Re: [Ssr2-review] Board letter on Subgroup 2's scope

Oct. 3, 2017

      0	*H÷
 010	+0	*H÷
 $Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0015_01D33CAA.B9ADD340"

This is a multipart message in MIME format.

------=_NextPart_000_0015_01D33CAA.B9ADD340
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: 8bit

Hello RT,

In principle, I agree with the position of the Board that SRR RT has no 
mandate to check the operational capability and safety of ICANN's internal 
systems. However, I personally do not know to what extent ICANN systems are 
used for operational tasks related to unique Internet identifiers. I believe 
that the meeting in Los Angeles will solve some of these dilemmas and will 
help us to include in the final report only the findings that are within our 
scope.

Also, in order to carry out tasks from the parts of the plan that are OKâed 
by the Board, some inputs are needed from those parts that they have 
identified as inadequate for the mission that this RT has. Basically I agree, 
having in mind short time left until LA meeting, that we continue as planned, 
and work with staff, Legal Dept. and the Board what should be in our final 
report and what is out of scope. Anyway, those findings that are not within RT 
mission, as stated in bylaws, may be useful for future improvements of the 
security and stability of  ICANN internal systems and processes.

Zarko

From: ssr2-review-bounces@icann.org [mailto:ssr2-review-bounces@icann.org] On 
Behalf Of Kaveh Ranjbar
Sent: Tuesday, October 3, 2017 10:58 PM
To: SSR2 Review Team Email List <ssr2-review@icann.org>
Subject: [Ssr2-review] Board letter on Subgroup 2's scope

Dear SSR2 Team,

Please find below a letter from the ICANN Board, indicating our concern on 
scope of Subgroup 2âs audit plan.

SSR2 will receive this letter through the standard board communication channel 
shortly, but in the meantime I thought it is good to share the text with you, 
since time is of essence.

Please let me know if you have any questions or comments.

All the best,

Kaveh.

=====

To: SSR2 Team Members

The ICANN Board recently examined the proposed work plan for SSR2âs Subteam 2 
on ICANN SSR, and has identified some areas of concern to flag for the broader 
Review Team.  The mandate of the SSR2, from the Bylaws, is to perform a review 
of âICANN's execution of its commitment to enhance the operational stability, 
reliability, resiliency, security, and global interoperability of the systems 
and processes, both internal and external, that directly affect and/or are 
affected by the Internet's system of unique identifiers that ICANN 
coordinates.â The SSR2âs working definitions, set out in the Terms of 
Reference, also affirms the focus of the SSR2âs work on the Internetâs unique 
identifiers:

*Security â The capacity to protect and prevent misuse of Internet unique 
identifiers;

*Stability â The capacity to ensure that the Identifier System operates as 
expected and that users of unique identifiers have confidence that the system 
operates as expected;

*Resiliency â The capacity of the Identifier System to effectively withstand, 
tolerate and survive malicious attacks and other disruptive events without 
disruption or cessation of service.

*Unique Identifiers - ICANNâs technical mission includes helping to 
coordinate, at the overall level, the allocation of the Internetâs system of 
unique identifiers: specifically, top-level domain names, blocks of Internet 
Protocol (IP) addresses and autonomous system (AS) numbers allocated to the 
Regional Internet Registries, and protocol parameters as directed by the IETF.

As the Board noted in its 23 June 2017 response to the Terms of Reference, the 
Board looks forward to providing further input once the SSR2âs work plan is 
finalized and adopted.  While the Board has not yet seen a final work plan for 
the review as a whole, our examination of the Subgroup 2 work plan on the 
performance of an audit over general ICANN security issues raised some scope 
concerns.

While we support the community in receiving information necessary to perform a 
full and meaningful review over ICANNâs SSR commitments, there are portions of 
the more detailed âauditâ plan that do not seem appropriate f
xor in-depth 
investigation by the subgroup.  Maintaining a plan to proceed with detailed 
assessments of these areas is likely to result in recommendations that are not 
tethered to the scope of the SSR review, and as such, may not be appropriate 
for Board acceptance when recommendations are issued.  This also can expand 
the time and resources needed to perform this part of the review.

