Action Item from the SSR2 15 March 2017 Plenary
Per your request, here are the contact details for the two vendors who presented in the afternoon plenary session. SADAG researchers for the DNS Abuse Study Maciej Korczyński: maciej.korczynski@tudelft.nl<mailto:maciej.korczynski@tudelft.nl> Maarten Wullink: maarten.wullink@sidn.nl<mailto:maarten.wullink@sidn.nl> TNO researcher for the Root Zone Study Bart Gijsen at TNO: bart.gijsen@tno.nl<mailto:bart.gijsen@tno.nl>. For TNO, please let Eleeza Agopian <eleeza.agopian@icann.org<mailto:eleeza.agopian@icann.org>> know if you would like to get in touch with TNO. If you would like to arrange a longer discussion on either of the study’s on one of the SSR2 upcoming plenary calls, please let us know so arrangements can be made. Karen Mulberry Director, Multistakeholder Strategy and Strategic Initiatives (MSSI) ICANN 12025 Waterfront Dr., Suite 300 Los Angeles, CA 90094 Phone: +1 424 353 9745
Hi Karen, Also just putting in writing my request for John from the SSR side or the PTI team to set out the ownership and responsibility matrix for the KMFs as requested in the meeting. -james From: <ssr2-review-bounces@icann.org<mailto:ssr2-review-bounces@icann.org>> on behalf of Karen Mulberry <karen.mulberry@icann.org<mailto:karen.mulberry@icann.org>> Date: Friday 17 March 2017 at 10:36 To: SSR2 <ssr2-review@icann.org<mailto:ssr2-review@icann.org>> Cc: Eleeza Agopian <eleeza.agopian@icann.org<mailto:eleeza.agopian@icann.org>> Subject: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary Per your request, here are the contact details for the two vendors who presented in the afternoon plenary session. SADAG researchers for the DNS Abuse Study Maciej Korczyński: maciej.korczynski@tudelft.nl<mailto:maciej.korczynski@tudelft.nl> Maarten Wullink: maarten.wullink@sidn.nl<mailto:maarten.wullink@sidn.nl> TNO researcher for the Root Zone Study Bart Gijsen at TNO: bart.gijsen@tno.nl<mailto:bart.gijsen@tno.nl>. For TNO, please let Eleeza Agopian <eleeza.agopian@icann.org<mailto:eleeza.agopian@icann.org>> know if you would like to get in touch with TNO. If you would like to arrange a longer discussion on either of the study’s on one of the SSR2 upcoming plenary calls, please let us know so arrangements can be made. Karen Mulberry Director, Multistakeholder Strategy and Strategic Initiatives (MSSI) ICANN 12025 Waterfront Dr., Suite 300 Los Angeles, CA 90094 Phone: +1 424 353 9745
Hi James Thanks for this. Would you be able to spell out the acronyms for those members of the team who are less familiar with the ICANN environment? Best wishes Emily On Fri, Mar 17, 2017 at 11:00 AM, James Gannon <james@cyberinvasion.net> wrote:
Hi Karen,
Also just putting in writing my request for John from the SSR side or the PTI team to set out the ownership and responsibility matrix for the KMFs as requested in the meeting.
-james
From: <ssr2-review-bounces@icann.org> on behalf of Karen Mulberry < karen.mulberry@icann.org> Date: Friday 17 March 2017 at 10:36 To: SSR2 <ssr2-review@icann.org> Cc: Eleeza Agopian <eleeza.agopian@icann.org> Subject: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary
Per your request, here are the contact details for the two vendors who presented in the afternoon plenary session.
SADAG researchers for the DNS Abuse Study
Maciej Korczyński: maciej.korczynski@tudelft.nl
Maarten Wullink: maarten.wullink@sidn.nl
TNO researcher for the Root Zone Study
Bart Gijsen at TNO: bart.gijsen@tno.nl.
For TNO, please let Eleeza Agopian <eleeza.agopian@icann.org> know if you would like to get in touch with TNO.
If you would like to arrange a longer discussion on either of the study’s on one of the SSR2 upcoming plenary calls, please let us know so arrangements can be made.
*Karen Mulberry*
Director, Multistakeholder Strategy and Strategic Initiatives (MSSI)
*ICANN*
12025 Waterfront Dr., Suite 300
Los Angeles, CA 90094
Phone: +1 424 353 9745 <(424)%20353-9745>
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
-- Emily Taylor CEO, Oxford Information Labs *Associate Fellow, Chatham House; Editor, Journal of Cyber Policy* *PLEASE NOTE MY NEW EMAIL ADDRESS AND CONTACTS AS OF 1 JANUARY 2017* Magdalen Centre, Oxford OX4 4GA | T: 01865 582885 E: emily.taylor@oxil.co.uk | D: 01865 582811 | M: +44 7540 049322 <http://explore.tandfonline.com/cfp/pgas/rcyb-cfp-2017> Registered office: 37 Market Square, Witney, Oxfordshire OX28 6RE. Registered in England and Wales No. 4520925. VAT No. 799526263 .
