[council] FW: Joint Working Group to consider concept of DNS CERT

Gomes, Chuck cgomes at verisign.com
Sun Jun 13 14:06:28 UTC 2010


Thanks for the very constructive feedback Terry.  I agree that ICANN performs some operational tasks but I don't think they are for the most part an operational organization in the technical sense.  There are many organizations that already have the technical organization skills and infrastructure so it is likely that they could perform the operational tasks more cost effectively; that is where I am coming from along with the fact that I think it is important that ICANN stay within its technical coordination mission.

Chuck

> -----Original Message-----
> From: Terry L Davis, P.E. [mailto:tdavis2 at speakeasy.net]
> Sent: Saturday, June 12, 2010 12:43 PM
> To: Gomes, Chuck; 'Liz Gasster'; 'Tim Ruiz'; 'GNSO Council '
> Subject: RE: [council] FW: Joint Working Group to consider concept of
> DNS CERT
> 
> Chuck/Liz
> 
> I'll disagree a bit with both of you here a bit.
> 
> Liz, I think you find some significant policy work associated with a
> CERT's operation; scope; information access, control, and distribution;
> active and passive participation policy; some basic "rules of
> engagement" with different entities and SGs; etc.
> 
> Chuck, To me ICANN already has an operational component in both DNS and
> address management, and I think that those will continue to grow.  I
> will agree that a CERT may be more operationally traditional in
> staffing requirements but I believe there will be a growing number of
> DNS security events where ICANN will have to respond to have respond
> immediately with CERT-like actions and directions to preserve Internet
> SSR.
> 
> Food for thought.. we might want to consider a slightly different name
> as "DNS CERT" will generate some confusion with "DNS Certificates"
> which are often referred to as a "DNS Cert".  Just some thoughts,
> "ICANN ERT", "DNS ERT", "Internet ERT", etc.
> 
> Take care
> Terry
> 
> 
> 
> 
> -----Original Message-----
> From: owner-council at gnso.icann.org [mailto:owner-
> council at gnso.icann.org] On Behalf Of Gomes, Chuck
> Sent: Friday, June 11, 2010 9:03 PM
> To: Liz Gasster; Tim Ruiz; GNSO Council
> Subject: RE: [council] FW: Joint Working Group to consider concept of
> DNS CERT
> 
> 
> Thanks for the thoughtful response Liz.  The DNS-CERT certainly has
> lots of operational components.  In my personal opinion, that is one of
> the reasons why ICANN's involvement raises key issues because ICANN is
> not an operational organization.  That is not to say that ICANN cannot
> and should not play an important role but I think it does mean that the
> ICANN community should be involved in what that role should be because
> it does involve security policy.
> 
> Hopefully we can talk about this more.  I certainly do not have answers
> for all the questions but hopefully we can work together to find many
> of them.
> 
> Chuck
> 
> > -----Original Message-----
> > From: Liz Gasster [mailto:liz.gasster at icann.org]
> > Sent: Friday, June 11, 2010 5:43 PM
> > To: Gomes, Chuck; Tim Ruiz; GNSO Council
> > Subject: RE: [council] FW: Joint Working Group to consider concept of
> > DNS CERT
> >
> > Chuck,
> >
> > I understand that the DNS Cert could heavily impact GNSO
> stakeholders,
> > but my thinking was that not every issue of significant impact to
> GNSO
> > stakeholders is necessarily a policy issue.
> >
> > Again, I understand that this could be a high priority for the
> > community to discuss and have input into.  I wasn't making a value
> > judgment on the level of importance or impact or whether a working
> > group should be formed, but I see the DNS-CERT as an operational
> > function.  To me the community consultation process would look at
> this
> > as an operational practice, which may be more akin to comment on say,
> > consultation on the strategic and operational plans or other ICANN
> non-
> > policy programs.
> >
> > I will give this further thought and would welcome the views of
> others.
