<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.19298"></HEAD>
<BODY
style="WORD-WRAP: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space">
<DIV dir=ltr align=left><SPAN class=808483820-28092012><FONT color=#0000ff
size=2 face=Arial>Mikey,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808483820-28092012><FONT color=#0000ff
size=2 face=Arial></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=808483820-28092012><FONT color=#0000ff
size=2 face=Arial>I like the approach and see it being necessary to
continue.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808483820-28092012><FONT color=#0000ff
size=2 face=Arial>However, I personally haven't the time for diving in
deeper.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808483820-28092012><FONT color=#0000ff
size=2 face=Arial></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=808483820-28092012><FONT color=#0000ff
size=2 face=Arial>You and the WG have my full support.</FONT></SPAN></DIV>
<DIV> </DIV><!-- Converted from text/rtf format -->
<P><SPAN lang=de><FONT size=2 face="Courier New">Mit freundlichen
Grüßen</FONT></SPAN> <BR><SPAN lang=de><FONT size=2 face="Courier New">Best
regards</FONT></SPAN> <BR><SPAN lang=de><FONT size=2
face="Courier New">Wolf-Ulrich Knoben </FONT></SPAN></P><BR>
<P><SPAN lang=en-gb><FONT color=#999999 size=1 face=Arial>Deutsche Telekom
AG</FONT></SPAN> <BR><SPAN lang=en-gb><FONT color=#999999 size=1
face=Arial>Service Headquarters</FONT></SPAN> <BR><SPAN lang=en-gb><FONT
color=#999999 size=1 face=Arial>Wolf-Ulrich Knoben</FONT></SPAN> <BR><SPAN
lang=en-gb><FONT color=#999999 size=1 face=Arial>Godesberger Allee 99, 53175
Bonn, Germany</FONT></SPAN> <BR><SPAN lang=en-gb><FONT color=#999999 size=1
face=Arial>+49 2244 873999 (Phone)</FONT></SPAN> <BR><SPAN lang=en-gb><FONT
color=#999999 size=1 face=Arial>+49 2244 873955 (Fax)</FONT></SPAN> <BR><SPAN
lang=en-gb><FONT color=#999999 size=1 face=Arial>+49 151 1452 5867
(Mobile)</FONT></SPAN> <BR><SPAN lang=en-gb><FONT color=#999999 size=1
face=Arial>E-Mail: </FONT></SPAN><A href="mailto:knobenw@telekom.de"><SPAN
lang=en-gb><FONT color=#999999 size=1
face=Arial>knobenw@telekom.de</FONT></SPAN></A><SPAN lang=en-gb></SPAN><SPAN
lang=de></SPAN> <BR><SPAN lang=de></SPAN><A href="http://www.telekom.com/"><SPAN
lang=de><FONT color=#999999 size=1 face=Arial>www.telekom.com</FONT></SPAN><SPAN
lang=de></SPAN></A><SPAN lang=de></SPAN><SPAN lang=de></SPAN><SPAN lang=de><FONT
size=1 face=Arial> </FONT><FONT color=#e20074 size=1
face=Arial></FONT> <FONT color=#999999 size=1 face=Arial></FONT> <FONT
color=#e20074 size=1 face=Arial> </FONT></SPAN></P>
<P><SPAN lang=de><FONT color=#e20074 size=1 face=Arial>Life is for
sharing.</FONT><FONT color=#808000 size=1 face=Arial></FONT> <FONT
color=#979797 size=1 face=Arial></FONT> </SPAN></P>
<P><SPAN lang=de><FONT color=#999999 size=1 face=Arial>Deutsche Telekom
AG</FONT></SPAN> <BR><SPAN lang=de><FONT color=#999999 size=1
face=Arial>Supervisory Board: Prof. Dr. Ulrich Lehner (Chairman)</FONT></SPAN>
<BR><SPAN lang=de><FONT color=#999999 size=1 face=Arial>Board of Management:
René Obermann (Chairman),<BR>Reinhard Clemens, Niek Jan van Damme,<BR>Timotheus
Höttges, Dr. Thomas Kremer, Claudia Nemat, Prof. Dr. Marion Schick</FONT></SPAN>
<BR><SPAN lang=de><FONT color=#999999 size=1 face=Arial>Commercial register:
Amtsgericht Bonn HRB 6794</FONT></SPAN> <BR><SPAN lang=de><FONT color=#999999
size=1 face=Arial>Registered office: Bonn</FONT></SPAN> <BR><SPAN lang=de><FONT
color=#999999 size=1 face=Arial>WEEE reg. no. DE50478376</FONT></SPAN> </P>
<P><SPAN lang=de><B><FONT color=#999999 size=1 face=Arial>Big changes start
small</FONT> <FONT color=#999999 size=1 face=Tahoma>–</FONT><FONT color=#999999
size=1 face=Arial> conserve resources by not printing every
e-mail.</FONT></B></SPAN> </P>
<DIV> </DIV><BR>
<BLOCKQUOTE style="MARGIN-RIGHT: 0px" dir=ltr>
<DIV dir=ltr lang=de class=OutlookMessageHeader align=left>
<HR tabIndex=-1>
<FONT size=2 face=Tahoma><B>Von:</B> owner-ispcp@gnso.icann.org
[mailto:owner-ispcp@gnso.icann.org] <B>Im Auftrag von </B>Mike
O'Connor<BR><B>Gesendet:</B> Donnerstag, 27. September 2012