Apologies! So the KMFs are the Key Management Facilities that are used to store and operate the extremely important set of private keys that sign the root zone of the internet for the DNSSEC. https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en You can see what the facilities look like and one of the high trust ceremonies being performed at https://www.iana.org/dnssec/ceremonies/28 They are one of the few physical facilities that have extremely high security requirements and it would be useful for the team to understand where the contract for management of the KMFs stands and did it transfer to PTI as part of the IANA transition, as when it comes to the DNSSEC and the Key Ceremonies we still have a lot of overlap. -James From: Emily Taylor <emily.taylor@oxil.co.uk<mailto:emily.taylor@oxil.co.uk>> Date: Friday 17 March 2017 at 12:02 To: James Gannon <james@cyberinvasion.net<mailto:james@cyberinvasion.net>> Cc: Karen Mulberry <karen.mulberry@icann.org<mailto:karen.mulberry@icann.org>>, SSR2 <ssr2-review@icann.org<mailto:ssr2-review@icann.org>>, Eleeza Agopian <eleeza.agopian@icann.org<mailto:eleeza.agopian@icann.org>>, Elise Gerich <elise.gerich@iana.org<mailto:elise.gerich@iana.org>> Subject: Re: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary Hi James Thanks for this. Would you be able to spell out the acronyms for those members of the team who are less familiar with the ICANN environment? Best wishes Emily On Fri, Mar 17, 2017 at 11:00 AM, James Gannon <james@cyberinvasion.net<mailto:james@cyberinvasion.net>> wrote: Hi Karen, Also just putting in writing my request for John from the SSR side or the PTI team to set out the ownership and responsibility matrix for the KMFs as requested in the meeting. -james From: <ssr2-review-bounces@icann.org<mailto:ssr2-review-bounces@icann.org>> on behalf of Karen Mulberry <karen.mulberry@icann.org<mailto:karen.mulberry@icann.org>> Date: Friday 17 March 2017 at 10:36 To: SSR2 <ssr2-review@icann.org<mailto:ssr2-review@icann.org>> Cc: Eleeza Agopian <eleeza.agopian@icann.org<mailto:eleeza.agopian@icann.org>> Subject: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary Per your request, here are the contact details for the two vendors who presented in the afternoon plenary session. SADAG researchers for the DNS Abuse Study Maciej Korczyński: maciej.korczynski@tudelft.nl<mailto:maciej.korczynski@tudelft.nl> Maarten Wullink: maarten.wullink@sidn.nl<mailto:maarten.wullink@sidn.nl> TNO researcher for the Root Zone Study Bart Gijsen at TNO: bart.gijsen@tno.nl<mailto:bart.gijsen@tno.nl>. For TNO, please let Eleeza Agopian <eleeza.agopian@icann.org<mailto:eleeza.agopian@icann.org>> know if you would like to get in touch with TNO. If you would like to arrange a longer discussion on either of the study’s on one of the SSR2 upcoming plenary calls, please let us know so arrangements can be made. Karen Mulberry Director, Multistakeholder Strategy and Strategic Initiatives (MSSI) ICANN 12025 Waterfront Dr., Suite 300 Los Angeles, CA 90094 Phone: +1 424 353 9745<tel:(424)%20353-9745> _______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org<mailto:Ssr2-review@icann.org> https://mm.icann.org/mailman/listinfo/ssr2-review -- Emily Taylor CEO, Oxford Information Labs Associate Fellow, Chatham House; Editor, Journal of Cyber Policy PLEASE NOTE MY NEW EMAIL ADDRESS AND CONTACTS AS OF 1 JANUARY 2017 Magdalen Centre, Oxford OX4 4GA | T: 01865 582885 E: emily.taylor@oxil.co.uk<mailto:emily.taylor@oxil.co.uk> | D: 01865 582811 | M: +44 7540 049322 [https://s3-eu-west-1.amazonaws.com/static.oxil/oxil_logo-150x.png] [https://docs.google.com/a/oxil.co.uk/uc?id=0B7sS_6djDxsHNm92d21jM21HMDQ&expo...] <http://explore.tandfonline.com/cfp/pgas/rcyb-cfp-2017> Registered office: 37 Market Square, Witney, Oxfordshire OX28 6RE. Registered in England and Wales No. 4520925. VAT No. 799526263 .
Scope question: Is this an SSR of ICANN or an SSR of the PTI? I had thought this was a SSR of ICANN, and the PTI has its own independent existence, governance structures, and I presume the PTI Board will be responsible for conducting its own processes of periodic audit and review. If this is indeed the case, then I am hard pressed to understand why an ICANN SSR has any chartered responsibility to peer over the fence into the PTI’s space. If I have this all wrong, I’d appreciate a better understanding of exactly why the PTI falls into the scope of this ICANN-chartered SSR exercise before we rush into any studies of KMFs, key ceremonies and the like. kind regards, Geoff
On 17 Mar 2017, at 10:06 pm, James Gannon <james@cyberinvasion.net> wrote:
Apologies!
So the KMFs are the Key Management Facilities that are used to store and operate the extremely important set of private keys that sign the root zone of the internet for the DNSSEC. https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en
You can see what the facilities look like and one of the high trust ceremonies being performed at https://www.iana.org/dnssec/ceremonies/28
They are one of the few physical facilities that have extremely high security requirements and it would be useful for the team to understand where the contract for management of the KMFs stands and did it transfer to PTI as part of the IANA transition, as when it comes to the DNSSEC and the Key Ceremonies we still have a lot of overlap.
