Dear All,
John Tomaszewski, Chief Counsel from TRUSTe will be joining our conference call tomorrow to share with us input from TRUSTe based on their experience with web privacy seal programs.

As a note, TRUSTe has advised that they do not intend to respond to our RFI.  They interpreted our RFI as more of "a pure audit function" and not aligned with the type of services they offer.

-Lynn

-------- Original Message --------
Subject: Re: ICANN RFI on High Security Zone Verification Program
From: Kevin Trilli <ktrilli@truste.com>
Date: Mon, December 13, 2010 7:53 pm
To: "lynn@goodsecurityconsulting.com Goodendorf"
<lynn@goodsecurityconsulting.com>
Cc: John Tomaszewski <johnt@truste.com>

Lynn

yes, would like a quick sync-up call before the call.  I'll give you a call.

John our Chief Counsel is going to be joining.  He has great experiencing describing the TRUSTe model from top-down globally.

Kevin



On Dec 13, 2010, at 4:35 PM, <lynn@goodsecurityconsulting.com> wrote:

Hi Kevin,
Checking back with you regarding the ICANN conference call this Wednesday at 9:30 am pacific time zone.

We have a conference bridge set up:
The number for the US is:
 1-866-692-5726  Passcode: HSTLD

If you would like to have a short chat tomorrow, I'm available.
Please feel free to call me on my cell phone: 404-333-3779.

Let me know if you plan to speak yourself or have someone else.
I would like to make a proper introduction so would like a few brief notes to do that.

Thanks again,
Lynn

-------- Original Message --------
Subject: Re: ICANN RFI on High Security Zone Verification Program
From: Kevin Trilli <ktrilli@truste.com>
Date: Wed, December 01, 2010 5:23 pm
To: "<lynn@goodsecurityconsulting.com>"
<lynn@goodsecurityconsulting.com>
Cc: Fran Maier <fran@truste.com>

Lynn:

Received, we'll have someone on the call for you if not myself.

I'll get back to you later this week....

Kevin

On Dec 1, 2010, at 2:02 PM, <lynn@goodsecurityconsulting.com> wrote:

Hi Kevin,
Thanks very much for your feedback about the ICANN RFI regarding High Security Top Level Domains.  We would greatly appreciate having you or someone from TRUSTe speak to our Advisory Group on a conference call, December 15.  We normally schedule the call at 9:00 am Pacific time/ noon, East Coast time.  But we could adjust the time of the call if needed.
(ICANN, as you may know, is headquartered there in California.)

As we finalize our recommendations to ICANN, the input, thinking and views of TRUSTe on these points would help us:
-how your seal programs work (at a high level)
-how you and others at TRUSTe interpreted our RFI - in particular, how it is different from your current programs.
-what would be the ideal way for ICANN to initiate this type of program
      
The concept we are exploring for ICANN would be a voluntary program for Top Level Domain owners and possibly for registries and registrars as well.  We want Top Level Domain owners who have invested in higher standards of security to be able to differentiate themselves in some way.  

As further explanation, so far, the interested parties for the RFI who have contacted ICANN are all auditors.  And to the disappointment of our Advisory Group, these audit groups have no interest in administering or overseeing a seal program, although they are interested in being "evaluators".  Your response that the RFI seemed to be a pure security audit function seems consistent.  So we feel we have missed something or perhaps have not approached this the best way.

Please feel free to call me with any questions or to discuss in more detail.
Lynn

Ms. Lynn Goodendorf, CIPP, CISSP
Good Security Consulting LLC
404-333-3779

-------- Original Message --------
Subject: Re: ICANN RFI on High Security Zone Verification Program
From: Kevin Trilli <ktrilli@truste.com>
Date: Mon, November 29, 2010 10:45 am
To: Craig Schwartz <craig.schwartz@icann.org>
Cc: Fran Maier <fran@truste.com>, "lynn@goodsecurityconsulting.com"
<lynn@goodsecurityconsulting.com>, Chris Babel <cbabel@truste.com>

Craig

Thanks for follow-up and apologies to Lynn and you for our delayed response.

The proposal for the RFI represents a pretty significant shift of our business towards a purer security audit functionality which requires a different strategic direction for TRUSTe.

As such we are not going to respond to the RFI.

As Lynn and I spoke, we are happy to help the committee with any info we could provide on running a commercial trustmark.  Please let us know if we can help you.

Thank you for your consideration.

Kevin 

On Nov 29, 2010, at 7:57 AM, "Craig Schwartz" <craig.schwartz@icann.org> wrote: