[ssr2-implementation-shepherds] SSR2 'Pending/Likely to Be Approved' Recommendations - Clarifying Questions

Russ Housley housley at vigilsec.com
Mon Jan 10 20:10:15 UTC 2022 

Response to
SSR2 Pending - Likely to be Approved Recommendations
Clarifying Questions for Implementation Shepherds

10 January 2022


SSR2 Recommendation 5.4

a. Please clarify the Implementation Shepherds expectations for the
   granularity of the reports?

Other recommendations call for audits and reporting.  Experience with
the audit related to updates to the IANA registries offers real world
example.  Auditors are unwilling to publicly publish too many details,
but they will publicly publish an high-level summary, and then provide
some more details to representatives of the community under NDA.  Also,
some SSR2 Review Team members have experience with SOC audits, where
the auditors publish attestations in the form of SOC3 reports.  Given
this understanding, we recommend that ICANN org discuss this situation
with their audit firm and provide the greatest granularity to the
community that ICANN org and the audit firm will allow.  We expect that
more details than a standard SOC3 report could be publicly published.

b. What reporting cadence would the Implementation Shepherds consider
   acceptable?
   
We recommend a process that integrates this reporting with other annual
audits.


SSR2 Recommendation 19.1

a. In its introductory comments, the SSR2 RT discusses a "DNS testbed",
   yet the recommendation title discusses a "DNS regression test suite"
   and the recommendations discuss a "DNS resolver behavior" test suite.
   Can ICANN org assume that these three terms all refer to the same
   thing, namely a "DNS testbed for resolver behavior"?

Yes.  The DNS Testbed includes test for resolvers; see
https://github.com/icann/resolver-testbed.  The resolver test can be run
against past and current releases of resolver software.


SSR2 Recommendation 20.2

a. We understand and agree that once Recommendation 20.1 (Formal
   Procedures for Key Rollovers) is implemented, a tabletop exercise is
   beneficial. Can the SSR2 Implementation Shepherds clarify some of the
   targets of this exercise? More specifically:

   i.  Would scheduling tabletops to coincide with key rollovers,
       procedural changes, or other events where the input is considered
       most valuable be sufficient to meet the "periodic" timeframe
       recommended by the SSR2?

   ii. For existing tabletop exercises within ICANN, ICANN org identifies
       those internal departments and external SMEs that are evaluated to
       be most appropriate to exercise the planned scenarios. In developing
       a tabletop exercise in response to this recommendation, ICANN org
       anticipates a similar process, likely involving external stakeholders
       such as trusted community representatives. Did the SSR2 intend for
       there to be additional parameters to guide ICANN org's development
       of these tabletop exercises, and if so, please identify?

   This will help the org better estimate the level of effort that would
   be required, as well as perform a high level cost-benefit analysis of
   this recommendation.

Yes, the tabletop exercises should be conducted prior to key rollovers
and after procedural changes.  These tabletop exercises ensure that all
parties are prepared for possible contingencies.  In addition, after the
first two or three tabletop exercises, subsequent tabletop exercises
should be conducted every two or three years to help identify any gaps
in the procedures.  Consideration for the scenario development can take
into account previous events that might impact a seamless rollover and
events that may change overall system dependencies or redundancy. 

We did not have additional parameters in mind.  That said, after the
first tabletop exercise is conducted, we recommend public consultation,
particularly with SSAC, as part of the implementation plan.  The
consultation will allow the community to suggest improvements for
subsequent tabletop exercises.


> On Dec 7, 2021, at 1:29 PM, Negar Farzinnia via ssr2-implementation-shepherds <ssr2-implementation-shepherds at icann.org> wrote:
> 
> Dear SSR2 implementation shepherds, 
>  
> I hope this email finds you all well.
>  
> If you recall, during the call between the Board and the SSR2 Implementation Shepherds on 29 September 2021 (see public record <https://community.icann.org/display/SSR/SSR2+Implementation+Shepherds>), ICANN org discussed the process by which we will handle the SSR2 pending recommendations (as specified in the Board resolution 2021.07.22.13 <https://www.icann.org/resources/board-material/resolutions-2021-07-22-en#2.a>), noting that the pending recommendations  will be addressed in groups for convenience: 1) pending/likely to be approved, 2) pending/likely to be rejected, and 3) pending/ additional clarification and information is needed.
>  
> ICANN org has completed identifying and drafting the clarifying questions associated with the pending recommendations that are likely to be approved. Attached, please find these questions for your consideration. Given the upcoming holidays and being mindful of everyone’s busy schedules, we would appreciate your response by Friday, 14 January 2022.
>  
> Note that we are continuing to work on the other pending category recommendations in parallel and plan on sending you clarifying questions associated with the ‘pending/likely to be rejected’ recommendations next.
>  
> Please do not hesitate to let us know if there is any support we can provide to assist you in providing responses to these clarifying questions. Should a call with ICANN org or the Board Caucus Group be helpful, we are more than happy to arrange it. 
>  
> Thank you again for volunteering for the role of implementation shepherds and helping ICANN org and the Board move this important work forward.
>  
> Kind regards,
> Negar
> --
> Negar Farzinnia
> Director, Implementation Operations
> Internet Corporation for Assigned Names and Numbers (ICANN)
>  
> Email: negar.farzinnia at icann.org <mailto:negar.farzinnia at icann.org>
> Skype: negar.farzinnia.icann
> www.icann.org <http://www.icann.org/>
>  
> <SSR2 ISES Questions - Group 1 - Likely to be approved - Final.pdf>_______________________________________________
> ssr2-implementation-shepherds mailing list
> ssr2-implementation-shepherds at icann.org <mailto:ssr2-implementation-shepherds at icann.org>
> https://mm.icann.org/mailman/listinfo/ssr2-implementation-shepherds <https://mm.icann.org/mailman/listinfo/ssr2-implementation-shepherds>
> 
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy <https://www.icann.org/privacy/policy>) and the website Terms of Service (https://www.icann.org/privacy/tos <https://www.icann.org/privacy/tos>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/ssr2-implementation-shepherds/attachments/20220110/30e51586/attachment-0001.html>

More information about the ssr2-implementation-shepherds mailing list