-James
From: Emily Taylor <emily.taylor@oxil.co.uk> Date: Friday 17 March 2017 at 12:02 To: James Gannon <james@cyberinvasion.net> Cc: Karen Mulberry <karen.mulberry@icann.org>, SSR2 <ssr2-review@icann.org>, Eleeza Agopian <eleeza.agopian@icann.org>, Elise Gerich <elise.gerich@iana.org> Subject: Re: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary
Hi James
Thanks for this. Would you be able to spell out the acronyms for those members of the team who are less familiar with the ICANN environment?
Best wishes
Emily
On Fri, Mar 17, 2017 at 11:00 AM, James Gannon <james@cyberinvasion.net> wrote: Hi Karen,
Also just putting in writing my request for John from the SSR side or the PTI team to set out the ownership and responsibility matrix for the KMFs as requested in the meeting.
-james
So my 2c on this is that PTI is a wholly owned subsidiary of ICANN with a huge amount of overlap in both administration, security management and indeed facilities and staff. To exclude PTI from scope would in my opinion leave us with an incomplete view of the landscape. And I can say when we designed PTI structures and governance we certainly never intended to have it excluded from the scope of the AoC review replacements. -James -----Original Message----- From: Geoff Huston [mailto:gih@apnic.net] Sent: Sunday, March 19, 2017 7:47 PM To: James Gannon <james@cyberinvasion.net> Cc: Emily Taylor <emily.taylor@oxil.co.uk>; SSR2 <ssr2-review@icann.org> Subject: Re: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary Scope question: Is this an SSR of ICANN or an SSR of the PTI? I had thought this was a SSR of ICANN, and the PTI has its own independent existence, governance structures, and I presume the PTI Board will be responsible for conducting its own processes of periodic audit and review. If this is indeed the case, then I am hard pressed to understand why an ICANN SSR has any chartered responsibility to peer over the fence into the PTI’s space. If I have this all wrong, I’d appreciate a better understanding of exactly why the PTI falls into the scope of this ICANN-chartered SSR exercise before we rush into any studies of KMFs, key ceremonies and the like. kind regards, Geoff
On 17 Mar 2017, at 10:06 pm, James Gannon <james@cyberinvasion.net> wrote:
Apologies!
So the KMFs are the Key Management Facilities that are used to store and operate the extremely important set of private keys that sign the root zone of the internet for the DNSSEC. https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en
You can see what the facilities look like and one of the high trust ceremonies being performed at https://www.iana.org/dnssec/ceremonies/28
They are one of the few physical facilities that have extremely high security requirements and it would be useful for the team to understand where the contract for management of the KMFs stands and did it transfer to PTI as part of the IANA transition, as when it comes to the DNSSEC and the Key Ceremonies we still have a lot of overlap.
-James
From: Emily Taylor <emily.taylor@oxil.co.uk> Date: Friday 17 March 2017 at 12:02 To: James Gannon <james@cyberinvasion.net> Cc: Karen Mulberry <karen.mulberry@icann.org>, SSR2 <ssr2-review@icann.org>, Eleeza Agopian <eleeza.agopian@icann.org>, Elise Gerich <elise.gerich@iana.org> Subject: Re: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary
Hi James
Thanks for this. Would you be able to spell out the acronyms for those members of the team who are less familiar with the ICANN environment?
Best wishes
Emily
On Fri, Mar 17, 2017 at 11:00 AM, James Gannon <james@cyberinvasion.net> wrote: Hi Karen,
Also just putting in writing my request for John from the SSR side or the PTI team to set out the ownership and responsibility matrix for the KMFs as requested in the meeting.
-james
Thank Geoff, The scope of our review is very important and I would appreciate if in the coming meeting we can have time to explore in detail the understanding of each review team on the scope of our work. Regards, Matogoro On Sun, Mar 19, 2017 at 10:46 PM, Geoff Huston <gih@apnic.net> wrote:
Scope question: Is this an SSR of ICANN or an SSR of the PTI?
I had thought this was a SSR of ICANN, and the PTI has its own independent existence, governance structures, and I presume the PTI Board will be responsible for conducting its own processes of periodic audit and review.
If this is indeed the case, then I am hard pressed to understand why an ICANN SSR has any chartered responsibility to peer over the fence into the PTI’s space.
If I have this all wrong, I’d appreciate a better understanding of exactly why the PTI falls into the scope of this ICANN-chartered SSR exercise before we rush into any studies of KMFs, key ceremonies and the like.
kind regards,
Geoff
On 17 Mar 2017, at 10:06 pm, James Gannon <james@cyberinvasion.net> wrote:
Apologies!
So the KMFs are the Key Management Facilities that are used to store and operate the extremely important set of private keys that sign the root zone of the internet for the DNSSEC. https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en
You can see what the facilities look like and one of the high trust ceremonies being performed at https://www.iana.org/dnssec/ceremonies/28
They are one of the few physical facilities that have extremely high security requirements and it would be useful for the team to understand where the contract for management of the KMFs stands and did it transfer to PTI as part of the IANA transition, as when it comes to the DNSSEC and the Key Ceremonies we still have a lot of overlap.
