<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Consolas",serif;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="DE-CH" link="#0563C1" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;mso-fareast-language:EN-US">Thanks for this Dimitry, this helps to allay some of my fears so is very useful for me, yes if we are speaking purely about exercising existing mandates to view reports
etc then I have much less concern, I just don’t want to CSC to move towards any kind of active involvement in operational areas for PTI such as the management of the DNSSEC/KMF/TCR processes etc.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;mso-fareast-language:EN-US">As we agreed I think discussing the methods for receiving such reports etc would be a good topic for our working meeting in Cancun.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;color:black">---</span><span lang="EN-US" style="color:black"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;color:black">James Gannon</span></b><span lang="EN-US" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="color:black">From: </span></b><span style="color:black">ICANN-CSC <icann-csc-bounces@icann.org> on behalf of Dmitry Burkov <dvburk@gmail.com><br>
<b>Date: </b>Wednesday, 18 December 2019 at 05:07<br>
<b>To: </b>"ICANN-CSC@icann.org" <icann-csc@icann.org><br>
<b>Subject: </b>Re: [ICANN-CSC] Role of the CSC<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
</div>
<p>Dear colleagues,<o:p></o:p></p>
<p>my comment was not about any kind of evolution, but about the execution of the existing agreement.<o:p></o:p></p>
<p>I just want to add some references to IANA Naming Function Contract here to explain it.<o:p></o:p></p>
<p><a href="https://www.icann.org/iana_pti_docs/151-iana-naming-function-contract-v-30sep16">https://www.icann.org/iana_pti_docs/151-iana-naming-function-contract-v-30sep16</a><o:p></o:p></p>
<p><o:p> </o:p></p>
<p>"ANNEX A: STATEMENT OF WORK FOR MANAGEMENT OF THE DNS ROOT ZONE<o:p></o:p></p>
<p>....<o:p></o:p></p>
<p>4. BASELINE REQUIREMENTS FOR DNSSEC IN THE AUTHORITATIVE ROOT ZONE<o:p></o:p></p>
<p>....<o:p></o:p></p>
<p>f. Audit and Accountability Procedures<o:p></o:p></p>
<p><o:p> </o:p></p>
<p>i. Contractor shall periodically review/update: (1) its formal, documented,audit and accountability policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (2)
the formal, documented procedures to facilitate the implementation of the audit and accountability policy and associated audit and accountability controls.<br>
1. Supplemental guidance on auditing and accountability policies may be found in NIST SP 800-12.<br>
2. Specific auditing events include the following:<br>
a. Generation of keys.<br>
b. Generation of signatures<br>
c. Exporting of public key material<br>
d. Receipt and validation of public key material (i.e., from the ZSK holder or from TLDs)<br>
e. System configuration changes<br>
f. Maintenance and/or system updates<br>
g. Incident response handling<br>
h. Other events as appropriate<br>
ii. Incident handling for physical and exceptional cyber-attacks shall include reporting to ICANN in a timeframe and format as mutually agreed by ICANN and Contractor.<br>
iii. The auditing system shall be capable of producing reports on an ad-hoc basis for ICANN or the CSC.<br>
iv. A version of the reports provided to ICANN or the CSC must be made publically available."<o:p></o:p></p>
<p><o:p> </o:p></p>
<p><o:p> </o:p></p>
<p>As I understood from this text - the form of monitoring for DNSSEC was already defined in the Contract.<o:p></o:p></p>
<p>I just mentioned that I never saw the evidence that we have got such reports. It was my question.<o:p></o:p></p>
<p>Please, correct me - may be I forgot something<o:p></o:p></p>
<p>regards,<o:p></o:p></p>
<p>Dmitry<o:p></o:p></p>
<div>
<p class="MsoNormal">On 12/17/19 6:16 PM, Brett Carr wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt">Thanks James for the straight response below I think it’s really helpful especially for newer members of the CSC (I still feel like one a lot of the time).</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">I think the CSC has an extremely good (and well deserved) reputation for the work it does and you are right that has been shown in some of the recent reviews we have taken part in.
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">IMHO We need to ensure that our priorities are to ensure we continue to do the things referred to in our charter well and continue to build on our excellent reputation.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">All that said I don’t think it will be do any harm to see if we can spend some time seeing if there are areas that we can add more value (I think dnssec is potentially a good example here), however I think
we should do that in a clear and transparent manner, where we work with the PTI to work out what would be appropriate and useful and then should we decide there are additional SLAs areas we could monitor propose them to the ccNSO anmd GNSO council so they
can formally ask us to take those actions.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Brett</span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt"><br>
--<br>
Brett Carr<br>
Manager DNS and Network Engineering<br>
Nominet UK</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="margin-left:36.0pt"><b><span style="color:black">From:
</span></b><span style="color:black">ICANN-CSC <a href="mailto:icann-csc-bounces@icann.org">
<icann-csc-bounces@icann.org></a> on behalf of James Gannon <a href="mailto:lists@icann.guru">
<lists@icann.guru></a><br>
<b>Date: </b>Tuesday, 17 December 2019 at 14:35<br>
<b>To: </b><a href="mailto:ICANN-CSC@icann.org">"ICANN-CSC@icann.org"</a> <a href="mailto:ICANN-CSC@icann.org">
<ICANN-CSC@icann.org></a><br>
<b>Subject: </b>[ICANN-CSC] Role of the CSC</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:11.0pt">Hi All,</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:11.0pt">Further to our discussion on the call yesterday (16 December) I just want to share some information on the formation and role of the CSC.</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:11.0pt">In the IANA Stewardship proposal
</span><a href="https://www.ianacg.org/icg-files/documents/IANA-transition-proposal-final.pdf"><span lang="EN-US">https://www.ianacg.org/icg-files/documents/IANA-transition-proposal-final.pdf</span></a><span lang="EN-US"> ,
</span><span lang="EN-US" style="font-size:11.0pt">we can find the foundational mandate of the CSC in paragraphs 1129-1132</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:11.0pt">Customer Standing Committee (CSC) – Overseeing performance of IANA Functions as they relate to naming services.</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:11.0pt">The CWG-Stewardship recommends the creation of a CSC to monitor the performance of PTI with the following mission:
</span><o:p></o:p></p>
<p class="MsoListParagraph" style="margin-left:108.0pt;text-indent:-18.0pt"><span style="font-family:Symbol">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif">
</span><span lang="EN-US" style="font-size:11.0pt">“The Customer Standing Committee (CSC) has been established to perform the operational oversight previously performed by the U.S. Department of Commerce’s National Telecommunications and Information Administration
as it relates to the monitoring of performance of the IANA naming function. This transfer of responsibilities took effect on [date].
