
Subject: Re: [CWG-Stewardship] Several questions for DT-F

Earlier, Jordan said:

In the operation of the IANA functions and their stewardship, through to the root zone, there are currently three significant parties: the NTIA, ICANN and Verisign.

With the end of the IANA Functions Contract and the CWG's emerging proposal to assign the stewardship responsibility to ICANN, this will reduce the parties involved to two.

I believe this is not immediately true, though it may become so.  It is my understanding that the Verisign Cooperative Agreement will stay in place for the time being, with amendments made to account for the ending of the IANA Functions Contract.  I recognize that statements were made that the Cooperative Agreement/relationship would be the subject of a related, parallel transaction.  However, it is my sense that this transition may well be "serial," rather than "parallel."

Greg

On Fri, Apr 17, 2015 at 10:44 AM, David Conrad <david.conrad at icann.org<mailto:david.conrad at icann.org>> wrote:
Hi,

I won't bother arguing whether or not ICANN has the "skills and
experience, the resources, and the need, to deliver the [Root Zone
Maintainer] function" (hint: it isn't rocket science and ICANN already
does). I will simply note that in many (most?) situations in which an
operational infrastructure is considered important, there is a requirement
for a "Two Person Rule" (http://en.wikipedia.org/wiki/Two-man_rule). For
example, it would be cheaper, easier, and far simpler if there was a
single person in nuclear missile silos able to launch the missiles, yet
there is a requirement for two people with two keys to enable launch.

Further, if you have two party controls (and you assume a base level of
competence), it does not matter who performs the functions as long as they
are different: the two parties provide checks to minimize the risk that
either party has the ability to unilaterally either accidentally or
maliciously "do the bad thing".

It is true that it is not technically essential to have two party
controls, nor is it the most efficient way of operating, however I
personally believe it is appropriate in the context of the root zone.  How
that is actually implemented should be a topic for future discussion.

Regards,
-drc


-----Original Message-----
From: CW Lists <lists at christopherwilkinson.eu<mailto:lists at christopherwilkinson.eu>>
Date: Friday, April 17, 2015 at 5:11 AM
To: Alan Greenberg <alan.greenberg at mcgill.ca<mailto:alan.greenberg at mcgill.ca>>
Cc: CWG Mailing List <cwg-stewardship at icann.org<mailto:cwg-stewardship at icann.org>>
Subject: Re: [CWG-Stewardship] Several questions for DT-F
>Dear Alan, Dear CWG  colleagues:
>
>1.     I think that it is not technically essential to have separate IANA and
>RZM operators. It is visually preferable and in certain limiting cases
>more secure, provided that an appropriately independent RZM operator can
>be identified.
>
>       In any event, absent the NTIA contract,  it would be entirely
>inappropriate for any Registry or Registrar with a corporate interest in
>the content of the Root Zone to become or remain RZM operator.
>
>2.     I agree with Alan's question. I have also been perplexed as to the
>motives for the explicit and implicit attacks on IANA performance in the
>CWG. If it not evidence-based, then Why?
>
>CW
>
>
>
>On 17 Apr 2015, at 04:01, Alan Greenberg <alan.greenberg at mcgill.ca<mailto:alan.greenberg at mcgill.ca>> wrote:
>
>> 1.
>>
>> Milton has asked (several times) WHY we want to ensure that the IANA
>>Functions Operator and Root Zone Maintainer must be separate entities.
>>The answers I have heard to date do not (in my mind, or presumably
>>Milton's) really explain why the two-party solution is better. With the
>>current architecture, most or all errors that Verisign could catch would
>>also be catchable in a single-party implementation.
>>
>> Can anyone provide either a general answer or specific scenarios where
>>the two-party solution is better.
>>
>>
>> 2.
>>
>> 1.c.1 Says that we need to consider increasing robustness WITHIN IANA
>>prior to the CWG proposal being submitted.
>>
>> 1.c.2 Says we need to consider robustness everywhere (including within
>>IANA) post transition.
>>
>> I am not aware of the justification for 1.c.1 other than it was sort of
>>implied by the transfer of tasks from DT-D. But since NTIA did not
>>refuse authorizations and there are no known problems, it is not clear
>>that this is an urgent matter.
>>
>> Moreover I find it highly unlikely that a proper job of this could be
>>done prior to transition if it occurs in 2015 or early 2016.
>>
>> Do we want to keep it?
>>
>> Alan<DT-F_Rec-v07.pdf>_______________________________________________
>> CWG-Stewardship mailing list
>> CWG-Stewardship at icann.org<mailto:CWG-Stewardship at icann.org>
>> https://mm.icann.org/mailman/listinfo/cwg-stewardship
>
>_______________________________________________
>CWG-Stewardship mailing list
>CWG-Stewardship at icann.org<mailto:CWG-Stewardship at icann.org>
>https://mm.icann.org/mailman/listinfo/cwg-stewardship

_______________________________________________
CWG-Stewardship mailing list
CWG-Stewardship at icann.org<mailto:CWG-Stewardship at icann.org>
https://mm.icann.org/mailman/listinfo/cwg-stewardship

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/cwg-stewardship/attachments/20150417/8b81f5af/attachment.html>

More information about the CWG-Stewardship mailing list