-James
From: Emily Taylor <emily.taylor@oxil.co.uk> Date: Friday 17 March 2017 at 12:02 To: James Gannon <james@cyberinvasion.net> Cc: Karen Mulberry <karen.mulberry@icann.org>, SSR2 < ssr2-review@icann.org>, Eleeza Agopian <eleeza.agopian@icann.org>, Elise Gerich <elise.gerich@iana.org> Subject: Re: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary
Hi James
Thanks for this. Would you be able to spell out the acronyms for those members of the team who are less familiar with the ICANN environment?
Best wishes
Emily
On Fri, Mar 17, 2017 at 11:00 AM, James Gannon <james@cyberinvasion.net> wrote: Hi Karen,
Also just putting in writing my request for John from the SSR side or the PTI team to set out the ownership and responsibility matrix for the KMFs as requested in the meeting.
-james
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
-- MATOGORO Jabhera Assistant Lecturer & Coordinator - Microsoft Innovation Center, Tanzania College of Informatics and Virtual Education The University of Dodoma (www.udom.ac.tz)
Hi Matagoro, Geoff, and James As Matagoro says, we'll be discussing the scope in our upcoming call(s) and it is very important that we get it right. Personally, I find the language of the bylaws rather confusing and complex, so it may be a challenge for us to define our scope. One aspect of the bylaws text which wasn't up on the walls during our brainstorming session is this preamble, which I believe is relevant to the discussions on the list, and our discussions on scope. I've highlighted some words: The Board shall cause a periodic review of ICANN’s execution of its commitment to enhance the operational stability, reliability, resiliency, security, and global interoperability of the systems and processes, both internal and* external*, that directly affect and/or are affected by the Internet’s system of unique identifiers that ICANN coordinates (“SSR Review”). My question is, what do you think 'external' means in this context? All the systems and processes *in the world* that directly affect and/or are affected by the Internet's system of unique identifiers that ICANN coordinates? The PTI? ICANN's external facing systems? Something else? Best wishes Emily On Mon, Mar 20, 2017 at 8:46 AM, Matogoro Jabera <jaberamatogoro@gmail.com> wrote:
Thank Geoff,
The scope of our review is very important and I would appreciate if in the coming meeting we can have time to explore in detail the understanding of each review team on the scope of our work.
Regards, Matogoro
On Sun, Mar 19, 2017 at 10:46 PM, Geoff Huston <gih@apnic.net> wrote:
Scope question: Is this an SSR of ICANN or an SSR of the PTI?
I had thought this was a SSR of ICANN, and the PTI has its own independent existence, governance structures, and I presume the PTI Board will be responsible for conducting its own processes of periodic audit and review.
If this is indeed the case, then I am hard pressed to understand why an ICANN SSR has any chartered responsibility to peer over the fence into the PTI’s space.
If I have this all wrong, I’d appreciate a better understanding of exactly why the PTI falls into the scope of this ICANN-chartered SSR exercise before we rush into any studies of KMFs, key ceremonies and the like.
kind regards,
Geoff
On 17 Mar 2017, at 10:06 pm, James Gannon <james@cyberinvasion.net> wrote:
Apologies!
So the KMFs are the Key Management Facilities that are used to store and operate the extremely important set of private keys that sign the root zone of the internet for the DNSSEC. https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en
You can see what the facilities look like and one of the high trust ceremonies being performed at https://www.iana.org/dnssec/ceremonies/28
They are one of the few physical facilities that have extremely high security requirements and it would be useful for the team to understand where the contract for management of the KMFs stands and did it transfer to PTI as part of the IANA transition, as when it comes to the DNSSEC and the Key Ceremonies we still have a lot of overlap.
-James
From: Emily Taylor <emily.taylor@oxil.co.uk> Date: Friday 17 March 2017 at 12:02 To: James Gannon <james@cyberinvasion.net> Cc: Karen Mulberry <karen.mulberry@icann.org>, SSR2 < ssr2-review@icann.org>, Eleeza Agopian <eleeza.agopian@icann.org>, Elise Gerich <elise.gerich@iana.org> Subject: Re: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary
Hi James
Thanks for this. Would you be able to spell out the acronyms for those members of the team who are less familiar with the ICANN environment?
Best wishes
Emily
On Fri, Mar 17, 2017 at 11:00 AM, James Gannon <james@cyberinvasion.net> wrote: Hi Karen,
Also just putting in writing my request for John from the SSR side or the PTI team to set out the ownership and responsibility matrix for the KMFs as requested in the meeting.
-james
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
-- MATOGORO Jabhera Assistant Lecturer & Coordinator - Microsoft Innovation Center, Tanzania College of Informatics and Virtual Education The University of Dodoma (www.udom.ac.tz)
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
-- Emily Taylor CEO, Oxford Information Labs *Associate Fellow, Chatham House; Editor, Journal of Cyber Policy* *PLEASE NOTE MY NEW EMAIL ADDRESS AND CONTACTS AS OF 1 JANUARY 2017* Magdalen Centre, Oxford OX4 4GA | T: 01865 582885 E: emily.taylor@oxil.co.uk | D: 01865 582811 | M: +44 7540 049322 <http://explore.tandfonline.com/cfp/pgas/rcyb-cfp-2017> Registered office: 37 Market Square, Witney, Oxfordshire OX28 6RE. Registered in England and Wales No. 4520925. VAT No. 799526263 .
