Given this information, and the fact that every email that I recieve from anyone at iana.org <http://iana.org/> already has an S/MIME signature, I think we should drop the IANA portal recommendation altogether.
Maybe only for personal accounts? I have a mail from the Root Zone Management (rzm@iana.org) in my inbox. The mail contains a URL to confirm a change we initiated at IANA - in plain text. A signature (S/MIME or PGP) is also not available at the message.
I would also like to distinguish mail communication from Root Zone Management portal (https://rzm.iana.org/rzm/login). The portal should have a recommendation regarding a strong authentication procedure (currently username and password).
As the current system is outdated and a new system is being designed, i would assume that IANA team will take the necessary measures to meet the security requirements in the naming contract.
I would rather discuss ICANN providing a clear roadmap towards the implementation of the new system including the usual community input on the specifications and rollout of the new system
Alain: Can you write a clear question to ICANN Org to get the information you seek? We need to write it in a way that will not lead to follow-up questions or the schedule will be impacted. Russ