Please note the following response that Chris, Cheryl and I sent to Thomas Narten in follow-up to an email he sent as in his capacity as a Board liaison regarding our letter about the DNS-CERT. Chuck -----Original Message----- From: Chris Disspain [mailto:ceo@auda.org.au] Sent: Friday, April 09, 2010 3:45 AM To: 'Thomas Narten'; Gomes, Chuck; 'Cheryl Langdon-Orr' Subject: RE: Letter to board on DNS CERT WG Thomas, Given the 25 March letter to Peter and Rod was a joint ALAC, gNSO and ccNSO comment, we felt it appropriate for us to also collaborate on a response to your questions. To help clarify our concerns, we believe it is important to draw a distinction between ICANN's processes of "community interaction" and "public comment". We believe that, in releasing a draft proposal for a DNS-CERT, ICANN staff skipped a number of important steps in the bottom-up policy development process. Atypically, ICANN's first formal engagement on the issue was the proposal of a significantly developed solution to perceived DNS security problems. It skipped to the later public comment phase without first engaging the community in a dialogue regarding the nature of its concerns, an assessment of threats and vulnerabilities and collaborative consideration of possible solutions. When a significant issue is identified, the ICANN Board usually directs a group of relevant ICANN stakeholders to consider the matter at hand and develop a strategy for addressing it. Consistent with our proposal, this consultation often takes the form of a public forum at a physical ICANN meeting followed by the establishment of a cross-constituency Working Group. This represents a preliminary stage of "community interaction". While ICANN staff often develops an issues paper to support the group's work, we believe the current document does not meet this need. The Working Group should be tasked with identifying and developing responses to the questions that have already been addressed in the proposed DNSCERT plan - . What is the nature and extent of the problem? . Do current structures and efforts provide an adequate response? . If not, should a DNS-CERT be established? . What precisely to we mean by a "DNS-CERT"? . Should ICANN undertake this work? . What areas would the DNS-CERT work in? . Should it be established as a gTLD DNS-CERT and ccTLDs encouraged to participate? Only after this process has occurred, and a mitigation strategy developed, would ICANN seek "public comment" on any proposed solution. In summary, we share ICANN's view that the security and stability of the DNS is an important strategic priority. As such, if threats to the DNS are deemed to be severe enough and current response mechanisms inadequate, we would welcome community consideration of a proposed response, including the possibility of a DNS-CERT. We believe that ICANN's typical working methods have not been followed in the development of the DNS-CERT business case and, through our joint letter, are encouraging the ICANN Board and staff to take a step back to ensure that an appropriate, consensus-based, bottom-up policy development process is followed. We hope this clarifies our position though would be happy to discuss this with you, or any other Board member, in further detail. Regards, Chris Disspain, Cheryl Langdon-Orr and Chuck Gomes

-----Original Message----- From: Thomas Narten [mailto:narten@us.ibm.com] Sent: Sunday, 28 March 2010 05:06 To: Gomes, Chuck; Cheryl Langdon-Orr; Chris Disspain Subject: Letter to board on DNS CERT WG

Hi.

I read your letter with interest and would like to understand a bit better what is motivating it. I'm asking as an interested board member, trying to understand what the real underlying issue is.

The DNS CERT paper (as I understand it) is just a proposal. It would presumably go through a standard set of public discussions/feedback/etc. before ever going into effect. Would that not be sufficient to get community feedback? I.e, why form a joint WG? That isn't the normal response to proposals. What is different about this one that raises it to the level of needing a special WG?

Thanks!

Thomas

__________ Information from ESET Smart Security, version of virus signature database 4978 (20100326) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature database 5011 (20100408) __________ The message was checked by ESET Smart Security. http://www.eset.com