18:00<BR><B>An:</B> ispcp@icann.org<BR><B>Betreff:</B> [ispcp] Fwd: [dssa]
Requesting Public Comments<BR><B>Wichtigkeit:</B> Hoch<BR></FONT><BR></DIV>
<DIV></DIV>hi all,
<DIV><BR></DIV>
<DIV>now that i've to ally confused everybody with my apology for missing a
call that doesn't exist, let me add further to your workload.</DIV>
<DIV><BR></DIV>
<DIV>we, the DSSA (DNS Security and Stability Advisory working group) would
really benefit from some public comments on our report. since i'm a
co-chair of the working group, and pretty much wrote the whole report, i'm
reluctant to be the rapporteur for us on on this one. but it turns out
that lots of people in the working group must have felt the same way and the
result is that we got ZERO public comments. zip. nada.
nothing.</DIV>
<DIV><BR></DIV>
<DIV>so we're fanning out to our respective constituencies and asking that
they try to get something submitted during the "reply" comments period, which
ends just after Toronto. here's a little note that i sent out to the WG.
could i impose on some of you to craft something?</DIV>
<DIV><BR></DIV>
<DIV>sorry to bother you twice in one day, but this one is actually fairly
important. one important aspect of this is to get a feeling for whether
this cross-constituency group is actually working well, because it might be a
good model for others. but it's hard to hold it up as a model if there
aren't any reactions to the work that it did. :-)</DIV>
<DIV><BR></DIV>
<DIV>thanks,</DIV>
<DIV><BR></DIV>
<DIV>mikey<BR>
<DIV><BR>
<DIV>Begin forwarded message:</DIV><BR class=Apple-interchange-newline>
<BLOCKQUOTE type="cite">
<DIV style="MARGIN: 0px"><SPAN
style="FONT-FAMILY: 'Helvetica'; FONT-SIZE: medium"><B>From:
</B></SPAN><SPAN style="FONT-FAMILY: 'Helvetica'; FONT-SIZE: medium">"Mike
O'Connor" <<A
href="mailto:mike@haven2.com">mike@haven2.com</A>><BR></SPAN></DIV>
<DIV style="MARGIN: 0px"><SPAN
style="FONT-FAMILY: 'Helvetica'; FONT-SIZE: medium"><B>Subject:
</B></SPAN><SPAN
style="FONT-FAMILY: 'Helvetica'; FONT-SIZE: medium"><B>[dssa] Requesting
Public Comments</B><BR></SPAN></DIV>
<DIV style="MARGIN: 0px"><SPAN
style="FONT-FAMILY: 'Helvetica'; FONT-SIZE: medium"><B>Date:
</B></SPAN><SPAN
style="FONT-FAMILY: 'Helvetica'; FONT-SIZE: medium">September 27, 2012
10:20:43 AM CDT<BR></SPAN></DIV>
<DIV style="MARGIN: 0px"><SPAN
style="FONT-FAMILY: 'Helvetica'; FONT-SIZE: medium"><B>To: </B></SPAN><SPAN
style="FONT-FAMILY: 'Helvetica'; FONT-SIZE: medium">DSSA WG <<A
href="mailto:dssa@icann.org">dssa@icann.org</A>><BR></SPAN></DIV><BR>
<DIV
style="WORD-WRAP: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space">
<DIV><BR></DIV>Hi all,<BR><BR>Just a note to highlight that it would be
extremely helpful if your respective constituencies and supporting
organizations could contribute public comments regarding the work of
the DSSA so far. The initial public comment period is closed and the
reply-period is going to close just after the Toronto meeting, so time
is drawing short. Especially given that we'd like to review those
comments *during* the Toronto meeting.<BR><BR>Here are a few points to
consider when you lobby your respective organizations:<BR><BR>-- The
comments don't necessarily need to be long. A simple "the DSSA is
doing fine" would suffice in a pinch, although some words explaining why
would be helpful. Since the DSSA is one of those cross-community
working groups, we could use some guidance as to whether we're doing that
work in a way that is satisfactory.<BR><BR>-- The DSSA made some fairly
interesting observations in its Phase 1 Report and it would be good to get a
sense from your respective organizations as to whether we're on the
right track. I've included the picture-book Executive Summary in this
post to remind you of the high spots. Again, "you're doing fine" is
an acceptable response although again a few words of support would be
welcome. <BR><BR>And of course the most important comments are
those that take issue with something we've done -- we will listen to those
and try to set ourselves on the right track.<BR><BR>Here's a link to
the Public Comment Forum for our work. Please encourage your