The areas the Board is concerned with are areas that indeed raise important 
organizational information security and organizational oversight questions. 
However, these are also areas that are not segregated for community review, 
and are the responsibility of the ICANN Organization (through the CEO) to 
perform under the oversight of the ICANN Board.

 Specifically, we are concerned with

1- Perform an assessment of ICANN's Information Security Management System;

3- Perform a comprehensive assessment of ICANN's Risk Management Methodology 
and Framework;

5- Perform a comprehensive assessment of internal security, stability and 
resiliency of ICANN's operation processes and services; and

7- Perform an assessment how effectively ICANN has implemented its processes 
to ensure compliance regarding REGISTRAR agreement and the consensus policies.

 The Board also has concerns with two sub-questions under section two:

2.7       Business Continuity Plans (BCP)

2.8       Evaluation of Business Continuity Procedures

Understanding, at a high level, the work that ICANN does on many of these 
fronts could be helpful to give the RT a full picture of ICANNâs work.  That 
is much different from performing detailed assessments or audits of these 
items.

In advance of the Subteamâs visit to the ICANN office in Los Angeles in 
October 2017, the Subteam is encouraged to focus on narrowing the areas 
scheduled for fuller assessment to those that are more reasonably tethered to 
the expected mandate of the SSR2 team.  The Board supports an agenda that 
provides a high-level overview of multiple topics, while also focusing the 
Subteamâs face-to-face time primarily on those areas which are likely to lead 
to recommendations that are within the scope of the SSR2âs mandate.

The Board requests the SSR2 to revisit the Subteam 2 audit plan, as well as 
work plans across all the SSR2 Subteams, and provide updates on those plans. 
For Subteam 2, the Board requests confirmation of the restructuring of its 
work plan prior to the October 2017 face-to-face meeting.

