[DTC CSC] CSC Charter 0 7

Kurt Pritz kpritz at thedna.org
Fri Apr 10 23:58:28 UTC 2015 

Hi David:

You could argue but you'd have to find someone with whom to argue, and I agree with you, especially that the oversight of service / operational changes should be outsourced to a technically competent entity. 

I termed them both authorization tasks because the same entity (NTIA, the contract administrator) was making the final decision, even though in root zone changes the decisions were usually based upon in-house expertise and in operations changes the decisions were based on out-sourced expertise. 

In the case, the CSC design team (and I hope I am getting their thinking right here) decided that the CSC should not be the ones selecting the entities to whom the analysis would be outsourced or be the ones deciding that the out-sourced work was adequate. Taking on this role has no upside for the CSC, and only downside if a wrong decision is made.  To me that thinking is correct as the additional oversight task turns the CSC from a monitoring body into an operational body. It should be the CSC right to call for independent review of a change but not oversee that review.

If we were going to implement the Kurt Pritz model, ICANN would retain independent expertise as required (and for independence sake have that contractor report directly to the Board) to perform the oversight of material service and operational changes. 

Thanks for taking the time to write,

Kurt

_____________________________________
Kurt Pritz
Executive Director, Domain Name Association
kpritz at thedna.org
+1-310-400-4184
Skype: kjpritz




On Apr 10, 2015, at 3:47 PM, David Conrad <david.conrad at icann.org> wrote:

> Kurt,
> 
> My thought is that the mechanism for considering changes to IANA services and operations is the equivalent of the NTIA authorization function.
> 
> I'd argue that the root zone change authorization function is fundamentally quite different in the sense that while (in theory) it is possible for the Root Zone Administrator to determine whether a change request conforms to pre-defined policy, I'm not sure it is possible for the Root Zone Administrator to determine whether a proposed change to the architecture of the Internet is sufficiently well thought  to not impact the security/stability of the Internet and/or whether the need for the change outweighs the risk of the change.
> 
> In practice, my understanding is that while NTIA did perform the authorization of change requests directly themselves (as documented in the slides they provided), they "outsourced" (typically to NIST) the development of criteria for accepting architectural changes and required the IANA Function Operator and Root Zone Maintainer to justify how whatever the change was being proposed met those criteria.
> 
> My proposed wording was not to suggest that the CSC had the ability to define the necessary criteria and then determine whether the criteria were met, rather it was to suggest the CSC was authorized to spin up an appropriate and competent body to do that (it happens infrequently enough that I don't think it makes sense to have a permanent body).
> 
> Regards,
> -drc
> 
> _______________________________________________
> dt3 mailing list
> dt3 at icann.org
> https://mm.icann.org/mailman/listinfo/dt3

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/dt3/attachments/20150410/32e832c5/attachment.html>

More information about the dt3 mailing list