[CWG-Stewardship] SLE update - ICANN seeks to delay SLE Accountability reporting......

James Gannon james at cyberinvasion.net
Tue Oct 13 10:41:10 UTC 2015 

Thanks for this update Paul.
This is a critical part of our CWG process and it worries me to hear that there may be potential delays from ICANNs side on this incredibly important matter. If necessary short term additional staff should be provided from the ICANN Reserve Fund in order to fulfil this community expectation.

As a security guy in my day job I share your concern about the apparent/potential lack of an audit trail and transaction log for this system, I cannot see this being the case in reality given ICANNs recent security issues I would think that systems closest to the root would be heavily logged and tracked.

This is a troubling point and one that should be taken up by senior ICANN staff/board members if necessary and our co-chairs at the earliest possible juncture.

-James Gannon





On 13/10/2015, 11:31 a.m., "cwg-stewardship-bounces at icann.org on behalf of Paul M Kane - CWG" <cwg-stewardship-bounces at icann.org on behalf of paul.kane-cwg at icb.co.uk> wrote:

>
>Dear all
>
>I note today's CWG call has been cancelled and there is a request for a SLE
>progress update.
>
>As you know the IANA Service Level standards developed by members of the
>Community and ICANN staff was agreed by all involved in September.
>
>This Service Level Expectation (SLE) captures _current_ IANA processes
>and current transaction times for updates to the current Root Zone
>Management System and introduces thresholds for each stage of the
>process - thereby building a framework of accountability to the naming
>community.
>
>In June, as part of validating the SLE compliance thresholds for their
>current processes, the SLE WG proposed a test phase.  The approach of
>having a test phase was accepted by ICANN (and NTIA) to simulate IANA's
>life "post" NTIA's oversight. (Copy below of email explaining this sent
>to the CWG Chairs below).  The test phase is scheduled to start 1st
>January 2016.
>
>I attended a meeting in Brussels on Wednesday and met with Elise Gerish,
>IANA Manager who told me that ICANN does not have the resources to
>identify their current RZM processes in terms of time taken for the SLE.
> Consequently, they are proposing to delay the testing of the naming
>community's reporting requirements until after March/April 2016. This
>was news to me and I assume/hope it would be unreasonable to deduce that
>ICANN are delaying to potentially seize control of the IANA RZM (from
>NTIA's oversight) without having to adhere to the operational SLE
>standards agreed with the community.
>
>The SLE document is fundamental to ensuring that ICANN delivers an
>accountable service to each Registry operator and the naming community
>generally.  It is essential that the community developed SLE is in place
>as soon as possible.
>
>A while back, I spoke with the contractor who wrote the IANA RZM system
>and he said most of the data is already captured, it is just that ICANN
>wanted the data extraction tools disabled. Having an effective
>transaction log of each process step is a fundamental part of
>Information Security Management (ISO/IEC 27001)- and is basic good
>practice - and it should not be a complicated task to generate the SLE
>reports from the transaction logs.
>
>It is essential that at the time of transition we have a
>tried/tested/proven SLE standard in place so ICANN is accountable to our
>naming community.
>
>Can I encourage every member of the CWG (and ICG) to invite ICANN to
>engage the necessary resources to enable the SLE accountability
>reporting mechanisms from the 1st January 2016 on their test (post NTIA)
>RZM platform ...... as they are doing for the other IANA customers
>(numbers and protocols)?
>
>Thanks
>
>Best
>
>Paul
>
>
>-------- Forwarded Message --------
>Subject: 	DTA - got there ....
>Date: 	Tue,  09-Jun-2015 07:45 +0100
>From: 	Paul M Kane <Paul.Kane at icb.co.uk>
>To: 	Jonathan Robinson <jrobinson at afilias.info>, lise.fuhr at difo.dk
><lise.fuhr at difo.dk>
>
>
>
>I am pleased to advise ICANN/IANA and the Service Level Design team
>reached agreement for a proper SLE to be in place post transition.
>
>IANA are offering to capture the additional time stamps necessary to
>ascertain their performance.
>
>We do need the CWG (and or ICG) to sanction the continuation of our
>work, after the submission to ICG, as there may be moves by ICANN to
>kill a demanding SLE once it leaves our oversight and CWG's role is
>wound down.
>
>What has been agreed (privately).
>
> 1. The CWG/ICG Community needs to sanction the work of the SLE Team as
>    a Community initiative.
> 2. IANA and Adam (my guy) are going to refine the SLE and then present
>    that to the DTA for adoption (approx 4 weeks to finish).
> 3. Once agreed, IANA will develop an Test Phase plan (2 weeks)
>    including an internal ICANN request for Technical Resources.
> 4. The Test phase needs NTIA approval - 2 weeks.
> 5. Once NTIA has approved, the resources to extract the times needed
>    will be deployed.- 1 month
> 6. IANA will then for 2 to 3 months run a trial capturing real world
>    transaction information and provide that to the DT
> 7. With real world data (that IANA is comfortable with) - we will
>    populate the agreed thresholds for the SLE.
> 8. With the SLE data specified (Jan/Feb 2016), the SLE will be in place
>    for the Implementation Phase.
> 9. Checking of the SLE during the Implementation Phase
>10. SLE in place from the date of Transition !
>
>
>I will be on the call later - estimated arrival time 5-30 UTC - sorry
>for being late
>
>Best
>
>Paul
>
>
>
>_______________________________________________
>CWG-Stewardship mailing list
>CWG-Stewardship at icann.org
>https://mm.icann.org/mailman/listinfo/cwg-stewardship

More information about the CWG-Stewardship mailing list