=====

------=_NextPart_000_0015_01D33CAA.B9ADD340
Content-Type: text/html;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40"><head><meta =
http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8"><meta =
name=3DGenerator content=3D"Microsoft Word 15 (filtered =
medium)"><style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:"Roboto Light";
	panose-1:2 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:Consolas;
	panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
	{mso-style-name:msonormal;
	mso-margin-top-alt:auto;
	margin-right:0cm;
	mso-margin-bottom-alt:auto;
	margin-left:0cm;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:"Roboto Light";
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DSR-LATN-RS =
link=3Dblue vlink=3Dpurple><div class=3DWordSection1><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Roboto =
Light";mso-fareast-language:EN-US'>Hello RT,<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Roboto =
Light";mso-fareast-language:EN-US'><o:p> </o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Roboto =
Light";mso-fareast-language:EN-US'>In principle, I agree with the =
position of the Board that SRR RT has no mandate to check the =
operational capability and safety of ICANN's internal systems. However, =
I personally do not know to what extent ICANN systems are used for =
operational tasks related to unique Internet identifiers. I believe that =
the meeting in Los Angeles will solve some of these dilemmas and will =
help us to include in the final report only the findings that are within =
our scope.<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Roboto =
Light";mso-fareast-language:EN-US'><o:p> </o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Roboto =
Light";mso-fareast-language:EN-US'>Also, in order to carry out tasks =
from the parts of the plan that are OK=E2=80=99ed=C2=A0 by the Board, =
some inputs are needed from those parts that they have identified as =
inadequate for the mission that this RT has. Basically I agree, having =
in mind short time left until LA meeting, that we continue as planned, =
and work with staff, Legal Dept. and the Board what should be in our =
final report and what is out of scope. Anyway, those findings that are =
not within RT mission, as stated in bylaws, may be useful for future =
improvements of the security and stability of=C2=A0 ICANN internal =
systems and processes.<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Roboto =
Light";mso-fareast-language:EN-US'><o:p> </o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Roboto =
Light";mso-fareast-language:EN-US'>Zarko<o:p></o:p></span></p><p =
class=3DMsoNormal><a name=3D"_MailEndCompose"><span =
style=3D'font-family:"Roboto =
Light";mso-fareast-language:EN-US'><o:p> </o:p></span></a></p><span =
style=3D'mso-bookmark:_MailEndCompose'></span><div><div =
style=3D'border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm =
0cm 0cm'><p class=3DMsoNormal><b><span =
lang=3DEN-US>From:</span></b><span lang=3DEN-US> =
ssr2-review-bounces@icann.org [mailto:ssr2-review-bounces@icann.org] =
<b>On Behalf Of </b>Kaveh Ranjbar<br><b>Sent:</b> Tuesday, October 3, =
2017 10:58 PM<br><b>To:</b> SSR2 Review Team Email List =
<ssr2-review@icann.org><br><b>Subject:</b> [Ssr2-review] Board =
letter on Subgroup 2's scope<o:p></o:p></span></p></div></div><p =
class=3DMsoNormal><o:p> </o:p></p><div><div><p =
class=3DMsoNormal>Dear SSR2 Team,<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p> </o:p></p></div><div><p =
class=3DMsoNormal>Please find below a letter from the ICANN Board, =
indicating our concern on scope of Subgroup 2=E2=80=99s audit =
plan.<o:p></o:p></p></div><div><p class=3DMsoNormal>SSR2 will receive =
this letter through the standard board communication channel shortly, =
but in the meantime I thought it is good to share the text with you, =
since time is of essence.<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p> </o:p></p></div><div><p =
class=3DMsoNormal>Please let me know if you have any questions or =
comments.<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p> </o:p></p></div><div><p =
class=3DMsoNormal>All the best,<o:p></o:p></p></div><div><p =
class=3DMsoNormal>Kaveh.<o:p></o:p></p></div></div><div><p =
class=3DMsoNormal><o:p> </o:p></p></div><div><p =
class=3DMsoNormal>=3D=3D=3D=3D=3D<o:p></o:p></p></div><div><p =
class=3DMsoNormal><span lang=3DEN-US>To: SSR2 Team =
Members</span><o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p> </o:p></p></div><div><p =
class=3DMsoNormal><span lang=3DEN-US>The ICANN Board recently examined =
the proposed work plan for SSR2=E2=80=99s Subteam 2 on ICANN SSR, and =
has identified some areas of concern to flag for the broader Review =
Team.  The mandate of the SSR2, from the Bylaws, is to perform a =
review of </span><span =
style=3D'color:#333333;background:white'>=E2=80=9C</span>ICANN<span =
style=3D'color:#333333;background:white'>'s execution of its commitment =
to enhance the operational stability, reliability, resiliency, security, =
and global interoperability of the systems and processes, both internal =
and external, that directly affect and/or are affected by the Internet's =
system of unique identifiers that </span>ICANN<span =
style=3D'color:#333333;background:white'> coordinates.=E2=80=9D The =
SSR2=E2=80=99s working definitions, set out in the Terms of Reference, =
also affirms the focus of the SSR2=E2=80=99s work on the =
Internet=E2=80=99s unique =
identifiers:</span><o:p></o:p></p></div><div><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;margin-right:63.0pt;mso-margin-bottom-al=
t:auto;margin-left:45.0pt;text-indent:-13.5pt;background:white'><span =
style=3D'font-size:10.0pt;font-family:Symbol;color:#333333'>=C2=B7</span>=
<span style=3D'color:#333333'>Security =E2=80=93 The capacity to protect =
and prevent misuse of Internet unique =
identifiers;</span><o:p></o:p></p><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;margin-right:63.0pt;mso-margin-bottom-al=
t:auto;margin-left:45.0pt;text-indent:-13.5pt;background:white'><span =
style=3D'font-size:10.0pt;font-family:Symbol;color:#333333'>=C2=B7</span>=
<span style=3D'color:#333333'>Stability =E2=80=93 The capacity to ensure =
that the Identifier System operates as expected and that users of unique =
