[ICANN-CSC] Role of the CSC
dvburk at gmail.com
Wed Dec 18 05:07:38 UTC 2019
my comment was not about any kind of evolution, but about the execution
of the existing agreement.
I just want to add some references to IANA Naming Function Contract here
to explain it.
"ANNEX A: STATEMENT OF WORK FOR MANAGEMENT OF THE DNS ROOT ZONE
4. BASELINE REQUIREMENTS FOR DNSSEC IN THE AUTHORITATIVE ROOT ZONE
f. Audit and Accountability Procedures
i. Contractor shall periodically review/update: (1) its formal,
documented,audit and accountability policy that addresses purpose,
scope, roles, responsibilities, management commitment, coordination
among organizational entities, and compliance; and (2) the formal,
documented procedures to facilitate the implementation of the audit and
accountability policy and associated audit and accountability controls.
1. Supplemental guidance on auditing and accountability policies may be
found in NIST SP 800-12.
2. Specific auditing events include the following:
a. Generation of keys.
b. Generation of signatures
c. Exporting of public key material
d. Receipt and validation of public key material (i.e., from the ZSK
holder or from TLDs)
e. System configuration changes
f. Maintenance and/or system updates
g. Incident response handling
h. Other events as appropriate
ii. Incident handling for physical and exceptional cyber-attacks shall
include reporting to ICANN in a timeframe and format as mutually agreed
by ICANN and Contractor.
iii. The auditing system shall be capable of producing reports on an
ad-hoc basis for ICANN or the CSC.
iv. A version of the reports provided to ICANN or the CSC must be made
As I understood from this text - the form of monitoring for DNSSEC was
already defined in the Contract.
I just mentioned that I never saw the evidence that we have got such
reports. It was my question.
Please, correct me - may be I forgot something
On 12/17/19 6:16 PM, Brett Carr wrote:
> Thanks James for the straight response below I think it’s really
> helpful especially for newer members of the CSC (I still feel like one
> a lot of the time).
> I think the CSC has an extremely good (and well deserved) reputation
> for the work it does and you are right that has been shown in some of
> the recent reviews we have taken part in.
> IMHO We need to ensure that our priorities are to ensure we continue
> to do the things referred to in our charter well and continue to build
> on our excellent reputation.
> All that said I don’t think it will be do any harm to see if we can
> spend some time seeing if there are areas that we can add more value
> (I think dnssec is potentially a good example here), however I think
> we should do that in a clear and transparent manner, where we work
> with the PTI to work out what would be appropriate and useful and then
> should we decide there are additional SLAs areas we could monitor
> propose them to the ccNSO anmd GNSO council so they can formally ask
> us to take those actions.
> Brett Carr
> Manager DNS and Network Engineering
> Nominet UK
> *From: *ICANN-CSC <icann-csc-bounces at icann.org> on behalf of James
> Gannon <lists at icann.guru>
> *Date: *Tuesday, 17 December 2019 at 14:35
> *To: *"ICANN-CSC at icann.org" <ICANN-CSC at icann.org>
> *Subject: *[ICANN-CSC] Role of the CSC
> Hi All,
> Further to our discussion on the call yesterday (16 December) I just
> want to share some information on the formation and role of the CSC.
> In the IANA Stewardship proposal
> we can find the foundational mandate of the CSC in paragraphs 1129-1132
> Customer Standing Committee (CSC) – Overseeing performance of IANA
> Functions as they relate to naming services.
> The CWG-Stewardship recommends the creation of a CSC to monitor the
> performance of PTI with the following mission:
> ·“The Customer Standing Committee (CSC) has been established to
> perform the operational oversight previously performed by the U.S.
> Department of Commerce’s National Telecommunications and Information
> Administration as it relates to the monitoring of performance of the
> IANA naming function. This transfer of responsibilities took effect on
> ·The mission of the CSC is to ensure continued satisfactory
> performance of the IANA function for the direct customers of the
> naming services. The primary customers of the naming services are TLD
> registry operators, but also include root server operators and other
> non-root zone functions. The mission will be achieved through regular
> monitoring by the CSC of the performance of the IANA naming function
> against agreed service level targets and through mechanisms to engage
> with the IANA Functions Operator to remedy identified areas of concern.”
> ·The CSC is not mandated to initiate a change in the IANA Functions
> Operator via a Special IANA Function Review, but could escalate to the
> ccNSO and GNSO Councils or either body in the specific case where the
> issue in question applies only to ccTLDs or gTLDs respectively, which
> might then decide to take further action using agreed consultation and
> escalation processes (see Annex J).
> ·The complete proposed charter of the CSC can be found in Annex G.
> Then in the foundational charter in paragraph 1314 we have the mandate
> ·The CSC is authorized to monitor the performance of the IANA naming
> function against agreed service level targets on a regular basis.
> For me the CSC has excelled in performing this role as designed and
> mandated, this was confirmed by the CSC effectiveness review and
> charter reviews that took place during our first 3 years of operation
> which did not recommend any changes or increase in scope.
> Indeed going back to the charter and proposal we had accounted for the
> eventuality that the CSC may need to evolve:
> ·Thereafter, the Charter will be reviewed at the request of the CSC,
> ccNSO or GNSO and may also be reviewed in connection with the IANA
> Function Review.
> ·The effectiveness of the CSC will initially be reviewed two years
> after the first meeting of the CSC; and then every three years
> thereafter. The method of review will be determined by the ccNSO and
> I have a personal opinion that based on the structure and method of
> formation of the CSC that the correct process for assessing the
> evolution of the role of the CSC is though the designed reviews that
> were very careful to be put in place to allow a structured evaluation
> based on the needs of the IANA customers. I don’t believe that we as
> the CSC internally should be seeking to expand our role without a
> clear mandate to do so from the ccNSO and GNSO. If members believe
> that this is a needed evolution then I think that the correct method
> to approach this is to do this through the ccNSO and GNSO councils
> making that request of us rather than us doing it internally.
> The CSC strikes a very delicate balance in its role and operation and
> I have serious concerns about changing that when it is working so
> effectively. A comment was made on the call that we cannot sit doing
> the same thing every month without change, however I will put forward
> that that is exactly what we should be doing, this is a very narrow
> scoped and designed committee that should not be exciting or
> challenging, it needs to be clean and effective and not be subject to
> scope creep for it to remain as effective as it has been to date.
> *James Gannon*
> ICANN-CSC mailing list
> ICANN-CSC at icann.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ICANN-CSC