NOTES / PGA WG / 24 Sept 2024 (4 UTC)

1. Welcome

Welcome by Jordan Carter

2. Administrative matters

1. SOI updates

Jordan: as part of transparency and accountability we have to the community, please update your SOI

2. Workplan

Jordan: We thought about best method to explore the gaps, and test people#s views to test the gaps identified by IANA. We used it previously during ICANN meetings and will use it again. To bring the different viewpoints together. We will address 3 issues today. Then evaluate, consider where we are going with the ones we wish to discuss. Please see the table in the slides, and have a look at the plan. I will review after the meeting. Have we done all that needs to be done?

Bart: next meeting we will go through the overview of the applicable policies. Jordan cannot attend next meeting. Good to take stock, and use breakout room

Jordan: today we will use mentimeter. Make sure everyone#s voice is being heard.

If you have comments about the workplace, please send an email to the list

3. Discussion potential gaps identified by IANA

1. Method San Juan & Kigali outcomes (see PDF)

Bart: we did hypotheticals in San Juan. 2 of them. They map very well with 2 of the topics from Kim-s doc. We did polling via mentimeter. We repeated this in Kigali, based on the doc by Kim. Same series of questions, but refined. In Kigali we addressed a topic. First intro by Kim, and then we opened the floor for questions and comments. We will use the method from Kigali for the 3 topics we see. Basic method. In 4 weeks we will do the last 2 topics. One of the topics ia about a general policy. Probably something for a broader discussion.

The order of the topics is set by IANA

2. Topics for discussion: identified gaps from IANA perspective

Jordan: please log in to mentimeter

Abdalmonem: I will join shortly. Currently driving

• Local presence

Kim: text in RFC1591 mentions that at least the admin-c needs to reside in the country involved. Situation evolved. IANA, last 25 years, added interpretation to basic statements of policy. Turned them into workable versions of policy. Our interpretation is not that it is a person. Could be a company too, but with meaningful nexus to the country or territory 

Mechanism for accountability. Our interpretation: where is the ccdld manager located? The legal entity? The body? Not the contact person perse. As part of our assessment, we look at the operational characteristics of a ccTLD, where are the primary operations conducted. Could be a legal entity, but no operations in the country. Does not mean that all operations need to be in the country. For name servers, it is best practice to have them outside too, for resilience reasons. 

>>> Mentimeter is being used to collect questions and comments

e.g: I can see a legal reason, do not understand why tech ops should be local?

Kim: disaster recovery. Another area we see from time to time. Tech ops are not local in a meaningful way. The get might have a contract with a entity outside of the country. No local presence by the contractor. The gvt might want to move the operations to another operator. But outside of the jurisdiction. 

e.g. How can minimum operations locally be defined?

Kim: no highly prescriptive. We use common practices and own judgment. Is it aligned with common operations? 

e.g. compliance

Kim: see different question. Compliance generally. We provided council in the application phase. We do give the horror stories. Other countries regretted the loss of local control. IANA does not have tools in its toolbox to fix it. 

Jordan: first discuss whether it is a gap. Whether we should do sth about it is the next step

>>> Mentimeter used to assess importance

Peter: what type of local presence. Operationally?

Bart: the ccdld manager, the legal entity, that is the bare minimum

Kim: agree. 2 facets being looked at differently. Local accountability measure. Local law as appropriate. Are options available? No longer in jurisdiction? If the vendor, to the real world operations of the ccTLD, moves outside the country, there are limited options for the gvt to do sth about it. Seriously consider escrow. Make sure that you have regular copies of your essential business data. 

>>> is this a gap?

Peter: wording from RFC1591?

Claudia: at least the admin-c must reside in the country involved

Peter: I disagree. RFC is clear. Whether it is clear enough? Lacks any specifications on the local operations. There might be gap. But there is policy.

Bart: you do not tinker with RFC1591?

Peter: different question. From the follow-up intro that Kim gave, I agree there is something to look at. The way the question is formulated, I would disagree as well. What we have is not sufficient. 

• Minimum level of involvement

Kim: commonalities with previous issue. Operational complexity evolved since the early days. Managers to be responsible in a material was. That was the case in the 80ies and 90ies. That has evolved. Use of registry operators. Things continue to evolve. There are many different operating models. Where we see problems, is when the ccTLD manager does not have any responsibility. Passed on to a 3rd party. Different issues. The party we recognize as ccdld manager, is unresponsive to us regarding basic operational questions. Raises fundamental questions about the general eligibility policies. When we assess a ccdld manager transfer, if the party we asses is not going to run the ccTLD, what are we assessing? What if the change the vendor down the road? In some situations there was an explicit choice to delegate to an entity that passes all obligations to a party under contract, and then select another parts again. The way the policies are written, does not foresee that this scenario is proper. What are responsibilities of a ccdld manager? Different issues. 

>>> questions or comments?

e.g. percentage of ccTLDs that have an issue?

Kim: roughly 10%. Depends also on how you define issue.

Peter: issue with who has the final responsibility

Kim: the ccdld manager. clear. Sometimes they are only a conduit. Disparity between the obligations a ccdld manager as specified in RFC1591. We have no formal knowledge of who the this party is. no record in IANA

Diego: See chat. could be a lack in policy. Clear obligation for ccdld managers.

Cannot use menti

>>> assessing importance

Peter: multiple choice is weird. We need to order from very important to least important. Radio Button would have been better

Bart: we used this in San Juan and Kigali as well. 

Peter: people can choose both very important and not important at all. Just offer people one single choice, not multiple choice

>>> why did you rate the way you did?

See menti.

>>> does it illustrate a gap that needs to be filled?

Jordan: different ways of thinking about it

• Active compliance monitoring

Jordan: Defer to the next meeting

Bart: overall, does this work for you? Comments on the methodology?

Irina: menti as a tool is nice. It is not easily accessible from all over the world. It is not click and go. Could be an issue for others. 

Bart: would it be helpful to send the code before the meeting?

Irina: perhaps. At least we can try to prepare.

Bart: note about the questions.

Jordan: good experience. But some lessons learned. Experiment worth doing. 

4. Next meeting

8 October / Maria will chair the meeting. Jordan on leave

22 October

Action item #1

Jordan: take a look at the overview of polices, prior to the next meeting 

5. AOB

None

6. Closure

Thank you all.