identifiers have confidence that the system operates as =
expected;</span><o:p></o:p></p><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;margin-right:63.0pt;mso-margin-bottom-al=
t:auto;margin-left:45.0pt;text-indent:-13.5pt;background:white'><span =
style=3D'font-size:10.0pt;font-family:Symbol;color:#333333'>=C2=B7</span>=
<span style=3D'color:#333333'>Resiliency =E2=80=93 The capacity of the =
Identifier System to effectively withstand, tolerate and survive =
malicious attacks and other disruptive events without disruption or =
cessation of service.</span><o:p></o:p></p><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;margin-right:63.0pt;mso-margin-bottom-al=
t:auto;margin-left:45.0pt;text-indent:-13.5pt;background:white'><span =
style=3D'font-size:10.0pt;font-family:Symbol;color:#333333'>=C2=B7</span>=
<span style=3D'color:#333333'>Unique Identifiers - ICANN=E2=80=99s =
technical mission includes helping to coordinate, at the overall level, =
the allocation of the Internet=E2=80=99s system of unique identifiers: =
specifically, top-level domain names, blocks of Internet Protocol (IP) =
addresses and autonomous system (AS) numbers allocated to the Regional =
Internet Registries, and protocol parameters as directed by the =
IETF.</span><o:p></o:p></p><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;background:wh=
ite'><span style=3D'color:#333333'>As the Board noted in its 23 June =
2017 response to the Terms of Reference, the Board looks forward to =
providing further input once the SSR2=E2=80=99s work plan is finalized =
and adopted.  While the Board has not yet seen a final work plan =
for the review as a whole, our examination of the Subgroup 2 work plan =
on the performance of an audit over general ICANN security issues raised =
some scope concerns. </span><o:p></o:p></p><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>While we =
support the community in receiving information necessary to perform a =
full and meaningful review over ICANN=E2=80=99s SSR commitments, there =
are portions of the more detailed =E2=80=9Caudit=E2=80=9D plan that do =
not seem appropriate for in-depth investigation by the subgroup. =
 Maintaining a plan to proceed with detailed assessments of these =
areas is likely to result in recommendations that are not tethered to =
the scope of the SSR review, and as such, may not be appropriate for =
Board acceptance when recommendations are issued.  This also can =
expand the time and resources needed to perform this part of the =
review.<o:p></o:p></p><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>The areas =
the Board is concerned with are areas that indeed raise important =
organizational information security and organizational oversigh<span =
lang=3DEN-US>t</span> questions.  However, these are also areas =
that are not segregated for community review, and are the responsibility =
of the ICANN Organization (through the CEO) to perform under the =
oversight of the ICANN Board.<o:p></o:p></p><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> Specif=
ically, we are concerned with<o:p></o:p></p><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1=
8.0pt;text-autospace:none'><span lang=3DEN-US>1- Perform an assessment =
of ICANN's Information Security Management =
System;</span><o:p></o:p></p><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1=
8.0pt;text-autospace:none'><span lang=3DEN-US>3- Perform a comprehensive =
assessment of ICANN's Risk Management Methodology and =
Framework;</span><o:p></o:p></p><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1=
8.0pt;text-autospace:none'><span lang=3DEN-US>5- Perform a comprehensive =
assessment of internal security, stability and resiliency of ICANN's =
operation processes and services; and</span><o:p></o:p></p><p =
class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1=
8.0pt;text-autospace:none'><span lang=3DEN-US>7- Perform an assessment =
how effectively ICANN has implemented its processes to ensure compliance =
regarding REGISTRAR agreement and the consensus =
policies.</span><o:p></o:p><	 /p><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span =
lang=3DEN-US> </span>The Board also has concerns with two =
sub-questions under section two:<o:p></o:p></p><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-indent:3=
6.0pt;text-autospace:none'><span =
lang=3DEN-US>2.7       Business Continuity =
Plans (BCP)</span><o:p></o:p></p><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-indent:3=
6.0pt;text-autospace:none'><span =
lang=3DEN-US>2.8       Evaluation of =
Business Continuity Procedures</span> <o:p></o:p></p><p =
class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span =
lang=3DEN-US>Understanding, at a high level, the work that ICANN does on =
many of these fronts could be helpful to give the RT a full picture of =
ICANN=E2=80=99s work.  That is much different from performing =
detailed assessments or audits of these items. </span><o:p></o:p></p><p =
class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>In advance =
of the Subteam=E2=80=99s visit to the ICANN office in Los Angeles in =
October 2017, the Subteam is encouraged to focus on narrowing the areas =
scheduled for fuller assessment to those that are more reasonably =
tethered to the expected mandate of the SSR2 team.  The Board =
supports an agenda that provides a high-level overview of multiple =
topics, while also focusing the Subteam=E2=80=99s face-to-face time =
primarily on those areas which are likely to lead to recommendations =
that are within the scope of the SSR2=E2=80=99s =
mandate.<o:p></o:p></p><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>The Board =
requests the SSR2 to revisit the Subteam 2 audit plan, as well as work =
plans across all the SSR2 Subteams, and provide updates on those =
plans.  For Subteam 2, the Board requests confirmation of the =
restructuring of its work plan prior to the October 2017 face-to-face =
meeting.<o:p></o:p></p><div><p =
class=3DMsoNormal>=3D=3D=3D=3D=3D<o:p></o:p></p></div><p =
class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span =
lang=3DEN-US> </span><o:p></o:p></p></div></div></body></html>
------=_NextPart_000_0015_01D33CAA.B9ADD340--
 Ü0%0
 Pê<sºxp\>*0
	*H÷
0u10	UIL10U