</span><o:p></o:p></p>
<p class="MsoListParagraph" style="margin-left:108.0pt;text-indent:-18.0pt"><span style="font-family:Symbol">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif">
</span><span lang="EN-US" style="font-size:11.0pt">The mission of the CSC is to ensure continued satisfactory performance of the IANA function for the direct customers of the naming services. The primary customers of the naming services are TLD registry operators,
but also include root server operators and other non-root zone functions. The mission will be achieved through regular monitoring by the CSC of the performance of the IANA naming function against agreed service level targets and through mechanisms to engage
with the IANA Functions Operator to remedy identified areas of concern.” </span>
<o:p></o:p></p>
<p class="MsoListParagraph" style="margin-left:108.0pt;text-indent:-18.0pt"><span style="font-family:Symbol">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif">
</span><span lang="EN-US" style="font-size:11.0pt">The CSC is not mandated to initiate a change in the IANA Functions Operator via a Special IANA Function Review, but could escalate to the ccNSO and GNSO Councils or either body in the specific case where the
issue in question applies only to ccTLDs or gTLDs respectively, which might then decide to take further action using agreed consultation and escalation processes (see Annex J).
</span><o:p></o:p></p>
<p class="MsoListParagraph" style="margin-left:108.0pt;text-indent:-18.0pt"><span style="font-family:Symbol">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif">
</span><span lang="EN-US" style="font-size:11.0pt">The complete proposed charter of the CSC can be found in Annex G.</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt;text-indent:36.0pt"><span lang="EN-US" style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US">Then in the foundational charter in paragraph 1314 we have the mandate</span><o:p></o:p></p>
<p class="MsoListParagraph" style="margin-left:90.0pt;text-indent:-18.0pt"><span style="font-family:Symbol">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif">
</span><span lang="EN-US" style="font-size:11.0pt">The CSC is authorized to monitor the performance of the IANA naming function against agreed service level targets on a regular basis.</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US">For me the CSC has excelled in performing this role as designed and mandated, this was confirmed by the CSC effectiveness review and charter reviews that took place during our first 3 years
of operation which did not recommend any changes or increase in scope. </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US">Indeed going back to the charter and proposal we had accounted for the eventuality that the CSC may need to evolve:</span><o:p></o:p></p>
<p class="MsoListParagraph" style="margin-left:90.0pt;text-indent:-18.0pt"><span style="font-family:Symbol">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif">
</span><span lang="EN-US" style="font-size:11.0pt">Thereafter, the Charter will be reviewed at the request of the CSC, ccNSO or GNSO and may also be reviewed in connection with the IANA Function Review.
</span><o:p></o:p></p>
<p class="MsoListParagraph" style="margin-left:90.0pt;text-indent:-18.0pt"><span style="font-family:Symbol">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif">
</span><span lang="EN-US" style="font-size:11.0pt">The effectiveness of the CSC will initially be reviewed two years after the first meeting of the CSC; and then every three years thereafter. The method of review will be determined by the ccNSO and GNSO.
</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:11.0pt">I have a personal opinion that based on the structure and method of formation of the CSC that the correct process for assessing the evolution of the role of the CSC
is though the designed reviews that were very careful to be put in place to allow a structured evaluation based on the needs of the IANA customers. I don’t believe that we as the CSC internally should be seeking to expand our role without a clear mandate to
do so from the ccNSO and GNSO. If members believe that this is a needed evolution then I think that the correct method to approach this is to do this through the ccNSO and GNSO councils making that request of us rather than us doing it internally.
</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:11.0pt">The CSC strikes a very delicate balance in its role and operation and I have serious concerns about changing that when it is working so effectively. A comment was made
on the call that we cannot sit doing the same thing every month without change, however I will put forward that that is exactly what we should be doing, this is a very narrow scoped and designed committee that should not be exciting or challenging, it needs
to be clean and effective and not be subject to scope creep for it to remain as effective as it has been to date.</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:11.0pt;color:black">---</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt"><b><span lang="EN-US" style="font-size:11.0pt;color:black">James Gannon</span></b><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt"><br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>ICANN-CSC mailing list<o:p></o:p></pre>
<pre><a href="mailto:ICANN-CSC@icann.org">ICANN-CSC@icann.org</a><o:p></o:p></pre>
<pre><a href="https://mm.icann.org/mailman/listinfo/icann-csc">https://mm.icann.org/mailman/listinfo/icann-csc</a><o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://www.icann.org/privacy/policy">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a href="https://www.icann.org/privacy/tos">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.<o:p></o:p></pre>
</blockquote>
</div>
</body>
</html>