membership to contribute.<BR><BR><SPAN style="WHITE-SPACE: pre"
class=Apple-tab-span></SPAN><A
href="http://www.icann.org/en/news/public-comment/dssa-phase-1-report-14aug12-en.htm">http://www.icann.org/en/news/public-comment/dssa-phase-1-report-14aug12-en.htm</A><BR><BR>Thanks,<BR><BR>Mikey<BR><BR>
<BLOCKQUOTE
style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0px; MARGIN: 0px 0px 0px 40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; BORDER-TOP: medium none; BORDER-RIGHT: medium none; PADDING-TOP: 0px"><B>1. Executive Summary</B></BLOCKQUOTE>
<BLOCKQUOTE
style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0px; MARGIN: 0px 0px 0px 40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; BORDER-TOP: medium none; BORDER-RIGHT: medium none; PADDING-TOP: 0px"><BR>This
is the first of two reports from the DNS Security and Stability
Analysis working group. The goal of this document is to
bring forward the substantial work that has been completed to
date and describe the work that remains. </BLOCKQUOTE>
<BLOCKQUOTE
style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0px; MARGIN: 0px 0px 0px 40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; BORDER-TOP: medium none; BORDER-RIGHT: medium none; PADDING-TOP: 0px"><BR>This
has been in many respects a “pioneering” cross-constituency
security-assessment effort that has developed knowledge and processes
that others will hopefully find helpful and can be reused in
the future.</BLOCKQUOTE>
<BLOCKQUOTE
style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0px; MARGIN: 0px 0px 0px 40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; BORDER-TOP: medium none; BORDER-RIGHT: medium none; PADDING-TOP: 0px"><BR><B>The
DSSA has:</B><BR>
<DIV>
<UL>
<LI>Established a cross-constituency working group and put the
organizational framework to manage that group in place
<LI>Clarified the system, organizational and functional scope of
the effort
<LI>Developed an approach to handling confidential information,
should such information be required for certain assessments
<LI>Selected and tailored a risk-assessment methodology to
structure the work
<LI>Developed and tested mechanisms to rapidly collect and
consolidate risk-assessment scenarios across a broad and diverse
group of interested participants
<LI>Used an “alpha-test” of those systems to develop the high-level
risk-scenarios in this report. Those scenarios will
serve as the starting point for the remainder of the
effort</LI></UL></DIV>
<DIV><BR></DIV><B>Work that remains:</B><BR>
<DIV>
<UL>
<LI>Perform a proof of concept to refine and streamline the
methodology on one broad risk-scenario topic with the goal of
reducing cycle time and making it more accessible to a broader
community
<LI>Roll the methodology out to progressively broader groups of
participants to introduce the methodology to the community and
further improve the process and tools on the way to completing
the assessment</LI></UL></DIV>
<DIV><BR></DIV><B>1.1. Key findings</B></BLOCKQUOTE>
<BLOCKQUOTE
style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0px; MARGIN: 0px 0px 0px 40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; BORDER-TOP: medium none; BORDER-RIGHT: medium none; PADDING-TOP: 0px"><B><BR></B>The
DSSA has a number of observations to share with the community after
completing the first phase of its work. Those observations are
summarized here, presented in more detail in the body of this report
and in some cases presented in even more detail in the
Appendix. The working group has also developed a
series of tools that can be used by any DNS provider to conduct risk
assessments. Those tools, and extremely
detailed documentation of the assessment, are available on the
working group wiki.</BLOCKQUOTE>
<BLOCKQUOTE
style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0px; MARGIN: 0px 0px 0px 40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; BORDER-TOP: medium none; BORDER-RIGHT: medium none; PADDING-TOP: 0px"><BR><B>1.1.1. Risk Scenarios</B></BLOCKQUOTE>
<BLOCKQUOTE
style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0px; MARGIN: 0px 0px 0px 40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; BORDER-TOP: medium none; BORDER-RIGHT: medium none; PADDING-TOP: 0px"><B><BR></B>The