StartCom Ltd.1)0'U StartCom Certification Authority1#0!UStartCom Class 1 Client CA0
170317095855Z
200617095855Z0l1&0$U
For login authentication only10Uzarko.kecic@rnids.rs1#0!	*H÷
	zarko.kecic@rnids.rs0"0
	*H÷
0
ÍÿbÜUò°X1üaD-ÞÿQDÙål²75ãû}óéPŸ?€>š8wtû®®&ð±,^±4ÿMq«àW`UÇ¬Ï1F²XŒžT¢Uh³°·äE({pkêÑy~ š*9M	
z6ú
+ÚåiM«ù(w¶¥ñQ3µæØ[cÿ=@@búývO8çG®]n£iÀ/Ù}éÀþëÝñÏâûyÂ©u"417Jšpl
D)rg?VÐà¹DÆÉÍÕI€ :Ni€D*€µ£ž0Ž0Uÿ 0U%0++0	U00U*Ùßu²ïY)DT±®AQ`0U#0$l9aŸI·F+É(µ'Hmh0o+c0a0$+0http://ocsp.startssl.com09+0-http://aia.startssl.com/certs/sca.client1.crt08U10/0- + )'http://crl.startssl.com/sca-client1.crl0U0zarko.kecic@rnids.rs0#U0http://www.startssl.com/0GU @0>0<+µ70-0++https://www.startssl.com/policy0
	*H÷
9L;Ç>ž/iÓÛ:Lo¥E!øñâåä©ûæWÛr%€5zý]j{Ë¿âbU³×8¢Dü±ž×ç¡PYÛ#ãÏ>í|6Üæ}s£$3ùcAðWM~ÄÁiÆæ
KÉgtœ r:®{(ûyx
ü{#]ÈåxKD>"aA3ÿËàáìBZmÎžæEýôL(kBIÈmY#82RßÉoeþœïP/?éKx//ÅD<¥+ºšì qjóv¡Xe/ÐB¯ÇfÛŒKöÙÚDÛŒŠÖzôÚý(<knÑFÃ0â0Ê k§}
×ÖQ
ùYäçŽá0
	*H÷
0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
151216010005Z
301216010005Z0u10	UIL10U