When I read that sentence Emily I see "ICANN’s execution of its commitment.. . “ as being the subject of the sentence, rather than the systems and processes. i.e. a) what _exactly_ is ICANN’s commitment here in trying to look past the fluffy generic phrases and look at these commitments on more specific and tangible terms of expression in terms of process and programs, and b) how well is ICANN executing this commitment? So I’d like to think that the scope is about the scope of ICANN’s own commitments at this point in time. I’m sure there are many ways to interpret this sentence, but for me it begins and ends with ICANN’s current specific commitments. regards, Geoff
On 20 Mar 2017, at 7:53 pm, Emily Taylor <emily.taylor@oxil.co.uk> wrote:
Hi Matagoro, Geoff, and James
As Matagoro says, we'll be discussing the scope in our upcoming call(s) and it is very important that we get it right.
Personally, I find the language of the bylaws rather confusing and complex, so it may be a challenge for us to define our scope.
One aspect of the bylaws text which wasn't up on the walls during our brainstorming session is this preamble, which I believe is relevant to the discussions on the list, and our discussions on scope. I've highlighted some words:
The Board shall cause a periodic review of ICANN’s execution of its commitment to enhance the operational stability, reliability, resiliency, security, and global interoperability of the systems and processes, both internal and external, that directly affect and/or are affected by the Internet’s system of unique identifiers that ICANN coordinates (“SSR Review”).
My question is, what do you think 'external' means in this context? All the systems and processes in the world that directly affect and/or are affected by the Internet's system of unique identifiers that ICANN coordinates? The PTI? ICANN's external facing systems? Something else?
Best wishes
Emily
On Mon, Mar 20, 2017 at 8:46 AM, Matogoro Jabera <jaberamatogoro@gmail.com> wrote: Thank Geoff,
The scope of our review is very important and I would appreciate if in the coming meeting we can have time to explore in detail the understanding of each review team on the scope of our work.
Regards, Matogoro
On Sun, Mar 19, 2017 at 10:46 PM, Geoff Huston <gih@apnic.net> wrote: Scope question: Is this an SSR of ICANN or an SSR of the PTI?
I had thought this was a SSR of ICANN, and the PTI has its own independent existence, governance structures, and I presume the PTI Board will be responsible for conducting its own processes of periodic audit and review.
If this is indeed the case, then I am hard pressed to understand why an ICANN SSR has any chartered responsibility to peer over the fence into the PTI’s space.
If I have this all wrong, I’d appreciate a better understanding of exactly why the PTI falls into the scope of this ICANN-chartered SSR exercise before we rush into any studies of KMFs, key ceremonies and the like.
kind regards,
Geoff
On 17 Mar 2017, at 10:06 pm, James Gannon <james@cyberinvasion.net> wrote:
Apologies!
So the KMFs are the Key Management Facilities that are used to store and operate the extremely important set of private keys that sign the root zone of the internet for the DNSSEC. https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en
You can see what the facilities look like and one of the high trust ceremonies being performed at https://www.iana.org/dnssec/ceremonies/28
They are one of the few physical facilities that have extremely high security requirements and it would be useful for the team to understand where the contract for management of the KMFs stands and did it transfer to PTI as part of the IANA transition, as when it comes to the DNSSEC and the Key Ceremonies we still have a lot of overlap.
-James
From: Emily Taylor <emily.taylor@oxil.co.uk> Date: Friday 17 March 2017 at 12:02 To: James Gannon <james@cyberinvasion.net> Cc: Karen Mulberry <karen.mulberry@icann.org>, SSR2 <ssr2-review@icann.org>, Eleeza Agopian <eleeza.agopian@icann.org>, Elise Gerich <elise.gerich@iana.org> Subject: Re: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary
Hi James
Thanks for this. Would you be able to spell out the acronyms for those members of the team who are less familiar with the ICANN environment?
Best wishes
Emily
On Fri, Mar 17, 2017 at 11:00 AM, James Gannon <james@cyberinvasion.net> wrote: Hi Karen,
Also just putting in writing my request for John from the SSR side or the PTI team to set out the ownership and responsibility matrix for the KMFs as requested in the meeting.
-james
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
-- MATOGORO Jabhera Assistant Lecturer & Coordinator - Microsoft Innovation Center, Tanzania College of Informatics and Virtual Education The University of Dodoma (www.udom.ac.tz)
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
-- Emily Taylor CEO, Oxford Information Labs Associate Fellow, Chatham House; Editor, Journal of Cyber Policy
PLEASE NOTE MY NEW EMAIL ADDRESS AND CONTACTS AS OF 1 JANUARY 2017
Magdalen Centre, Oxford OX4 4GA | T: 01865 582885 E: emily.taylor@oxil.co.uk | D: 01865 582811 | M: +44 7540 049322
Registered office: 37 Market Square, Witney, Oxfordshire OX28 6RE. Registered in England and Wales No. 4520925. VAT No. 799526263
.
