==
Summary SECIR Conference Call #11
The ccNSO working group “Secure Email Communication for cccTLD Incident Response” (SECIR) held its eleventh conference call on Tue Feb 24. We had a somewhat longer conference call than usual in which we discussed the following topics:
(1) TLD-OPS status. The list of ccTLDs that have subscribed to the TLD-OPS list is growing slowly, but steadily. We currently have 29 ccTLDs on the list. The ccNSO Secretariat will continue to invite ccTLDs in the weeks ahead and the WG therefore requests
all IANA Admin Contacts to regularly check their admin email address.
(2) TLD-OPS subscription procedure. We decided to slightly update the part of the TLD-OPS subscription procedure that IANA Admin Contacts need to go through. The reason is that the ccNSO Secretariat reported that ccTLDs often cannot send emails from the
email address they use for their IANA Admin Contact because the address is an alias or forwarding address. This makes the subscription procedure for such ccTLDs less lightweight than we intended and also introduces an additional workload for the ccNSO Secretariat.
In the updated procedure, IANA Admin Contacts continue to receive an email from the ccNSO Secretariat that invites them to join the TLD-OPS list and that requests
them to send back the contact info of their ccTLD’s security and stability staff. The difference with the old procedure is that IANA Admin Contacts may now respond from a
personal email address, but in this case must copy (i.e., CC) their IANA admin email address. IANA Admin Contacts should, however, preferably respond from their admin email account
if this is possible.
The goal of the TLD-OPS subscription procedure is to ensure that only people who are responsible for the overall security and stability of their ccTLD and who have been authenticated as such by their IANA Admin Contact get on the list.
(3) SECIR roadmap. The Chair proposed a new roadmap for the SECIR WG, inspired by discussions in Singapore with the SSAC Chair, ICANN’s head of External Security, Stability & Resiliency, and IANA’s Director of TechnicaI Services. The WG approved the Chair’s
proposal, which consists of three key elements:
- The OPS-TLD list is the final implementation of the ccTLD Contact Repository, instead of an intermediary solution towards a more advanced system. The reason is that a mailing list is the lowest common denominator for all ccTLDs, which increases the changes
of getting them all on board.
- Secure communication facilities for the exchange of incident information are out of scope. The reason is that setting up the required encryption facilities is quite challenging for
some ccTLDs. The WG will therefore stick to “out-of-band” communication channels for the actual exchange of incident information, which is the WG’s current operating model.
- Interaction with the IANA database. IANA is planning to add “authorizing contacts” to their database in addition to the existing admin and tech contacts. The WG proposes to also add a ccTLD’s security and
stability contacts and that a follow-up WG defines the interaction between the TLD-OPS list and the new version of the IANA database, both in terms of technology
as well as in terms of processes.
The WG will expand on their roadmap in the WG's Final Report.
(4) Planning of outreach activities. We decided to organize two webinars in the next few weeks and to actively approach the Regional Organizations to get ccTLDs on the TLD-OPS list more quicky.
Our next conference call will take place in the week of Mar 16.
SECIR members: Erwin Lansing (.dk), Jacques Latour (.ca), Frederico Neves (.br), Abibu Ntahigiye (.tz), Geng-Da Tsai (.tw), and Cristian Hesselman (.nl, chair)