Suggested text for Rec 7 (TAC Security)
Hello Team, I am here to propose new text for our Recommendation #7 (was #3) which sets out security requirements for the TAC. Here is the current shared draft text: The Working Group recommends that ICANN org establish minimum requirements for the composition of the TAC (for example, minimum length, syntax, or entropy value) based on current applicable technical security standards. ICANN org may change these requirements in response to new or updated standards, but any changes to the requirements must go in effect with sufficient notification and time for contracted parties to implement the necessary updates. Here is my suggested updated version: The Working Group recommends that Registrars and Registry Operators follow best practices for the composition of the TAC (for example, minimum length, syntax, or entropy value) based on current applicable technical security standards such as RFC9154 or subsequent or similar RFCs. These best practices may be updated in response to new or updated standards as appropriate. Or if redline is preferred: The Working Group recommends that ICANN org establish minimum requirements Registrars and Registry Operators follow best practices for the composition of the TAC (for example, minimum length, syntax, or entropy value) based on current applicable technical security standards such as RFC9154 or subsequent or similar RFCs. These best practices may be updated ICANN org may change these requirements in response to new or updated standards as appropriate, but any changes to the requirements must go in effect with sufficient notification and time for contracted parties to implement the necessary updates. This has been discussed (with generally positive sentiment) in the CPH TechOps team. Thank you! -- Sarah Wyld, CIPP/E Policy & Privacy Manager Pronouns: she/they swyld@tucows.com
participants (1)
-
Sarah Wyld