Hi Geoff I agree that "ICANN's execution of its commitments" is a key component of that sentence, and helps to limit the scope from boiling-the-ocean into something that's more organisationally focused. So, in that context, how would you view the word 'external'? Best Emily On Mon, Mar 20, 2017 at 9:54 AM, Geoff Huston <gih@apnic.net> wrote:
When I read that sentence Emily I see "ICANN’s execution of its commitment.. . “ as being the subject of the sentence, rather than the systems and processes.
i.e. a) what _exactly_ is ICANN’s commitment here in trying to look past the fluffy generic phrases and look at these commitments on more specific and tangible terms of expression in terms of process and programs,
and b) how well is ICANN executing this commitment?
So I’d like to think that the scope is about the scope of ICANN’s own commitments at this point in time. I’m sure there are many ways to interpret this sentence, but for me it begins and ends with ICANN’s current specific commitments.
regards,
Geoff
On 20 Mar 2017, at 7:53 pm, Emily Taylor <emily.taylor@oxil.co.uk> wrote:
Hi Matagoro, Geoff, and James
As Matagoro says, we'll be discussing the scope in our upcoming call(s) and it is very important that we get it right.
Personally, I find the language of the bylaws rather confusing and complex, so it may be a challenge for us to define our scope.
One aspect of the bylaws text which wasn't up on the walls during our brainstorming session is this preamble, which I believe is relevant to the discussions on the list, and our discussions on scope. I've highlighted some words:
The Board shall cause a periodic review of ICANN’s execution of its commitment to enhance the operational stability, reliability, resiliency, security, and global interoperability of the systems and processes, both internal and external, that directly affect and/or are affected by the Internet’s system of unique identifiers that ICANN coordinates (“SSR Review”).
My question is, what do you think 'external' means in this context? All the systems and processes in the world that directly affect and/or are affected by the Internet's system of unique identifiers that ICANN coordinates? The PTI? ICANN's external facing systems? Something else?
Best wishes
Emily
On Mon, Mar 20, 2017 at 8:46 AM, Matogoro Jabera < jaberamatogoro@gmail.com> wrote: Thank Geoff,
The scope of our review is very important and I would appreciate if in the coming meeting we can have time to explore in detail the understanding of each review team on the scope of our work.
Regards, Matogoro
On Sun, Mar 19, 2017 at 10:46 PM, Geoff Huston <gih@apnic.net> wrote: Scope question: Is this an SSR of ICANN or an SSR of the PTI?
I had thought this was a SSR of ICANN, and the PTI has its own independent existence, governance structures, and I presume the PTI Board will be responsible for conducting its own processes of periodic audit and review.
If this is indeed the case, then I am hard pressed to understand why an ICANN SSR has any chartered responsibility to peer over the fence into the PTI’s space.
If I have this all wrong, I’d appreciate a better understanding of exactly why the PTI falls into the scope of this ICANN-chartered SSR exercise before we rush into any studies of KMFs, key ceremonies and the like.
kind regards,
Geoff
On 17 Mar 2017, at 10:06 pm, James Gannon <james@cyberinvasion.net> wrote:
Apologies!
So the KMFs are the Key Management Facilities that are used to store and operate the extremely important set of private keys that sign the root zone of the internet for the DNSSEC. https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en
You can see what the facilities look like and one of the high trust ceremonies being performed at https://www.iana.org/dnssec/ceremonies/28
They are one of the few physical facilities that have extremely high security requirements and it would be useful for the team to understand where the contract for management of the KMFs stands and did it transfer to PTI as part of the IANA transition, as when it comes to the DNSSEC and the Key Ceremonies we still have a lot of overlap.
-James
From: Emily Taylor <emily.taylor@oxil.co.uk> Date: Friday 17 March 2017 at 12:02 To: James Gannon <james@cyberinvasion.net> Cc: Karen Mulberry <karen.mulberry@icann.org>, SSR2 < ssr2-review@icann.org>, Eleeza Agopian <eleeza.agopian@icann.org>, Elise Gerich <elise.gerich@iana.org> Subject: Re: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary
Hi James
Thanks for this. Would you be able to spell out the acronyms for those members of the team who are less familiar with the ICANN environment?
Best wishes
Emily
On Fri, Mar 17, 2017 at 11:00 AM, James Gannon < james@cyberinvasion.net> wrote: Hi Karen,
Also just putting in writing my request for John from the SSR side or the PTI team to set out the ownership and responsibility matrix for the KMFs as requested in the meeting.
-james
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
-- MATOGORO Jabhera Assistant Lecturer & Coordinator - Microsoft Innovation Center, Tanzania College of Informatics and Virtual Education The University of Dodoma (www.udom.ac.tz)
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
-- Emily Taylor CEO, Oxford Information Labs Associate Fellow, Chatham House; Editor, Journal of Cyber Policy
PLEASE NOTE MY NEW EMAIL ADDRESS AND CONTACTS AS OF 1 JANUARY 2017
Magdalen Centre, Oxford OX4 4GA | T: 01865 582885 E: emily.taylor@oxil.co.uk | D: 01865 582811 | M: +44 7540 049322
Registered office: 37 Market Square, Witney, Oxfordshire OX28 6RE. Registered in England and Wales No. 4520925. VAT No. 799526263
.
