<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.im
{mso-style-name:im;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Hmmm, I thought this conversation was taking place in DT-F. now I see it is here, too.
<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">So this is what I wrote to DT-F on this topic:<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Let me make it clear why I am insisting on a better articulation of the purpose of the separation [between IANA
and the RZ Maintainer]. <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I actually support the idea intuitively, but feel that unless we clearly state the purpose of the separation we
are not providing clear instructions on how to do it, and we could easily fail to achieve our goals.
<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">As an example, there are people in the US who support the separation because they want a U.S. company under U.S.
legal jurisdiction to have some control over what goes into the RZF, and to serve as a check should ICANN “escape” California.
<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">There may also be people who support the separation (as Jordan partially does below) because they don’t think ICANN
or a legally separated IANA affiliate would have the operational capability to run the primary RZ as reliably as Verisign.
<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">In contrast, David Conrad has repeatedly suggested that the separation is a kind of two-factor authentication that
can provide a means of preventing errors and abuses of power, both. <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Others also see it as a check on concentration of power.<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Those three rationales above point to completely different requirements for the type of separation we would ask
for. <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Let me focus on David’s rationale, as I think it is the one that has the most support.
<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">If separation between RZM and IANA RZ editing is intended to provide two-factor authentication, then it implies
a certain level of autonomy among the parties, does it not? RZM cannot be a passive recipient of IANA instructions that are automatically implemented – can they? Or is there some way to automate the exchange between IANA and VRSN that still allows some kind
of additional error or security check or some way to filter out of policy abuses?
<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">--MM<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></font></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;font-weight:bold">From:</span></font></b><font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> cwg-stewardship-bounces@icann.org
[mailto:cwg-stewardship-bounces@icann.org] <b><span style="font-weight:bold">On Behalf Of
</span></b>Greg Shatan<br>
<b><span style="font-weight:bold">Sent:</span></b> Friday, April 17, 2015 11:02 AM<br>
<b><span style="font-weight:bold">To:</span></b> David Conrad<br>
<b><span style="font-weight:bold">Cc:</span></b> cwg-stewardship@icann.org<br>
<b><span style="font-weight:bold">Subject:</span></b> Re: [CWG-Stewardship] Several questions for DT-F<o:p></o:p></span></font></p>
</div>
</div>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><o:p> </o:p></span></font></p>
<div>
<div>
<p class="MsoNormal"><font size="3" face="Verdana"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">Earlier, Jordan said:<o:p></o:p></span></font></p>
</div>
<div>
<p class="MsoNormal"><font size="3" face="Verdana"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p> </o:p></span></font></p>
</div>
<div>
<div>
<p class="MsoNormal"><font size="2" color="blue" face="Arial"><span style="font-size:9.5pt;font-family:"Arial",sans-serif;color:blue">In the operation of the IANA functions and their stewardship, through to the root zone, there are currently three significant
parties: the NTIA, ICANN and Verisign.</span></font><font size="2" face="Arial"><span style="font-size:9.5pt;font-family:"Arial",sans-serif"><o:p></o:p></span></font></p>
</div>
<div>
<p class="MsoNormal"><font size="2" face="Arial"><span style="font-size:9.5pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></font></p>
</div>
<div>
<p class="MsoNormal"><font size="2" color="blue" face="Arial"><span style="font-size:9.5pt;font-family:"Arial",sans-serif;color:blue">With the end of the IANA Functions Contract and the CWG's emerging proposal to assign the stewardship responsibility to ICANN,
this will reduce the parties involved to two.</span></font><font size="2" face="Arial"><span style="font-size:9.5pt;font-family:"Arial",sans-serif"><o:p></o:p></span></font></p>
</div>
<div>
<p class="MsoNormal"><font size="2" face="Arial"><span style="font-size:9.5pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></font></p>
</div>
<div>
<p class="MsoNormal"><font size="2" face="Verdana"><span style="font-size:9.5pt;font-family:"Verdana",sans-serif">I believe this is not immediately true, though it may become so. It is my understanding that the Verisign Cooperative Agreement will stay in place
for the time being, with amendments made to account for the ending of the IANA Functions Contract. I recognize that statements were made that the Cooperative Agreement/relationship would be the subject of a related, parallel transaction. However, it is my
sense that this transition may well be "serial," rather than "parallel." </span></font><font size="2"><span style="font-size:9.5pt"><o:p></o:p></span></font></p>
</div>
<div>
<p class="MsoNormal"><font size="2" face="Times New Roman"><span style="font-size:9.5pt"><o:p> </o:p></span></font></p>
</div>
<div>
<p class="MsoNormal"><font size="2" face="Verdana"><span style="font-size:9.5pt;font-family:"Verdana",sans-serif">Greg</span></font><font size="2"><span style="font-size:9.5pt"><o:p></o:p></span></font></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><o:p> </o:p></span></font></p>
