[ssr2-implementation-shepherds] [EXT]Re: [Ext] Re: SSR2 'Pending/Likely to Be Approved' Recommendations - Clarifying Questions

Negar Farzinnia negar.farzinnia at icann.org
Tue Jan 11 01:01:15 UTC 2022


Hi Kerry-Ann,

Happy New Year! Thank you very much for the confirmation!

Hope you had a lovely holiday!

Kind regards,
Negar
--
Negar Farzinnia
Director, Implementation Operations
Internet Corporation for Assigned Names and Numbers (ICANN)

Email: negar.farzinnia at icann.org<mailto:negar.farzinnia at icann.org>
Skype: negar.farzinnia.icann
www.icann.org


From: "Barrett, Kerry-Ann" <KABarrett at oas.org>
Date: Monday, January 10, 2022 at 4:48 PM
To: Negar Farzinnia <negar.farzinnia at icann.org>, Russ Housley <housley at vigilsec.com>
Cc: SSR2 Implementation Shepherds <ssr2-implementation-shepherds at icann.org>
Subject: Re: [EXT]Re: [ssr2-implementation-shepherds] [Ext] Re: SSR2 'Pending/Likely to Be Approved' Recommendations - Clarifying Questions

Dear Negar

Just confirming that this is a consolidated response from the Implementation Shepards.

Happy new year and hope you’re well.

Sincerely
Kerry-Ann Barrett
Cybersecurity Program Manager
Secretariat of the Inter-American Committee against Terrorism (CICTE)
Secretariat for Multidimensional Security (SMS)
Organization of American States
1889 F Street NW Washington D.C. 20006
   (202) 370 4675 -   (202) 458 3857
www.oas.org/cyber
@KerryAnn_Cyber| @OEA_Cyber

Register to our distribution list!
________________________________
From: ssr2-implementation-shepherds <ssr2-implementation-shepherds-bounces at icann.org> on behalf of Negar Farzinnia via ssr2-implementation-shepherds <ssr2-implementation-shepherds at icann.org>
Sent: Monday, January 10, 2022 7:26:23 PM
To: Russ Housley <housley at vigilsec.com>
Cc: SSR2 Implementation Shepherds <ssr2-implementation-shepherds at icann.org>
Subject: [EXT]Re: [ssr2-implementation-shepherds] [Ext] Re: SSR2 'Pending/Likely to Be Approved' Recommendations - Clarifying Questions

CAUTION: EXTERNAL SENDER

Hello Russ,



Happy New Year! I hope you had a restful and joyous holiday!



Thank you very much for providing your input to the first set of clarifying questions pertaining to the SSR2 recommendations in the ‘pending/likely to be approved’ category.



Would you please confirm whether these responses are on behalf of all the members of the SSR2 Implementation Shepherds or if we should anticipate additional responses?



Thank you in advance.



Kind regards,

Negar

--

Negar Farzinnia

Director, Implementation Operations

Internet Corporation for Assigned Names and Numbers (ICANN)



Email: negar.farzinnia at icann.org<mailto:negar.farzinnia at icann.org>

Skype: negar.farzinnia.icann

www.icann.org





From: Russ Housley <housley at vigilsec.com>
Date: Monday, January 10, 2022 at 12:10 PM
To: Negar Farzinnia <negar.farzinnia at icann.org>
Cc: SSR2 Implementation Shepherds <ssr2-implementation-shepherds at icann.org>
Subject: [Ext] Re: [ssr2-implementation-shepherds] SSR2 'Pending/Likely to Be Approved' Recommendations - Clarifying Questions



Response to

SSR2 Pending - Likely to be Approved Recommendations

Clarifying Questions for Implementation Shepherds



10 January 2022





SSR2 Recommendation 5.4



a. Please clarify the Implementation Shepherds expectations for the

   granularity of the reports?



Other recommendations call for audits and reporting.  Experience with

the audit related to updates to the IANA registries offers real world

example.  Auditors are unwilling to publicly publish too many details,

but they will publicly publish an high-level summary, and then provide

some more details to representatives of the community under NDA.  Also,

some SSR2 Review Team members have experience with SOC audits, where

the auditors publish attestations in the form of SOC3 reports.  Given

this understanding, we recommend that ICANN org discuss this situation

with their audit firm and provide the greatest granularity to the

community that ICANN org and the audit firm will allow.  We expect that

more details than a standard SOC3 report could be publicly published.



b. What reporting cadence would the Implementation Shepherds consider

   acceptable?



We recommend a process that integrates this reporting with other annual

audits.





SSR2 Recommendation 19.1



a. In its introductory comments, the SSR2 RT discusses a "DNS testbed",

   yet the recommendation title discusses a "DNS regression test suite"

   and the recommendations discuss a "DNS resolver behavior" test suite.

   Can ICANN org assume that these three terms all refer to the same

   thing, namely a "DNS testbed for resolver behavior"?



