ICANN/GNSO GNSO Email List Archives

[council]


<<< Chronological Index >>>    <<< Thread Index >>>

RE: [council] FW: Joint Working Group to consider concept of DNS CERT


Chuck/Liz

I'll disagree a bit with both of you here a bit.

Liz, I think you find some significant policy work associated with a CERT's 
operation; scope; information access, control, and distribution; active and 
passive participation policy; some basic "rules of engagement" with different 
entities and SGs; etc.

Chuck, To me ICANN already has an operational component in both DNS and address 
management, and I think that those will continue to grow.  I will agree that a 
CERT may be more operationally traditional in staffing requirements but I 
believe there will be a growing number of DNS security events where ICANN will 
have to respond to have respond immediately with CERT-like actions and 
directions to preserve Internet SSR.

Food for thought.. we might want to consider a slightly different name as "DNS 
CERT" will generate some confusion with "DNS Certificates" which are often 
referred to as a "DNS Cert".  Just some thoughts, "ICANN ERT", "DNS ERT", 
"Internet ERT", etc.

Take care
Terry




-----Original Message-----
From: owner-council@xxxxxxxxxxxxxx [mailto:owner-council@xxxxxxxxxxxxxx] On 
Behalf Of Gomes, Chuck
Sent: Friday, June 11, 2010 9:03 PM
To: Liz Gasster; Tim Ruiz; GNSO Council 
Subject: RE: [council] FW: Joint Working Group to consider concept of DNS CERT


Thanks for the thoughtful response Liz.  The DNS-CERT certainly has lots of 
operational components.  In my personal opinion, that is one of the reasons why 
ICANN's involvement raises key issues because ICANN is not an operational 
organization.  That is not to say that ICANN cannot and should not play an 
important role but I think it does mean that the ICANN community should be 
involved in what that role should be because it does involve security policy.

Hopefully we can talk about this more.  I certainly do not have answers for all 
the questions but hopefully we can work together to find many of them.