DSSA has analyzed five broad risk scenarios. These will be
explored in more depth during the next phase of the
effort. Those scenarios are:<BR>
<DIV>
<UL>
<LI>Gaps in policy, management, or leadership lead to splitting the
root
<LI>“Reductive” forces (security, risk-mitigation, control through
rules, etc.) lead to splitting the root
<LI>Widespread natural disaster brings down the root or a major TLD
<LI>Attacks exploiting technical vulnerabilities of the DNS bring
down the root or a major TLD
<LI>Inadvertent technical mishap brings down the root or a major
TLD</LI></UL></DIV>
<DIV><BR></DIV><B>1.1.2. Scope</B><BR><BR></BLOCKQUOTE>
<BLOCKQUOTE
style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0px; MARGIN: 0px 0px 0px 40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; BORDER-TOP: medium none; BORDER-RIGHT: medium none; PADDING-TOP: 0px">The
DSSA analyzed several scope issues that needed to be resolved in
order to complete the work. <BR>
<DIV>
<UL>
<LI>Scope of “the DNS” used by the working group
<LI>The functional context of the DSSA within a broader risk
management framework
<LI>The organizational context of the DSSA vis a vis the SSR-RT and
DNRMF efforts</LI></UL></DIV>
<DIV><BR></DIV><B>1.1.3. Approach</B></BLOCKQUOTE>
<BLOCKQUOTE
style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0px; MARGIN: 0px 0px 0px 40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; BORDER-TOP: medium none; BORDER-RIGHT: medium none; PADDING-TOP: 0px"><B><BR></B>The
DSSA also embarked on developing methodologies that were required in
order for the working group to complete its assignments. These
methods may be useful in other contexts, both inside and outside
of ICANN. These include:<BR>
<DIV>
<UL>
<LI>A protocol for handling confidential information
<LI>A tailored “compound sentence” risk-assessment methodology
based on the NIST 800-30 and 800-53 standards
<LI>An approach to risk assessment that accommodates the unique
security assessment requirements of the multi-stakeholder DNS
ecosystem</LI></UL></DIV>
<DIV><BR></DIV><B>1.1.4. Remaining work</B><BR>The DSSA realized
that a detailed assessment of the risk scenarios it has identified is
likely to take a substantial amount of time. The DSSA,
after consultation with its chartering ACs and SOs, broke its
work into two phases. This report summarizes the work to
date, while the next phase will:<BR>
<DIV>
<UL>
<LI>Take that work to a more detailed level,
<LI>Refine the approach and methods developed so far, and
<LI>Explore whether it is feasible to transition this one-time
effort into an ongoing function to maintain an up to date
assessment of DNS risk.</LI></UL></DIV></BLOCKQUOTE><BR><BR><BR><BR>- - - -
- - - - -<BR>phone <SPAN style="WHITE-SPACE: pre" class=Apple-tab-span>
</SPAN>651-647-6109 <BR>fax <SPAN style="WHITE-SPACE: pre"
class=Apple-tab-span> </SPAN>866-280-2356 <BR>web <SPAN
style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN><A
href="http://www.haven2.com/">http://www.haven2.com</A><BR>handle<SPAN
style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>OConnorStP (ID for
public places like Twitter, Facebook, Google,
etc.)<BR><BR></DIV></BLOCKQUOTE></DIV><BR>
<DIV apple-content-edited="true"><SPAN
style="WIDOWS: 2; TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: medium Helvetica; WHITE-SPACE: normal; ORPHANS: 2; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px"
class=Apple-style-span>
<DIV style="FONT-SIZE: 12px">- - - - - - - - -</DIV>
<DIV style="FONT-SIZE: 12px">phone <SPAN style="WHITE-SPACE: pre"
class=Apple-tab-span> </SPAN>651-647-6109 </DIV>
<DIV style="FONT-SIZE: 12px">fax <SPAN style="WHITE-SPACE: pre"
class=Apple-tab-span> </SPAN>866-280-2356 </DIV>
<DIV style="FONT-SIZE: 12px">web <SPAN style="WHITE-SPACE: pre"
class=Apple-tab-span> </SPAN><A
href="http://www.haven2.com">http://www.haven2.com</A></DIV>
<DIV style="FONT-SIZE: 12px">handle<SPAN style="WHITE-SPACE: pre"
class=Apple-tab-span> </SPAN>OConnorStP (ID for public places like Twitter,
Facebook, Google, etc.)</DIV></SPAN></DIV><BR></DIV></BLOCKQUOTE></BODY></HTML>