StartCom Ltd.1)0'U StartCom Certification Authority1#0!UStartCom Class 1 Client CA0"0
	*H÷
0
œ}Ú÷Ã¢}ö[ýÛ[_®uÀµ¯$¬»WyØ5ì	|Ì
Ðvün£qY§)\aL$dõÑY¢ÄG|B"äQûÇ€ÿÄ©æVDº#'ŒÁFØÌËÎ	ék9O_]*Ïz÷_kÏU.u3µör	#œ:Úáì²C<ožÆg íT)Ké
ÉXah8ËvÆ[²\KqídlOÁ)3+u7åJ5Ù"Á;[ÈvfÊL/"2Ï©²Jï#ð¡4×¬[¡UúÎ ÏTŒŠB, aŽË²ø¶¡a®7Há¯µ<ùÒöÞ=q³£d0`0Uÿ0U%0++0Uÿ0ÿ02U+0)0' % #!http://crl.startssl.com/sfsca.crl0f+Z0X0$+0http://ocsp.startssl.com00+0$http://aia.startssl.com/certs/ca.crt0U$l9aŸI·F+É(µ'Hmh0U#0Nï€@[¥i0Ê4hCÐA®ò0?U 80604U 0,0*+http://www.startssl.com/policy0
	*H÷
ã÷ì[á#'#œ4ðpnRÛ¡ØÐN®â`ì]K"#Hÿì*ß·Ô¹£Ï;UªÊA8òæìÒÍeg{°ozmY¥Á³E60æA·ß)wXRK¡6»c^ï-A¬œëlæãÈéà^ñŠ²k[ž³³':ŽG=¹á;¿oLv¿{µ$Bò³5ê;8Èb,ZPŒ4Âþ{o[-§à»¢jå	õå×m)ê¯Â[ë[þ«§Øý¢îüæ4	s.cà|ÀÒŽ¢v¡YLJ<À¡|ÖÉÓ¯gu±0ÓjéD2
@¶hÓl+:ÁjŸ\ìze_Öa@¢ìHyMŒHãIÀNxp£®K?ä%	ã€ºRC£÷×:=£?^ÐØ&ÿµ×ë7³ï¬mÂŽ)õÝ«AŒ2;E~ VœB²1ÌÍÌ$ÜEvcKjØ(Oæìo«ÙŸU`"$©Òa¥Ð;Ò¡×âjœ0Îý$&<ÂÐ$Û+Í/Áxjz°ùbþ,7}W*ð1ÒÜºÃûtŠDv#Õ8ÌK
%^ÀÎÒà¥£Pò>²é/iÓ?)yRÚuQá©ÿg^¢Æz÷çÅ`~ŒsPï9££0É0± 0
	*H÷
0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
060917194636Z
360917194636Z0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0"0
	*H÷
0
ÁÛ	ŒlF|x{µ3òrbÖÁ6 "$^ÎéwòC
¢d€Ì6ø8æ#ðnm±<Ýr£¡Ó=Ž3+Ó/¯þê°AYg¶Ä}
tÖyL7zß9RY÷ôFC€ÒÒÃqóub4º,îí4ÐÇÍR=º3ÖÝMÞ;JKÂ&/úµr5wÊ<]æÊá&6v\Ût%þíµ ÝxÊ-0-ryúFÖ*š¹Š«IåòïÝä
cSb©:ÌµfŠÂktä+áv>ŽmØöDásb;ÄŸ SV%lQ	÷ª«Ê¿výmóÛ¿=fŒVª¯H:Kß§XPÙ8u©[êCÿëèlMp[)eÝª]Ì¯1ìëÒèê{æn÷'fH×nBã?Þ!>{á
pûcªšlTŽ\%zÉ¢ÉŠ»,~^MXnî
Æ2ÿüôúÍnè6IŸHiÂM²iÁ
Öúy"H¿º{iøpÇúz7ØØ
ÒvOWÿ·ãÒÝïÂ`·g:ÝþªðÔr"ÎÆ¶ø¯ šÙûÆ¶µ\R<¶*s
³`òz/Û£nÿ&0õÝW¶=³¯+Å·vð¥Ö+*röã3]	Kß»tRK£R0N0U0ÿ0U®0UNï€@[¥i0Ê4hCÐA®ò0dU]0[0, * (&http://cert.startcom.org/sfsca-crl.crl0+ ) '%http://crl.startcom.org/sfsca-crl.crl0]U T0P0L+µ70;0/+#http://cert.startcom.org/policy.pdf05+)http://cert.startcom.org/intermediate.pdf0Ð+0Ã0' Start Commercial (StartCom) Ltd.0Limited Liability, read the section *Legal Limitations* of the StartCom Certification Authority Policy available at http://cert.startcom.org/policy.pdf0	`HøB08	`HøB
+)StartCom Free SSL Certification Authority0
	*H÷
lôf4õÐ^}
ìÚN8^ßŠ%K2Áè;ñ=ÝD	[I)Ëf·±÷%	<áÝ6+K»hÓ9f= &Çò9Q«{~ÕÎZäâWpiù^XŠ
ßE8
^WöbÇzæŒµòô©)ø²ãn(DÃÞ8©<¬CMdEÎÝ(©\òs{øè«±ó.\dns1:žŒ³ä}Q;ôMf{<íÓóePõ Ðu/¯ðêCøiyÄCFrãd6¯÷%8w~Ãkj¹ÃËDK¬xçÇ,KDÈ4R'Í
]ÁÕxòS2ÝfuÙµh(ûa.Ÿš8À¥gd./©pÇ|eõCT«Ý¥9`À4Ép,£õH{œ~k·ô";®øü*ÊúR ï¯KUëÁµð"¬4N&"¡,uJ·å}×ždÀ6ÒÉ/#	Á;sI£jWåÖxÅCcãMàw-áeriG	æV$û¿y©X.¹Ä	~ºm>²êJ9ØÐ+õ¿ìu¿Å	ÜU7âû7Cb ÊçVKeêþlÁ$$¡4ëÿ"®}?ñeQ
Š0j³ô
ürè^1ä0à00u10	UIL10U