Chuck

> -----Original Message-----
> From: Liz Gasster [mailto:liz.gasster@xxxxxxxxx]
> Sent: Friday, June 11, 2010 5:43 PM
> To: Gomes, Chuck; Tim Ruiz; GNSO Council
> Subject: RE: [council] FW: Joint Working Group to consider concept of
> DNS CERT
> 
> Chuck,
> 
> I understand that the DNS Cert could heavily impact GNSO stakeholders,
> but my thinking was that not every issue of significant impact to GNSO
> stakeholders is necessarily a policy issue.
> 
> Again, I understand that this could be a high priority for the
> community to discuss and have input into.  I wasn't making a value
> judgment on the level of importance or impact or whether a working
> group should be formed, but I see the DNS-CERT as an operational
> function.  To me the community consultation process would look at this
> as an operational practice, which may be more akin to comment on say,
> consultation on the strategic and operational plans or other ICANN non-
> policy programs.
> 
> I will give this further thought and would welcome the views of others.
> I may be projecting from my previous experience with several CERTS and
> CSIRTS as operational entities.
> 
> Thanks, Liz
> 
> -----Original Message-----
> From: Gomes, Chuck [mailto:cgomes@xxxxxxxxxxxx]
> Sent: Friday, June 11, 2010 1:33 PM
> To: Liz Gasster; Tim Ruiz; GNSO Council
> Subject: RE: [council] FW: Joint Working Group to consider concept of
> DNS CERT
> 
> Liz,
> 
> Do you really think that ICANN's involvement in a DNS-CERT does not
> have any policy development implications?  I would agree with you that
> it is not a typical GNSO policy development issue but it heavily
> impacts GNSO stakeholders.
> 
> Chuck
> 
> > -----Original Message-----
> > From: Liz Gasster [mailto:liz.gasster@xxxxxxxxx]
> > Sent: Friday, June 11, 2010 4:22 PM
> > To: Gomes, Chuck; Tim Ruiz; GNSO Council
> > Subject: RE: [council] FW: Joint Working Group to consider concept of
> > DNS CERT
> >
> > Tim, Chuck and all,
> >
> > If I may comment from a staff perspective, I agree that the
> > "prioritization" may not be an issue at the drafting team stage
> > assuming that volunteers prepare the charter, but I also agree with
> Tim
> > that prioritization would be needed in order to assure adequate GNSO
> > staff support for a new WG, given the current workload.
> >
> > Also, I know this is an important issue for the community, and staff
> > would of course support this group as requested by the SO/ACs to
> > facilitate community consultation as needed, but I would note that
> the
> > topic does not seem to be a policy development matter, which may be
> > relevant when the Council considers other GNSO "prioritization"
> > projects that are policy-related.
> >
> > Thanks, Liz
> >
> > -----Original Message-----
> > From: owner-council@xxxxxxxxxxxxxx [mailto:owner-
> > council@xxxxxxxxxxxxxx] On Behalf Of Gomes, Chuck
> > Sent: Friday, June 11, 2010 10:55 AM
> > To: Tim Ruiz; GNSO Council
> > Subject: RE: [council] FW: Joint Working Group to consider concept of
> > DNS CERT
> >
> >
> > As you know Tim, the request from the ccNSO came this week, so this
> > effort is not included in the prioritization exercise.  Going forward
> > we will need to decide whether we include DTs in this. For now, as
> long
> > as there are volunteers to work on this, it may be okay, and we seem
> to
> > have a lot of volunteers.
> >
> > Chuck
> >
> > > -----Original Message-----
> > > From: owner-council@xxxxxxxxxxxxxx [mailto:owner-
> > > council@xxxxxxxxxxxxxx] On Behalf Of Tim Ruiz
> > > Sent: Friday, June 11, 2010 12:45 PM
> > > To: GNSO Council
> > > Subject: RE: [council] FW: Joint Working Group to consider concept
> of
> > > DNS CERT
> > >
> > >
> > > How does this fit into our prioritization efforts? It's not on the
> > > current list of 15 projects. I would think that the RrSG would be
> > > interested in this effort, but I also think we need to figure out
> how
> > > it
> > > fits overall on the priority list. Of course, something we (RrSG)
> > noted
> > > when completed our ratings was that three or four of the listed
> > > projects
> > > are very near end.
> > >
> > > Tim
> > >
> > >
> > > -------- Original Message --------
> > > Subject: RE: [council] FW: Joint Working Group to consider concept
> of
> > > DNS CERT
> > > From: "Gomes, Chuck" <cgomes@xxxxxxxxxxxx>
> > > Date: Fri, June 11, 2010 10:05 am
> > > To: <KnobenW@xxxxxxxxxx>, <council@xxxxxxxxxxxxxx>
> > >
> > > I made similar points to Chris Wolf.  He understands that a charter
> > > cannot be completed before Brussels but would just like to see the
> > work
> > > getting started on the charter. I totally support your suggestion,
> > > i.e.,
> > > “The intention and the status could be announced by Chris and
> > yourself
> > > in Brussels and the chartering team could start drafting
> immediately
> > > afterwards.”, and believe he is comfortable with that as well.
> > >
> > > But I would like to identify all charter DT volunteers by then if
> not
> > > before if possible.
> > >
> > > Thanks for the good comments.
> > >
> > > Chuck
> > >
> > > From: KnobenW@xxxxxxxxxx [mailto:KnobenW@xxxxxxxxxx]
> > > Sent: Friday, June 11, 2010 10:50 AM
> > > To: Gomes, Chuck; council@xxxxxxxxxxxxxx
> > > Subject: AW: [council] FW: Joint Working Group to consider concept
> of
> > > DNS CERT
> > >
> > >
> > >
> > > I understand Chris' request but would like to ask if the time
> > pressure
> > > is that much that immediate action (before Brussels) is needed.
> > > We're really busy to cover all the more urgent items (e.g. New
> gTLDs,
> > > VI, PDP...) until that event.
> > >
> > > To avoid misunderstanding: there's great interest on CSG side to
> > > actively participate in a (pre-)WG offering technical, operational
> > and
> > > managerial expertise, as well for chartering. But I don't see