> > I may be projecting from my previous experience with several CERTS
> and
> > CSIRTS as operational entities.
> >
> > Thanks, Liz
> >
> > -----Original Message-----
> > From: Gomes, Chuck [mailto:cgomes at verisign.com]
> > Sent: Friday, June 11, 2010 1:33 PM
> > To: Liz Gasster; Tim Ruiz; GNSO Council
> > Subject: RE: [council] FW: Joint Working Group to consider concept of
> > DNS CERT
> >
> > Liz,
> >
> > Do you really think that ICANN's involvement in a DNS-CERT does not
> > have any policy development implications?  I would agree with you
> that
> > it is not a typical GNSO policy development issue but it heavily
> > impacts GNSO stakeholders.
> >
> > Chuck
> >
> > > -----Original Message-----
> > > From: Liz Gasster [mailto:liz.gasster at icann.org]
> > > Sent: Friday, June 11, 2010 4:22 PM
> > > To: Gomes, Chuck; Tim Ruiz; GNSO Council
> > > Subject: RE: [council] FW: Joint Working Group to consider concept
> of
> > > DNS CERT
> > >
> > > Tim, Chuck and all,
> > >
> > > If I may comment from a staff perspective, I agree that the
> > > "prioritization" may not be an issue at the drafting team stage
> > > assuming that volunteers prepare the charter, but I also agree with
> > Tim
> > > that prioritization would be needed in order to assure adequate
> GNSO
> > > staff support for a new WG, given the current workload.
> > >
> > > Also, I know this is an important issue for the community, and
> staff
> > > would of course support this group as requested by the SO/ACs to
> > > facilitate community consultation as needed, but I would note that
> > the
> > > topic does not seem to be a policy development matter, which may be
> > > relevant when the Council considers other GNSO "prioritization"
> > > projects that are policy-related.
> > >
> > > Thanks, Liz
> > >
> > > -----Original Message-----
> > > From: owner-council at gnso.icann.org [mailto:owner-
> > > council at gnso.icann.org] On Behalf Of Gomes, Chuck
> > > Sent: Friday, June 11, 2010 10:55 AM
> > > To: Tim Ruiz; GNSO Council
> > > Subject: RE: [council] FW: Joint Working Group to consider concept
> of
> > > DNS CERT
> > >
> > >
> > > As you know Tim, the request from the ccNSO came this week, so this
> > > effort is not included in the prioritization exercise.  Going
> forward
> > > we will need to decide whether we include DTs in this. For now, as
> > long
> > > as there are volunteers to work on this, it may be okay, and we
> seem
> > to
> > > have a lot of volunteers.
> > >
> > > Chuck
> > >
> > > > -----Original Message-----
> > > > From: owner-council at gnso.icann.org [mailto:owner-
> > > > council at gnso.icann.org] On Behalf Of Tim Ruiz
> > > > Sent: Friday, June 11, 2010 12:45 PM
> > > > To: GNSO Council
> > > > Subject: RE: [council] FW: Joint Working Group to consider
> concept
> > of
> > > > DNS CERT
> > > >
> > > >
> > > > How does this fit into our prioritization efforts? It's not on
> the
> > > > current list of 15 projects. I would think that the RrSG would be
> > > > interested in this effort, but I also think we need to figure out
> > how
> > > > it
> > > > fits overall on the priority list. Of course, something we (RrSG)
> > > noted
> > > > when completed our ratings was that three or four of the listed
> > > > projects
> > > > are very near end.