<div>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">On Fri, Apr 17, 2015 at 10:44 AM, David Conrad <<a href="mailto:david.conrad@icann.org" target="_blank">david.conrad@icann.org</a>> wrote:<o:p></o:p></span></font></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<p class="MsoNormal" style="margin-bottom:12.0pt"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Hi,<br>
<br>
I won't bother arguing whether or not ICANN has the "skills and<br>
experience, the resources, and the need, to deliver the [Root Zone<br>
Maintainer] function" (hint: it isn't rocket science and ICANN already<br>
does). I will simply note that in many (most?) situations in which an<br>
operational infrastructure is considered important, there is a requirement<br>
for a "Two Person Rule" (<a href="http://en.wikipedia.org/wiki/Two-man_rule" target="_blank">http://en.wikipedia.org/wiki/Two-man_rule</a>). For<br>
example, it would be cheaper, easier, and far simpler if there was a<br>
single person in nuclear missile silos able to launch the missiles, yet<br>
there is a requirement for two people with two keys to enable launch.<br>
<br>
Further, if you have two party controls (and you assume a base level of<br>
competence), it does not matter who performs the functions as long as they<br>
are different: the two parties provide checks to minimize the risk that<br>
either party has the ability to unilaterally either accidentally or<br>
maliciously "do the bad thing".<br>
<br>
It is true that it is not technically essential to have two party<br>
controls, nor is it the most efficient way of operating, however I<br>
personally believe it is appropriate in the context of the root zone. How<br>
that is actually implemented should be a topic for future discussion.<br>
<br>
Regards,<br>
-drc<br>
<br>
<br>
<span class="im">-----Original Message-----</span><br>
<span class="im">From: CW Lists <<a href="mailto:lists@christopherwilkinson.eu">lists@christopherwilkinson.eu</a>></span><br>
<span class="im">Date: Friday, April 17, 2015 at 5:11 AM</span><br>
<span class="im">To: Alan Greenberg <<a href="mailto:alan.greenberg@mcgill.ca">alan.greenberg@mcgill.ca</a>></span><br>
<span class="im">Cc: CWG Mailing List <<a href="mailto:cwg-stewardship@icann.org">cwg-stewardship@icann.org</a>></span><br>
<span class="im">Subject: Re: [CWG-Stewardship] Several questions for DT-F</span><o:p></o:p></span></font></p>
<div>
<div>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">>Dear Alan, Dear CWG colleagues:<br>
><br>
>1. I think that it is not technically essential to have separate IANA and<br>
>RZM operators. It is visually preferable and in certain limiting cases<br>
>more secure, provided that an appropriately independent RZM operator can<br>
>be identified.<br>
><br>
> In any event, absent the NTIA contract, it would be entirely<br>
>inappropriate for any Registry or Registrar with a corporate interest in<br>
>the content of the Root Zone to become or remain RZM operator.<br>
><br>
>2. I agree with Alan's question. I have also been perplexed as to the<br>
>motives for the explicit and implicit attacks on IANA performance in the<br>
>CWG. If it not evidence-based, then Why?<br>
><br>
>CW<br>
><br>
><br>
><br>
>On 17 Apr 2015, at 04:01, Alan Greenberg <<a href="mailto:alan.greenberg@mcgill.ca">alan.greenberg@mcgill.ca</a>> wrote:<br>
><br>
>> 1.<br>
>><br>
>> Milton has asked (several times) WHY we want to ensure that the IANA<br>
>>Functions Operator and Root Zone Maintainer must be separate entities.<br>
>>The answers I have heard to date do not (in my mind, or presumably<br>
>>Milton's) really explain why the two-party solution is better. With the<br>
>>current architecture, most or all errors that Verisign could catch would<br>
>>also be catchable in a single-party implementation.<br>
>><br>
>> Can anyone provide either a general answer or specific scenarios where<br>
>>the two-party solution is better.<br>
>><br>
>><br>
>> 2.<br>
>><br>
>> 1.c.1 Says that we need to consider increasing robustness WITHIN IANA<br>
>>prior to the CWG proposal being submitted.<br>
>><br>
>> 1.c.2 Says we need to consider robustness everywhere (including within<br>
>>IANA) post transition.<br>
>><br>
>> I am not aware of the justification for 1.c.1 other than it was sort of<br>
>>implied by the transfer of tasks from DT-D. But since NTIA did not<br>
>>refuse authorizations and there are no known problems, it is not clear<br>
>>that this is an urgent matter.<br>
>><br>
>> Moreover I find it highly unlikely that a proper job of this could be<br>
>>done prior to transition if it occurs in 2015 or early 2016.<br>
>><br>
>> Do we want to keep it?<br>
>><br>
>> Alan<DT-F_Rec-v07.pdf>_______________________________________________<br>
>> CWG-Stewardship mailing list<br>
>> <a href="mailto:CWG-Stewardship@icann.org">CWG-Stewardship@icann.org</a><br>
>> <a href="https://mm.icann.org/mailman/listinfo/cwg-stewardship" target="_blank">
https://mm.icann.org/mailman/listinfo/cwg-stewardship</a><br>
><br>
>_______________________________________________<br>
>CWG-Stewardship mailing list<br>
><a href="mailto:CWG-Stewardship@icann.org">CWG-Stewardship@icann.org</a><br>
><a href="https://mm.icann.org/mailman/listinfo/cwg-stewardship" target="_blank">https://mm.icann.org/mailman/listinfo/cwg-stewardship</a><o:p></o:p></span></font></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><br>
_______________________________________________<br>
CWG-Stewardship mailing list<br>
<a href="mailto:CWG-Stewardship@icann.org">CWG-Stewardship@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/cwg-stewardship" target="_blank">https://mm.icann.org/mailman/listinfo/cwg-stewardship</a><o:p></o:p></span></font></p>
</blockquote>
</div>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><o:p> </o:p></span></font></p>
</div>
</div>
</div>
</body>
</html>