[council] Motion on the Final Report of the joint DNS Security and Stability Analysis (DSSA) working group

Mike O'Connor mike at haven2.com
Fri Dec 6 13:40:56 UTC 2013


hi David,

thanks for this.  but i want to raise a cautionary note.

the results of the Board's work create a huge amount of headwind for the continuation of the DSSA.  partly because the consultant's work was extremely high level, which means that the Security team at ICANN is probably going to be working for at least another year putting actual meat on the bones.  and partly because the consultant chose to go with a different, and proprietary, methodology which CAN be reconciled with the open/free methodology that the DSSA chose but would require a lot more "prep" work by the DSSA before they could actually do the job they were assigned.

this is why the co-chairs are united in our view that pursuing additional DSSA work at this time is going to be well nigh impossible without breaking the hearts of a lot of volunteers.  

risk-management at ICANN is an urgent and difficult issue that has now been further complicated by the results of the Board work.  while i'd love to leap forward and support a restart, i'm very concerned that we would just burn people out.  i would suggest a slightly different approach.  let's put a little focus on helping the Security staff get that Board recommendation implemented, see how much can be done directly under that framework and THEN decide whether DSSA II The Sequel is required.  my hope is that much of the DSSA work will be incorporated into the work of the Security staff and that actual paid people will be available to do the heavy lifting that's required.  i'm still quite cranky about how starved the Security function is.  i think we could do a lot of good by pressing for more resources/attention by senior management on that front.

on the other hand (to steal a line from Fiddler on the Roof).  the DSSA is approaching its chartering organizations with a request to stop our work where we are.  i as the GNSO co-chair of the DSSA support that recommendation.  but the GNSO Council is completely within its rights to reject our recommendation and instruct the DSSA to carry on and complete its charter.  we co-chairs are saying "be aware that if you do that, you'll essentially have to restart the project, find new volunteers, find a path through the minefield that's been created by the Board work, and you will need to provide better aircover than we got the first time around."  ultimately that's the choice that the chartering groups need to make.  i think the ccNSO has already accepted our recommendation, but i'm not sure.  

m

On Dec 5, 2013, at 10:24 PM, David Cake <dave at difference.com.au> wrote:

> I'm of the opinion that restarting the risk assessment work of the DSSA by chartering a replacement WG would be a good plan. The DSSA did some great work, and the issues with the overlap between the boards project were certainly not intended when the SSR RT team recommended the creation of the boards project. 
> 
> The question is when. 
> 
> Regards
> 
> David
> 
> On 3 Dec 2013, at 3:22 am, Mike O'Connor <mike at haven2.com> wrote:
> 
>> hi Chuck,
>> 
>> i think the answer is "yes and no."  no, there are no specific requirements laid out that require formal action by the GNSO Council.  
>> 
>> but there is much that is suggested in this report which could lead to a variety of GNSO-sponsored activities.  the project team was becalmed by the Board's DNS Risk Management Framework project.  as a result, the DSSA didn't complete its charter, which was to actually *assess* the risks facing the DNS.  we were about to get started on that, but lost about a year while we waited for the Board work to complete.  the combination of losing momentum and conflicting recommendations from the Board project made it very hard to imagine a way for the DSSA group to complete its work.
>> 
>> as recent events have shown, we have plenty of room to improve the way that ICANN (the community and the corporation) manage risk.  in that respect my answer to your question is "absolutely yes."  but i don't know the best way to proceed from here.  
>> 
>> mikey
>> 
>> 
>> On Dec 2, 2013, at 10:25 AM, "Gomes, Chuck" <cgomes at verisign.com> wrote:
>> 
>>> Mikey,
>>>  
>>> Are there any recommendations in the final report that eventually may require action by the GNSO?
>>>  
>>> Chuck
>>>  
>>> From: owner-council at gnso.icann.org [mailto:owner-council at gnso.icann.org] On Behalf Of Mike O'Connor
>>> Sent: Monday, December 02, 2013 10:43 AM
>>> To: Council GNSO
>>> Subject: [council] Motion on the Final Report of the joint DNS Security and Stability Analysis (DSSA) working group
>>>  
>>> dear all,
>>>  
>>> here's a motion with regard to the DSSA working group.  a second would be nifty.
>>>  
>>> mikey
>>>  
>>>  
>>>  
>>> Motion on the Final Report joint DNS stability and security analysis Working Group
>>>  
>>> Whereas
>>>  
>>> 1.         The joint DNS Security and Stability Analysis working group was established by the participating Supporting Organizations and Advisory Committees ALAC, ccNSO, GNSO and NRO to better understand the security and stability of the global domain name system (DNS) in 2011. 
>>> 2.         In October 2011 the ICANN Board of Directors established the Board DNS Risk Management Framework Working Group (DNS RMF WG), with the objective to oversee the development of a risk management framework and system for the DNS as it pertains to ICANN's role as defined in the ICANN Bylaws.
>>> 3.         At the time the DSSA published its draft Report Phase 1 (August 2012), the DSSA went into hibernation to avoid overlap with the work of the Board DNS RMF and noted and informed the participating SO’s and AC’s that in order to reflect the changed environment and working method, the charter of the DSSA would need to be updated to reflect these changes.
>>> 4.         The co-chairs of the DSSA WG have send a letter to the chairs of each of the participating stakeholder organizations to submit the Final Report and the work products contained in it (available at: http://ccnso.icann.org/workinggroups/dssa-final-08nov13-en.pdf) .  
>>> 5.         The DSSA recommends the acceptance of the Final Report and further recommends that the Final Report be disseminated to the ccTLD’s for their consideration.  
>>> 6.         Upon adoption of the Final report of the DSSA, and notification of adoption to the co-chairs of the DSSA, the working group will be closed. 
>>>  
>>> Resolved
>>>  
>>> 1.         The GNSO Council adopts the Report submitted by the co-chairs of the DSSA WG, as the Final Report of the DSSA WG in accordance with section 2.4 of its charter.
>>> 2.         The chair of the GNSO Council is requested to inform the co-chairs of the DSSA WG of adoption of the Report by the GNSO Council. 
>>> 3.         The chair of GNSO Council is also requested to inform the chairs of the other participating SO’s and Ac’s (ALAC, ccNSO and NRO). 
>>> 4.         Finally, the GNSO Council thanks and congratulates all, and in particular the co-chairs of the WG: Olivier Crepin-LeBlond ( ALAC), Joerg Schweiger (.DE, ccNSO), Mikey O’ Connor (GNSO), James Galvin ( SSAC) and Mark Koster (NRO) and all volunteers and staff who helped with this effort.
>>>  
>>>  
>>>  
>>> 
>>> PHONE: 651-647-6109, FAX: 866-280-2356, WEB: www.haven2.com, HANDLE: OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
>>>  
>> 
>> 
>> PHONE: 651-647-6109, FAX: 866-280-2356, WEB: www.haven2.com, HANDLE: OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
>> 
> 


PHONE: 651-647-6109, FAX: 866-280-2356, WEB: www.haven2.com, HANDLE: OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/council/attachments/20131206/75edcf33/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3630 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/council/attachments/20131206/75edcf33/smime.p7s>


More information about the council mailing list