-- Emily Taylor CEO, Oxford Information Labs *Associate Fellow, Chatham House; Editor, Journal of Cyber Policy* *PLEASE NOTE MY NEW EMAIL ADDRESS AND CONTACTS AS OF 1 JANUARY 2017* Magdalen Centre, Oxford OX4 4GA | T: 01865 582885 E: emily.taylor@oxil.co.uk | D: 01865 582811 | M: +44 7540 049322 <http://explore.tandfonline.com/cfp/pgas/rcyb-cfp-2017> Registered office: 37 Market Square, Witney, Oxfordshire OX28 6RE. Registered in England and Wales No. 4520925. VAT No. 799526263 .
So I believe this question needs to go to either legal or finance as it pertains to where the ownership of the KMF sits, PTI vs ICANN etc Karen, maybe you and I can go over the list of questions this week and route them to the correct folks internally? I remember from the discussion that there were a couple of questions I could not give a definitive answer too as they fell outside my groups direct expertise. John Sent from my iPhone On Mar 17, 2017, at 4:06 AM, James Gannon <james@cyberinvasion.net<mailto:james@cyberinvasion.net>> wrote: Apologies! So the KMFs are the Key Management Facilities that are used to store and operate the extremely important set of private keys that sign the root zone of the internet for the DNSSEC. https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en You can see what the facilities look like and one of the high trust ceremonies being performed at https://www.iana.org/dnssec/ceremonies/28 They are one of the few physical facilities that have extremely high security requirements and it would be useful for the team to understand where the contract for management of the KMFs stands and did it transfer to PTI as part of the IANA transition, as when it comes to the DNSSEC and the Key Ceremonies we still have a lot of overlap. -James From: Emily Taylor <emily.taylor@oxil.co.uk<mailto:emily.taylor@oxil.co.uk>> Date: Friday 17 March 2017 at 12:02 To: James Gannon <james@cyberinvasion.net<mailto:james@cyberinvasion.net>> Cc: Karen Mulberry <karen.mulberry@icann.org<mailto:karen.mulberry@icann.org>>, SSR2 <ssr2-review@icann.org<mailto:ssr2-review@icann.org>>, Eleeza Agopian <eleeza.agopian@icann.org<mailto:eleeza.agopian@icann.org>>, Elise Gerich <elise.gerich@iana.org<mailto:elise.gerich@iana.org>> Subject: Re: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary Hi James Thanks for this. Would you be able to spell out the acronyms for those members of the team who are less familiar with the ICANN environment? Best wishes Emily On Fri, Mar 17, 2017 at 11:00 AM, James Gannon <james@cyberinvasion.net<mailto:james@cyberinvasion.net>> wrote: Hi Karen, Also just putting in writing my request for John from the SSR side or the PTI team to set out the ownership and responsibility matrix for the KMFs as requested in the meeting. -james From: <ssr2-review-bounces@icann.org<mailto:ssr2-review-bounces@icann.org>> on behalf of Karen Mulberry <karen.mulberry@icann.org<mailto:karen.mulberry@icann.org>> Date: Friday 17 March 2017 at 10:36 To: SSR2 <ssr2-review@icann.org<mailto:ssr2-review@icann.org>> Cc: Eleeza Agopian <eleeza.agopian@icann.org<mailto:eleeza.agopian@icann.org>> Subject: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary Per your request, here are the contact details for the two vendors who presented in the afternoon plenary session. SADAG researchers for the DNS Abuse Study Maciej Korczy?ski: maciej.korczynski@tudelft.nl<mailto:maciej.korczynski@tudelft.nl> Maarten Wullink: maarten.wullink@sidn.nl<mailto:maarten.wullink@sidn.nl> TNO researcher for the Root Zone Study Bart Gijsen at TNO: bart.gijsen@tno.nl<mailto:bart.gijsen@tno.nl>. For TNO, please let Eleeza Agopian <eleeza.agopian@icann.org<mailto:eleeza.agopian@icann.org>> know if you would like to get in touch with TNO. If you would like to arrange a longer discussion on either of the study's on one of the SSR2 upcoming plenary calls, please let us know so arrangements can be made. Karen Mulberry Director, Multistakeholder Strategy and Strategic Initiatives (MSSI) ICANN 12025 Waterfront Dr., Suite 300 Los Angeles, CA 90094 Phone: +1 424 353 9745<tel:(424)%20353-9745> _______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org<mailto:Ssr2-review@icann.org> https://mm.icann.org/mailman/listinfo/ssr2-review -- Emily Taylor CEO, Oxford Information Labs Associate Fellow, Chatham House; Editor, Journal of Cyber Policy PLEASE NOTE MY NEW EMAIL ADDRESS AND CONTACTS AS OF 1 JANUARY 2017 Magdalen Centre, Oxford OX4 4GA | T: 01865 582885 E: emily.taylor@oxil.co.uk<mailto:emily.taylor@oxil.co.uk> | D: 01865 582811 | M: +44 7540 049322 [https://s3-eu-west-1.amazonaws.com/static.oxil/oxil_logo-150x.png] [https://docs.google.com/a/oxil.co.uk/uc?id=0B7sS_6djDxsHNm92d21jM21HMDQ&expo...] <http://explore.tandfonline.com/cfp/pgas/rcyb-cfp-2017> Registered office: 37 Market Square, Witney, Oxfordshire OX28 6RE. Registered in England and Wales No. 4520925. VAT No. 799526263 . _______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org<mailto:Ssr2-review@icann.org> https://mm.icann.org/mailman/listinfo/ssr2-review