> > > >
> > > > Tim
> > > >
> > > >
> > > > -------- Original Message --------
> > > > Subject: RE: [council] FW: Joint Working Group to consider
> concept
> > of
> > > > DNS CERT
> > > > From: "Gomes, Chuck" <cgomes at verisign.com>
> > > > Date: Fri, June 11, 2010 10:05 am
> > > > To: <KnobenW at telekom.de>, <council at gnso.icann.org>
> > > >
> > > > I made similar points to Chris Wolf.  He understands that a
> charter
> > > > cannot be completed before Brussels but would just like to see
> the
> > > work
> > > > getting started on the charter. I totally support your
> suggestion,
> > > > i.e.,
> > > > “The intention and the status could be announced by Chris and
> > > yourself
> > > > in Brussels and the chartering team could start drafting
> > immediately
> > > > afterwards.”, and believe he is comfortable with that as well.
> > > >
> > > > But I would like to identify all charter DT volunteers by then if
> > not
> > > > before if possible.
> > > >
> > > > Thanks for the good comments.
> > > >
> > > > Chuck
> > > >
> > > > From: KnobenW at telekom.de [mailto:KnobenW at telekom.de]
> > > > Sent: Friday, June 11, 2010 10:50 AM
> > > > To: Gomes, Chuck; council at gnso.icann.org
> > > > Subject: AW: [council] FW: Joint Working Group to consider
> concept
> > of
> > > > DNS CERT
> > > >
> > > >
> > > >
> > > > I understand Chris' request but would like to ask if the time
> > > pressure
> > > > is that much that immediate action (before Brussels) is needed.
> > > > We're really busy to cover all the more urgent items (e.g. New
> > gTLDs,
> > > > VI, PDP...) until that event.
> > > >
> > > > To avoid misunderstanding: there's great interest on CSG side to
> > > > actively participate in a (pre-)WG offering technical,
> operational
> > > and
> > > > managerial expertise, as well for chartering. But I don't see
> > > capacity
> > > > available to be provided for immediate action.
> > > >
> > > >
> > > > The intention and the status could be announced by Chris and
> > yourself
> > > > in
> > > > Brussels and the chartering team could start drafting immediately
> > > > afterwards.
> > > >
> > > >
> > > > Regards
> > > > Wolf-Ulrich
> > > >
> > > >
> > > >
> > > >
> > > > Von: owner-council at gnso.icann.org [mailto:owner-
> > > council at gnso.icann.org]
> > > > Im Auftrag von Gomes, Chuck
> > > > Gesendet: Freitag, 11. Juni 2010 03:41
> > > > An: council at gnso.icann.org
> > > > Betreff: [council] FW: Joint Working Group to consider concept of
> > DNS
> > > > CERT
> > > > Wichtigkeit: Hoch
> > > > I forwarded the following message to the Council the yesterday
> and
> > > > added
> > > > the topic to our agenda for our meeting under Other Business.
> > > > Unfortunately, as we ran out of time, I failed to cover it.  My
> > > intent
> > > > was to simply ask if anyone objected to considering the formation
> > of
> > > a
> > > > WG as described by Chris and if not, to request volunteers to
> start
> > > > working on a possible charter with volunteers from the ccNSO.  So
> I
> > > > will
> > > > ask those questions now:
> > > >
> > > > 1.       Does anyone object to considering the formation of such
> a
> > > WG?
> > > > Note that we would not make an official decision to support such
> a
> > WG
> > > > until after we see a draft charter.  If anyone objects, please
> > > > communicate your objection not later than next Wednesday, 16
> June.
> > > > 2.       Assuming there is no opposition, who would like to
> > volunteer
> > > > for the charter drafting team?  Note that this is not a request
> for
> > > > volunteers for what might eventually be a WG, but only for a
> > charter
> > > > DT.
> > > > Regarding question 2, there have already been some volunteers in
> > > > response to my message yesterday:
> > > >
> > > > ·         Terry Davis (NCA)
> > > > ·         Rafik Damik (NCSG)
> > > > ·         Greg Aaron (RySG, Afilias)
> > > > ·         Kathy Kleiman (RySG, PIR)
> > > > ·         Keith Drazek (RySG, VeriSign).
> > > > If anyone else wants to volunteer, please communicate your
> interest
> > > on
> > > > this list not later than next Wednesday, 16 June.  We will then
> > > > communicate the names and contact information to the ccNSO.
