Hey David, I am really happy to hear that, I possibly read too much into the statement, if we have good audit trails from a security standpoint then much of my comment is moot. If the issue is logging more than audit trailing then yes the situation is different I would still hope that a timeline that suits all parties can be achieved without compromising any of the SSR. -JG On 14/10/2015, 2:39 a.m., "David Conrad" <david.conrad@icann.org> wrote:
James,
On 10/13/15, 11:41 AM, "James Gannon" <james@cyberinvasion.net> wrote:
As a security guy in my day job I share your concern about the apparent/potential lack of an audit trail and transaction log for this system, I cannot see this being the case in reality given ICANNs recent security issues I would think that systems closest to the root would be heavily logged and tracked.
While I make no claim to being "a security guy" (I have a number of actual "security guys" reporting to me and I know what I don't know), I do have a bit of background in software engineering and software development management. I believe it would be a mistake to make assumptions about code based on nearly decade old third-hand hearsay about how that code has been implemented.
The point here is not about having an audit trail and transaction logging, both of which the existing Root Zone Management System has. The point is that the SLE Working Group has demanded metrics on actions that, in some cases, are not logged simply because we didn't see the need. For example, despite numerous arguments against it, the SLE Working Group has demanded we measure "The time the automation system takes from when the last required confirmation is received, until the business process logic progresses the request to the next logic state." From a conceptual point of view, currently in the RZMS code base when the last confirmation is received, a while loop conditional fails (that is, "do we have to wait more?") and the next logic state is entered. To implement this metric we will have to insert code immediately after the termination of the while loop and before the _immediate next executable statement_ which is the update of the logic state. I remain a bit mystified as to what this is supposed to measure, but at this point my job is to see that it is implemented in a way that doesn't impact the security and stability of ICANN's Root Zone Management System (not too hard in that particular case).
This is a troubling point and one that should be taken up by senior ICANN staff/board members if necessary and our co-chairs at the earliest possible juncture.
Feel free.
Regards, -drc