On 18 March 2010 07:23, Michele Neylon :: Blacknight <michele@blacknight.ie>wrote:
On 18 Mar 2010, at 06:51, Evan Leibovitch wrote:
I by no means consider myself skilled in Internet security; I am on the HSZ advisory group because I have some solid experience in designing and implementing professional certification programs. Right now the committee comprises many people from contracted parties, security-related consultancies, ICANN staff and others; the only two people serving the public interest on this committee -- from either ALAC or NCSG -- are myself and John Levine.
So registrars and registries exist in a vacuum and don't care about the public???
Based on many of the comments I've heard within the group that CONSTANTLY come back to arguing over first principles such as "mandatory versus optional" long after the rest of the group has decided and moved on, ducking behind legal arguments and pushing for an absolutely useless program that allows them to cherry-pick what measures they'll self-certify ... yes. At least in this context. There have been _many_ points in the group's discussions in which I found that the public interest was an afterthought ... if indeed a thought at all ... until I interjected. The contracted parties want something cheap and easy to implement, and by my own judgement absolutely do NOT have the public interest in mind in these discussions. John's reference, "race to the bottom", has been evident on more than one occasion. The very injection of the asinine "report card model" is evidence enough that expediency trumps utility or public interest, and it is from my POV mainly the contracted parties that have been championing this particular kind of absurdity. - Evan