StartCom Ltd.1)0'U StartCom Certification Authority1#0!UStartCom Class 1 Client CAPê<sºxp\>*0	+ /0	*H÷
	1	*H÷
0	*H÷
	1
171003225008Z0#	*H÷
	1×@%h}/Åö"Gº3-³So0	*H÷
	100	`He*0	`He0
*H÷
0	`He0*H÷
0
*H÷
@0+0	`He0	`He0	`He0	+7100u10	UIL10U

StartCom Ltd.1)0'U StartCom Certification Authority1#0!UStartCom Class 1 Client CAPê<sºxp\>*0*H÷
	1 0u10	UIL10U

StartCom Ltd.1)0'U StartCom Certification Authority1#0!UStartCom Class 1 Client CAPê<sºxp\>*0
	*H÷
zÍó¶4cÖ`¹gRZ.ÒÃÙMõ)!¶'îœF|oÓc>þÊêaa÷H{hµXŽH:«Çb9:/œãÁ
ŸÇÌ÷>±;¥©û	ªÅÊ}ÀLûdå K16ðñE_KÉj/úB#Á2¢pÂeŸ)äüûÓäÛ=Ÿé@+¯`~:§e_;ôÓšãäÏØB€ÖÛöH7ïQ€«xWîÔ^Î	bNŸmù]@$Ókhá|gDûÝ)³ÿÜSk©ÆÞ"quÃî²Ë6Gt%j "yn÷"_|_Ïç¡Q

Re: [Ssr2-review] Board letter on Subgroup 2's scope

Žarko Kecić