> > capacity
> > > available to be provided for immediate action.
> > >
> > >
> > > The intention and the status could be announced by Chris and
> yourself
> > > in
> > > Brussels and the chartering team could start drafting immediately
> > > afterwards.
> > >
> > >
> > > Regards
> > > Wolf-Ulrich
> > >
> > >
> > >
> > >
> > > Von: owner-council@xxxxxxxxxxxxxx [mailto:owner-
> > council@xxxxxxxxxxxxxx]
> > > Im Auftrag von Gomes, Chuck
> > > Gesendet: Freitag, 11. Juni 2010 03:41
> > > An: council@xxxxxxxxxxxxxx
> > > Betreff: [council] FW: Joint Working Group to consider concept of
> DNS
> > > CERT
> > > Wichtigkeit: Hoch
> > > I forwarded the following message to the Council the yesterday and
> > > added
> > > the topic to our agenda for our meeting under Other Business.
> > > Unfortunately, as we ran out of time, I failed to cover it.  My
> > intent
> > > was to simply ask if anyone objected to considering the formation
> of
> > a
> > > WG as described by Chris and if not, to request volunteers to start
> > > working on a possible charter with volunteers from the ccNSO.  So I
> > > will
> > > ask those questions now:
> > >
> > > 1.       Does anyone object to considering the formation of such a
> > WG?
> > > Note that we would not make an official decision to support such a
> WG
> > > until after we see a draft charter.  If anyone objects, please
> > > communicate your objection not later than next Wednesday, 16 June.
> > > 2.       Assuming there is no opposition, who would like to
> volunteer
> > > for the charter drafting team?  Note that this is not a request for
> > > volunteers for what might eventually be a WG, but only for a
> charter
> > > DT.
> > > Regarding question 2, there have already been some volunteers in
> > > response to my message yesterday:
> > >
> > > ·         Terry Davis (NCA)
> > > ·         Rafik Damik (NCSG)
> > > ·         Greg Aaron (RySG, Afilias)
> > > ·         Kathy Kleiman (RySG, PIR)
> > > ·         Keith Drazek (RySG, VeriSign).
> > > If anyone else wants to volunteer, please communicate your interest
> > on
> > > this list not later than next Wednesday, 16 June.  We will then
> > > communicate the names and contact information to the ccNSO.
> > >
> > > Thanks, Chuck
> > >
> > > From: Chris Disspain [mailto:ceo@xxxxxxxxxxx]
> > > Sent: Tuesday, June 08, 2010 9:54 PM
> > > To: Gomes, Chuck
> > > Cc: 'Cheryl Langdon-Orr'
> > > Subject: Joint Working Group to consider concept of DNS CERT
> > >
> > >
> > >
> > > Chuck,
> > >
> > > In our conversation last week we discussed the possibility of the
> > gNSO
> > > and ccNSO (along with other relevant ACs and independent experts)
> > > setting up the working group contemplated in the joint Chair’s
> letter
> > > to ICANN of 25 March 2010 as soon as possible.
> > >
> > > I put this proposal to the ccNSO council on our call of 8 June and
> > > confirm that the council has agreed that in the event of the
> proposal
> > > also being agreed by the gNSO council, a small joint drafting team
> > > should work before Brussels to draft the charter for the
> > establishment
> > > of a Working Group comprising representatives of ICANN’s Security
> and
> > > Stability Advisory Committee, Root Server System Advisory
> Committee,
> > > GAC, ALAC, CERT operators and ccTLD and gTLD managers to draw upon
> > > their
> > > collective expertise and to solicit their input on:
> > > ·         the broad concept of a DNS-CERT;
> > > ·         the current work being undertaken to mitigate DNS-related
> > > threats;
> > > ·         the actual level, frequency and severity of these
> threats;
> > > ·         the gaps (if any) in the current security response to DNS
> > > issues;
> > > ·         whether or not a DNS-CERT is a proposal they support; and
> > > ·         if so, the logistics of the proposal.
> > > The goal would be to have the charter approved by the ccNSO and
> gNSO
> > in
> > > Brussels if possible so that we can announce the formation of the
> > > working group. I’m guessing that formally the working group will
> need
> > > to be a joint gNSO ccNSO group (as the 2 relevant supporting
> > > organisations that can actually make policy) with the charter
> > mandating
> > > the involvement of the relevant ACs and outside experts.
> > >
> > > In the event that the gNSO council does approve the proposal then
> the
> > > action items will be a) to call for some volunteers to do the
> > drafting
> > > along with Bart Boswinkel as ccNSO staff and an equivalent gNSO
> > person
> > > and b) to approach the other ACs to inform them that this is
> > occurring.
> > >
> > > I understand your council meets on 10 June 2010 and look forward to
> > > hearing from you regarding your discussions.
> > >
> > > Cheers,
> > >
> > >
> > > Chris Disspain | Chief Executive Officer
> > > .au Domain Administration Ltd
> > > T: 1300 732 929 | F: 03 8341 4112
> > > E: ceo@xxxxxxxxxxx | W:www.auda.org.au
> > >
> > > auDA - The Australian Domain Name Administrator
> > >
> > >
> > > Important Notice - This email may contain information which is
> > > confidential and/or subject to legal privilege, and is intended for
> > the
> > > use of the named addressee only. If you are not the intended
> > recipient,
> > > you must not use, disclose or copy any part of this email. If you
> > have
> > > received this email by mistake, please notify the sender and delete
> > > this
> > > message immediately. Please consider the environment before
> printing
> > > this email.
> > >
> > >
> > >
> > > __________ Information from ESET Smart Security, version of virus
> > > signature database 5183 (20100608) __________
> > >
> > > The message was checked by ESET Smart Security.
> > >
> > > http://www.eset.com
> > >
> >







<<< Chronological Index >>>    <<< Thread Index >>>