Yes.  The DNS Testbed includes test for resolvers; see

https://github.com/icann/resolver-testbed [github.com] [nam10.safelinks.protection.outlook.com]<https://urldefense.com/v3/__https:/nam10.safelinks.protection.outlook.com/?url=https*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2Fgithub.com*2Ficann*2Fresolver-testbed__*3B!!PtGJab4!qGvNqxqkGfucDSlegFlghBT2qW9ka2KjSRS_VCqHgyoBHt-MJ30RbtObUixBwR28s-VLerhu8w0*24&data=04*7C01*7CKABarrett*40oas.org*7Cd42c656ca38847e0c9d108d9d49901b7*7C4fdc3f2315064175958c37999cee0941*7C0*7C0*7C637774577340830329*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C3000&sdata=iO*2BDqU9ONIeJlPd3SjjF4Z6Bn1PRwW9ryOdrjvXsya4*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!PtGJab4!vnMMI_lXyZIZVpm-zMMLss6kajueqNZjM4p95ii_Ke_z5aLm5Aoiqrio52wU7EnZRjLpzVB_mVg$>.  The resolver test can be run

against past and current releases of resolver software.





SSR2 Recommendation 20.2



a. We understand and agree that once Recommendation 20.1 (Formal

   Procedures for Key Rollovers) is implemented, a tabletop exercise is

   beneficial. Can the SSR2 Implementation Shepherds clarify some of the

   targets of this exercise? More specifically:



   i.  Would scheduling tabletops to coincide with key rollovers,

       procedural changes, or other events where the input is considered

       most valuable be sufficient to meet the "periodic" timeframe

       recommended by the SSR2?



   ii. For existing tabletop exercises within ICANN, ICANN org identifies

       those internal departments and external SMEs that are evaluated to

       be most appropriate to exercise the planned scenarios. In developing

       a tabletop exercise in response to this recommendation, ICANN org

       anticipates a similar process, likely involving external stakeholders

       such as trusted community representatives. Did the SSR2 intend for

       there to be additional parameters to guide ICANN org's development

       of these tabletop exercises, and if so, please identify?



   This will help the org better estimate the level of effort that would

   be required, as well as perform a high level cost-benefit analysis of

   this recommendation.



Yes, the tabletop exercises should be conducted prior to key rollovers

and after procedural changes.  These tabletop exercises ensure that all

parties are prepared for possible contingencies.  In addition, after the

first two or three tabletop exercises, subsequent tabletop exercises

should be conducted every two or three years to help identify any gaps

in the procedures.  Consideration for the scenario development can take

into account previous events that might impact a seamless rollover and

events that may change overall system dependencies or redundancy.



We did not have additional parameters in mind.  That said, after the

first tabletop exercise is conducted, we recommend public consultation,

particularly with SSAC, as part of the implementation plan.  The

consultation will allow the community to suggest improvements for

subsequent tabletop exercises.





On Dec 7, 2021, at 1:29 PM, Negar Farzinnia via ssr2-implementation-shepherds <ssr2-implementation-shepherds at icann.org<mailto:ssr2-implementation-shepherds at icann.org>> wrote:



Dear SSR2 implementation shepherds,



I hope this email finds you all well.



If you recall, during the call between the Board and the SSR2 Implementation Shepherds on 29 September 2021 (see public record [nam10.safelinks.protection.outlook.com]<https://urldefense.com/v3/__https:/nam10.safelinks.protection.outlook.com/?url=https*3A*2F*2Fcommunity.icann.org*2Fdisplay*2FSSR*2FSSR2*2BImplementation*2BShepherds&data=04*7C01*7CKABarrett*40oas.org*7Cd42c656ca38847e0c9d108d9d49901b7*7C4fdc3f2315064175958c37999cee0941*7C0*7C0*7C637774577340986561*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C3000&sdata=3d4T2dUpSnWUY*2FEWFRummE26XgmmKFURHKiSEMQv8*2FA*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSU!!PtGJab4!vnMMI_lXyZIZVpm-zMMLss6kajueqNZjM4p95ii_Ke_z5aLm5Aoiqrio52wU7EnZRjLphCqzHlA$>), ICANN org discussed the process by which we will handle the SSR2 pending recommendations (as specified in the Board resolution 2021.07.22.13 [nam10.safelinks.protection.outlook.com]<https://urldefense.com/v3/__https:/nam10.safelinks.protection.outlook.com/?url=https*3A*2F*2Fwww.icann.org*2Fresources*2Fboard-material*2Fresolutions-2021-07-22-en*232.a&data=04*7C01*7CKABarrett*40oas.org*7Cd42c656ca38847e0c9d108d9d49901b7*7C4fdc3f2315064175958c37999cee0941*7C0*7C0*7C637774577340986561*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C3000&sdata=ftbW5FUoIMkiNt62CCPVUTe1GyRpeTqtHX13jEW*2BiR8*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSUl!!PtGJab4!vnMMI_lXyZIZVpm-zMMLss6kajueqNZjM4p95ii_Ke_z5aLm5Aoiqrio52wU7EnZRjLp82Vdi9Q$>), noting that the pending recommendations  will be addressed in groups for convenience: 1) pending/likely to be approved, 2) pending/likely to be rejected, and 3) pending/ additional clarification and information is needed.



