Rogue Operator Work Party Meeting Summary
The Rogue Operator Work Party met on 13 October during the ICANN Community Days sessions. Topics discussed: Document re-organization, emphasizing actions of an RSO versus non-RSO activity Scenarios that demonstrate violations of the guiding principles that would cause an RSO to be considered rogue Re-wording of “unofficial responses” to non-RSO responses to more accurately describe pitfalls in detecting rogue activity We encourage all RSSAC Caucus members to review and provide input to the document via the RSSAC Caucus mail list, by commenting in the document, or by participating in the next work party meeting scheduled for 24 November 2020. Working Document is at: https://docs.google.com/document/d/1yI2uCtTOo_TkwxmFzfOLxz37EHay089lnBppp-vz... Ken Renard S&TCD Contractor – ICF Sustaining Base Network Assurance Branch C5ISR Center, Space and Terrestrial Communications Directorate Office: 443-395-7809 kenneth.d.renard.ctr@mail.mil
Greetings again. An issue that came up in the work party call earlier this week was coming up with examples for the guiding principles from RSSAC037. The work party document currently lists only four of the eleven guiding principles from RSSAC037, two of which are easily measurable because they can be seen in responses to DNS queries from anywhere. A reader of the document would most likely ask "why just these four out of the eleven principles", so I believe we need a good answer. Some possible ways to deal with this are: - Only choose the principles for which rogueness is easily measured (#2 and #6) - List all principles and have examples for each - List a subset of principles, giving examples for each of those, but explain why that subset was chosen Of those, I somewhat prefer the first because it removes the judgement needed for the other principles. Having said that, I fully agree that all the other principles are important, so maybe the second option is a good choice if we can come up with at least one example of each. The third choice seems the hardest to make clear. Thoughts? --Paul Hoffman
On Oct 16, 2020, at 11:20 AM, Paul Hoffman <paul.hoffman@icann.org> wrote:
Greetings again. An issue that came up in the work party call earlier this week was coming up with examples for the guiding principles from RSSAC037. The work party document currently lists only four of the eleven guiding principles from RSSAC037, two of which are easily measurable because they can be seen in responses to DNS queries from anywhere.
A reader of the document would most likely ask "why just these four out of the eleven principles", so I believe we need a good answer. Some possible ways to deal with this are:
- Only choose the principles for which rogueness is easily measured (#2 and #6)
- List all principles and have examples for each
- List a subset of principles, giving examples for each of those, but explain why that subset was chosen
Of those, I somewhat prefer the first because it removes the judgement needed for the other principles. Having said that, I fully agree that all the other principles are important, so maybe the second option is a good choice if we can come up with at least one example of each. The third choice seems the hardest to make clear.
Thoughts?
Paul, I don't think it makes sense to include all 11 principles (and examples) in the rogue document. I think it would be hard to find good examples of going rogue for each of the 11 principles. The real question is whether to include only the "obvious" ones which are objective and as you say are easily measured, or to also include some of the more subjective principles. I lean towards omitting the subjective cases in this first revision, especially if no one is willing to contribute text for them. DW
Paul,
I don't think it makes sense to include all 11 principles (and examples) in the rogue document. I think it would be hard to find good examples of going rogue for each of the 11 principles.
The real question is whether to include only the "obvious" ones which are objective and as you say are easily measured, or to also include some of the more subjective principles.
I lean towards omitting the subjective cases in this first revision, especially if no one is willing to contribute text for them.
Duane, Going by what you’ve stated, of the four principles outlined in the WP document only principles #2 and #6 will stand this test as they are deemed “obvious”/objective since they are measurable. Does this mean, principles #7 and #11 which are more subjective should be omitted? Best, Paul M
On Nov 1, 2020, at 1:54 PM, Paul Muchene <Paul.Muchene@icann.org> wrote:
Paul,
I don't think it makes sense to include all 11 principles (and examples) in the rogue document. I think it would be hard to find good examples of going rogue for each of the 11 principles.
The real question is whether to include only the "obvious" ones which are objective and as you say are easily measured, or to also include some of the more subjective principles.
I lean towards omitting the subjective cases in this first revision, especially if no one is willing to contribute text for them.
Duane,
Going by what you’ve stated, of the four principles outlined in the WP document only principles #2 and #6 will stand this test as they are deemed “obvious”/objective since they are measurable. Does this mean, principles #7 and #11 which are more subjective should be omitted?
I think the work party should have this discussion about whether or not to include subjective principles. I also think it depends on who is the intended audience for this report. If the report is just sort of "RSSAC thinking out loud" and describing what it means to be rogue, then in my opinion it is probably fine to include subjective aspects. However, if this is intended to be advice to future root server governance bodies (e.g. the next phases of RSSAC037 & GWG work) then I think those bodies would have a very hard time acting on subjective aspects of rogueness. DW
On Nov 2, 2020, at 1:38 PM, Wessels, Duane <dwessels@verisign.com> wrote:
I think the work party should have this discussion about whether or not to include subjective principles.
I also think it depends on who is the intended audience for this report. If the report is just sort of "RSSAC thinking out loud" and describing what it means to be rogue, then in my opinion it is probably fine to include subjective aspects. However, if this is intended to be advice to future root server governance bodies (e.g. the next phases of RSSAC037 & GWG work) then I think those bodies would have a very hard time acting on subjective aspects of rogueness.
That's an excellent way to frame the question. Personally, I believe that any RSSAC document will likely be used as "advice to future root server governance bodies" (heck, even current root server governance bodies) regardless of what we want. Thus, we should likely be more narrow. This document could say "here is a list of subjective aspects of rogueness from RSAAC037 that might also be used if subjective measurements are desired". That is, let's not pretend that they weren't part of 037, let's instead do the delineation of them, giving the detail for non-subjective facets. --Paul Hoffman
participants (4)
-
Paul Hoffman -
Paul Muchene -
Renard, Kenneth D CTR USARMY CCDC C5ISR (USA) -
Wessels, Duane