Topic

Volunteers

# of outstanding questions

1. Perform a assessment of ICANN's Information Security Management System.

Jabhera M, Alain A,Noorul A

1

2. Perform a assessment of ICANN's Business Continuity Management System.

Boban K, Alain A

18

3. Perform a assessment of ICANN's Risk Management Methodology and Framework.

Laurin W, Boban K, Kerry-Ann B

7

4. Perform an how effectively ICANN has implemented its Security Incident Management and Response Processes to reduce (pro-active and reactive) the probability of DNS-related incidents.

Scott M, Noorul A

9

5. Perform a assessment of internal security, stability and resiliency of ICANN's operation processes and services.

Russ H, Kerry-Ann B (compliance), Naveed R

2

6. Perform an assessment on how effectively ICANN has implemented its processes around vetting registry operators and services concerning the New gTLD Delegation and Transition process.

Norm R, Ram P

2

7. Perform an assessment how effectively ICANN has implemented its processes to ensure compliance regarding registrar agreements and the consensus policies.

Denise M, Kerry-Ann B

12

Topic

Volunteers

# of questions outstanding

Section I: Root Zone Management

Data sharing/ data release

KC

0

BC - DR plan

Boban K, Zarko K

0

Name Collision

Denise M

0

Root zone change management (Verification, etc.)

Laurin W, Boban K

2

TLD label management

Boban K, Laurin W

2

NS / DS record management

Boban K, Laurin W

0 + 2

Section II: Root server system (e.g. l-root)

Best practice + System hardening of l-root

Alain A, Naveed R

0

Comment on  RSSAC document around proposed governance model for the root servers environment

KC, Alain A, Naveed R

0

Section III: Alternate Root Deployment & Co-existence

Accountability & Transparency with respect to risks and benefits - annual report

Eric O, Naveed R

0

Section IV: SSR Measurements

SLA compliance (SLAs for what? with whom?)

Kerry-Ann B

0

Propagation delay and consistency of changes of zone contents across name servers

Eric O, KC

0

IANA registry availability measurements - security

Scott M

0

Identify KPI for SSR measurements

Eric, KC, Laurin, Naveed R

0

Section V: Namespace Abuse

Transparency with respect to abuse (is this DAAR?)

Denise M, KC, Jabhera M, Norm R

0

Reactive vs. proactive compliance - one-off complaints response vs. data driven priorities

Proactive anti-abuse by registrars and registries

Denise M, Kerry--Ann B, Norm R, Laurin W, Eric O

0

Leadership: Give ICANN compliance a “big stick” to lead abuse remediation initiatives and take action

Laurin W, Norm R, KC, Denise M

0

IDN domain names (glyph phish)

Russ H, Laurin W

2

Section VI: Software interop

Testbed of software variants (NS / resolver / etc.) for regression testing

Eric O, Laurin W

0

Topic

Volunteers

# of questions outstanding

Coalescence of registrars/registry/backend operators for multiple TLDs

Eric O, Denise M, Norm R, Boban K

6

Access to data, info, research on important abuse attack vectors

Laurin W, Norm R, Denise M, Eric O, Scott M, Jabhera M, KC

1

New crypto-systems in DNSSEC (ECC + PQ)

Eric O, Russ H, Ram P, Laurin W, Alain A

1

New uses for DNS (IoT etc.)

Laurin W, Eric O, Kerry-Ann B, Naveed R

0

Alternate naming systems (interactions, conflicts etc)

Norm R, Laurin W, Eric O

1

Root server system protection: assess the threatscape of top threats (e.g. DDoS to the root system)

Kerry-Ann B, Eric O, Norm R, Laurin W, Noorul A

2

Privacy protections

Kerry-Ann B, Eric O, Norm R, Laurin W, Noorul A

1 clarification requested