ICANN org has completed identifying and drafting the clarifying questions associated with the pending recommendations that are likely to be approved. Attached, please find these questions for your consideration. Given the upcoming holidays and being mindful of everyone’s busy schedules, we would appreciate your response by Friday, 14 January 2022.



Note that we are continuing to work on the other pending category recommendations in parallel and plan on sending you clarifying questions associated with the ‘pending/likely to be rejected’ recommendations next.



Please do not hesitate to let us know if there is any support we can provide to assist you in providing responses to these clarifying questions. Should a call with ICANN org or the Board Caucus Group be helpful, we are more than happy to arrange it.



Thank you again for volunteering for the role of implementation shepherds and helping ICANN org and the Board move this important work forward.



Kind regards,

Negar

--

Negar Farzinnia

Director, Implementation Operations

Internet Corporation for Assigned Names and Numbers (ICANN)



Email: negar.farzinnia at icann.org<mailto:negar.farzinnia at icann.org>

Skype: negar.farzinnia.icann

www.icann.org [nam10.safelinks.protection.outlook.com]<https://urldefense.com/v3/__https:/nam10.safelinks.protection.outlook.com/?url=http*3A*2F*2Fwww.icann.org*2F&data=04*7C01*7CKABarrett*40oas.org*7Cd42c656ca38847e0c9d108d9d49901b7*7C4fdc3f2315064175958c37999cee0941*7C0*7C0*7C637774577340986561*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C3000&sdata=pguZ0kJS1IwzEbFmLRmoILSXf*2BbQvXQWTuXLWia8Y6k*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUl!!PtGJab4!vnMMI_lXyZIZVpm-zMMLss6kajueqNZjM4p95ii_Ke_z5aLm5Aoiqrio52wU7EnZRjLpXptja8Y$>



<SSR2 ISES Questions - Group 1 - Likely to be approved - Final.pdf>_______________________________________________
ssr2-implementation-shepherds mailing list
ssr2-implementation-shepherds at icann.org<mailto:ssr2-implementation-shepherds at icann.org>
https://mm.icann.org/mailman/listinfo/ssr2-implementation-shepherds [nam10.safelinks.protection.outlook.com]<https://urldefense.com/v3/__https:/nam10.safelinks.protection.outlook.com/?url=https*3A*2F*2Fmm.icann.org*2Fmailman*2Flistinfo*2Fssr2-implementation-shepherds&data=04*7C01*7CKABarrett*40oas.org*7Cd42c656ca38847e0c9d108d9d49901b7*7C4fdc3f2315064175958c37999cee0941*7C0*7C0*7C637774577340986561*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C3000&sdata=sKzvXM6zfUhPxQpM666tuX3mGtjk*2BSZ2IZ*2BJ*2FqsDRAk*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!PtGJab4!vnMMI_lXyZIZVpm-zMMLss6kajueqNZjM4p95ii_Ke_z5aLm5Aoiqrio52wU7EnZRjLpkrQjmNc$>

_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy [nam10.safelinks.protection.outlook.com]<https://urldefense.com/v3/__https:/nam10.safelinks.protection.outlook.com/?url=https*3A*2F*2Fwww.icann.org*2Fprivacy*2Fpolicy&data=04*7C01*7CKABarrett*40oas.org*7Cd42c656ca38847e0c9d108d9d49901b7*7C4fdc3f2315064175958c37999cee0941*7C0*7C0*7C637774577340986561*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C3000&sdata=gIb6a43UoYm0BBWNcAJTP73FgF08Ws*2BnCVPdg9gYgXM*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJQ!!PtGJab4!vnMMI_lXyZIZVpm-zMMLss6kajueqNZjM4p95ii_Ke_z5aLm5Aoiqrio52wU7EnZRjLpGaUv38g$>) and the website Terms of Service (https://www.icann.org/privacy/tos [nam10.safelinks.protection.outlook.com]<https://urldefense.com/v3/__https:/nam10.safelinks.protection.outlook.com/?url=https*3A*2F*2Fwww.icann.org*2Fprivacy*2Ftos&data=04*7C01*7CKABarrett*40oas.org*7Cd42c656ca38847e0c9d108d9d49901b7*7C4fdc3f2315064175958c37999cee0941*7C0*7C0*7C637774577340986561*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C3000&sdata=9s5UkurzIULS*2BzHwKbrkYp*2F0dhpmNpmdoP2jx52E97M*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSU!!PtGJab4!vnMMI_lXyZIZVpm-zMMLss6kajueqNZjM4p95ii_Ke_z5aLm5Aoiqrio52wU7EnZRjLpjFbG5ZE$>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/ssr2-implementation-shepherds/attachments/20220111/5e02e440/attachment-0001.html>


More information about the ssr2-implementation-shepherds mailing list