Sorry, you need to enable JavaScript to visit this website.
Skip to main content

ALAC Statement on the DNS Risk Management Framework Report

Last Updated:
Date

The following individuals composed an initial draft of this Statement [PDF, 334 KB] after discussion of the topic within At-Large and on the Mailing Lists:

  • Olivier Crépin-Leblond, Chair of the ALAC;
  • Julie Hammer, ALAC Liaison to the SSAC and At-Large member from the Asian, Australasian and Pacific Islands Regional At-Large Organization (APRALO); and
  • Alejandro Pisanty, At-Large member from the Latin American and Caribbean Islands Regional At-Large Organization (LACRALO).

On 9 September 2013, this Statement was posted on the At-Large DNS Risk Management Framework Report Workspace.

On that same day, Olivier Crépin-Leblond, Chair of the ALAC, requested ICANN Policy Staff in support of ALAC to send a Call for Comments on the draft Statement to all At-Large members via the ALAC Announce Mailing List.

On 19 September 2013, a version incorporating the comments received was posted on the aforementioned workspace. The Chair requested that Staff open a five-day ALAC ratification vote on the Statement.

On 27 September 2013, Staff confirmed that the online vote resulted in the ALAC endorsing the Statement with 12 votes in favor, 1 vote against, and 0 abstentions. You may review the result independently under: http://www.bigpulse.com/pollresults?code=3430Htzv9HByhFUcWnLs2De7.

Summary

  1. The fact that a risk management framework exists and is utilized to force rigor into the consideration of risk would be an important outcome
  2. However, the ALAC deplores that the framework that is proposed is the proprietary and business-oriented Risk Management methodology ISO31000 framework whilst the DNS Security and Stability Analysis (DSSA) Working Group had proposed the use of the Open Standard NIST 800-30 methodology.
  3. The ALAC also questions the use of a business methodology applied to the DNS.
  4. The ALAC deplores that at this point in time, the proposed Framework is far from being detailed at a more granular level
  5. The ALAC is disappointed that the Framework as proposed in the Final Report has not built in any substantial way on the work undertaken by the DSSA Working Group apart from mentioning its work.