> > > >
> > > > Thanks, Chuck
> > > >
> > > > From: Chris Disspain [mailto:ceo at auda.org.au]
> > > > Sent: Tuesday, June 08, 2010 9:54 PM
> > > > To: Gomes, Chuck
> > > > Cc: 'Cheryl Langdon-Orr'
> > > > Subject: Joint Working Group to consider concept of DNS CERT
> > > >
> > > >
> > > >
> > > > Chuck,
> > > >
> > > > In our conversation last week we discussed the possibility of the
> > > gNSO
> > > > and ccNSO (along with other relevant ACs and independent experts)
> > > > setting up the working group contemplated in the joint Chair’s
> > letter
> > > > to ICANN of 25 March 2010 as soon as possible.
> > > >
> > > > I put this proposal to the ccNSO council on our call of 8 June
> and
> > > > confirm that the council has agreed that in the event of the
> > proposal
> > > > also being agreed by the gNSO council, a small joint drafting
> team
> > > > should work before Brussels to draft the charter for the
> > > establishment
> > > > of a Working Group comprising representatives of ICANN’s Security
> > and
> > > > Stability Advisory Committee, Root Server System Advisory
> > Committee,
> > > > GAC, ALAC, CERT operators and ccTLD and gTLD managers to draw
> upon
> > > > their
> > > > collective expertise and to solicit their input on:
> > > > ·         the broad concept of a DNS-CERT;
> > > > ·         the current work being undertaken to mitigate DNS-
> related
> > > > threats;
> > > > ·         the actual level, frequency and severity of these
> > threats;
> > > > ·         the gaps (if any) in the current security response to
> DNS
> > > > issues;
> > > > ·         whether or not a DNS-CERT is a proposal they support;
> and
> > > > ·         if so, the logistics of the proposal.
> > > > The goal would be to have the charter approved by the ccNSO and
> > gNSO
> > > in
> > > > Brussels if possible so that we can announce the formation of the
> > > > working group. I’m guessing that formally the working group will
> > need
> > > > to be a joint gNSO ccNSO group (as the 2 relevant supporting
> > > > organisations that can actually make policy) with the charter
> > > mandating
> > > > the involvement of the relevant ACs and outside experts.
> > > >
> > > > In the event that the gNSO council does approve the proposal then
> > the
> > > > action items will be a) to call for some volunteers to do the
> > > drafting
> > > > along with Bart Boswinkel as ccNSO staff and an equivalent gNSO
> > > person
> > > > and b) to approach the other ACs to inform them that this is
> > > occurring.
> > > >
> > > > I understand your council meets on 10 June 2010 and look forward
> to
> > > > hearing from you regarding your discussions.
> > > >
> > > > Cheers,
> > > >
> > > >
> > > > Chris Disspain | Chief Executive Officer
> > > > .au Domain Administration Ltd
> > > > T: 1300 732 929 | F: 03 8341 4112
> > > > E: ceo at auda.org.au | W:www.auda.org.au
> > > >
> > > > auDA - The Australian Domain Name Administrator
> > > >
> > > >
> > > > Important Notice - This email may contain information which is
> > > > confidential and/or subject to legal privilege, and is intended
> for
> > > the
> > > > use of the named addressee only. If you are not the intended
> > > recipient,
> > > > you must not use, disclose or copy any part of this email. If you
> > > have
> > > > received this email by mistake, please notify the sender and
> delete
> > > > this
> > > > message immediately. Please consider the environment before
> > printing
> > > > this email.
> > > >
> > > >
> > > >
> > > > __________ Information from ESET Smart Security, version of virus
> > > > signature database 5183 (20100608) __________
> > > >
> > > > The message was checked by ESET Smart Security.
> > > >
> > > > http://www.eset.com
> > > >
> > >
> 
> 





More information about the council mailing list