Hello, For DNSSEC, the "DNSSEC Practice Statement (DPS) "provides authoritative information on Key management, facilities and many others….. For the root, the DPS for the Root Zone KSK Operator describes how PTI performs this role and the relationship to ICANN. For example section 1.3.1 says: ===== 1.3.1. Root Zone Manager Public Technical Identifiers (PTI) performs the management of the DNS Root Zone. This role includes accepting change requests to the contents of the Root Zone from the Top Level Domain (TLD) Operators and validating those requests. After validation occurs, implementation is performed by the Root Zone Maintainer. PTI is an affiliate of the Internet Corporation for Assigned Names and Numbers (ICANN), and performs these functions under an "IANA Naming Functions" contract from ICANN using the facilities, property and staff of ICANN under a service agreement. ========== https://www.iana.org/dnssec/dps/ksk-operator/ksk-dps.txt On another note, page 7 of the ICANN SSR framework FY15-16 seems very clear: ===== Within its technical mission, ICANN’s SSR role encompasses three categories of responsibilities: 1.ICANN’s operational responsibilities (organizational risk management of internal operations including L-root, DNS operations, DNSSEC key signing operations, IANA functions, new TLD operations, Time Zone Database Management); 2. ICANN’s involvement as a coordinator, collaborator and facilitator with the global community in policy and technical matters related to the Internet's unique identifiers; 3.ICANN's engagement with others in the global Internet ecosystem. ======= https://www.icann.org/en/system/files/files/ssr-framework-fy15-16-30sep16-en... Hope this helps —Alain
On Mar 20, 2017, at 11:27 PM, John L. Crain <john.crain@icann.org> wrote:
So I believe this question needs to go to either legal or finance as it pertains to where the ownership of the KMF sits, PTI vs ICANN etc
Karen, maybe you and I can go over the list of questions this week and route them to the correct folks internally?
I remember from the discussion that there were a couple of questions I could not give a definitive answer too as they fell outside my groups direct expertise.
John
Sent from my iPhone
On Mar 17, 2017, at 4:06 AM, James Gannon <james@cyberinvasion.net> wrote:
Apologies!
So the KMFs are the Key Management Facilities that are used to store and operate the extremely important set of private keys that sign the root zone of the internet for the DNSSEC. https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en
You can see what the facilities look like and one of the high trust ceremonies being performed at https://www.iana.org/dnssec/ceremonies/28
They are one of the few physical facilities that have extremely high security requirements and it would be useful for the team to understand where the contract for management of the KMFs stands and did it transfer to PTI as part of the IANA transition, as when it comes to the DNSSEC and the Key Ceremonies we still have a lot of overlap.
-James
From: Emily Taylor <emily.taylor@oxil.co.uk> Date: Friday 17 March 2017 at 12:02 To: James Gannon <james@cyberinvasion.net> Cc: Karen Mulberry <karen.mulberry@icann.org>, SSR2 <ssr2-review@icann.org>, Eleeza Agopian <eleeza.agopian@icann.org>, Elise Gerich <elise.gerich@iana.org> Subject: Re: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary
Hi James
Thanks for this. Would you be able to spell out the acronyms for those members of the team who are less familiar with the ICANN environment?
Best wishes
Emily
On Fri, Mar 17, 2017 at 11:00 AM, James Gannon <james@cyberinvasion.net> wrote: Hi Karen,
Also just putting in writing my request for John from the SSR side or the PTI team to set out the ownership and responsibility matrix for the KMFs as requested in the meeting.
-james
From: <ssr2-review-bounces@icann.org> on behalf of Karen Mulberry <karen.mulberry@icann.org> Date: Friday 17 March 2017 at 10:36 To: SSR2 <ssr2-review@icann.org> Cc: Eleeza Agopian <eleeza.agopian@icann.org> Subject: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary
Per your request, here are the contact details for the two vendors who presented in the afternoon plenary session.
SADAG researchers for the DNS Abuse Study
Maciej Korczyński: maciej.korczynski@tudelft.nl
Maarten Wullink: maarten.wullink@sidn.nl
TNO researcher for the Root Zone Study
Bart Gijsen at TNO: bart.gijsen@tno.nl.
For TNO, please let Eleeza Agopian <eleeza.agopian@icann.org> know if you would like to get in touch with TNO.
If you would like to arrange a longer discussion on either of the study’s on one of the SSR2 upcoming plenary calls, please let us know so arrangements can be made.
Karen Mulberry
Director, Multistakeholder Strategy and Strategic Initiatives (MSSI)
ICANN
12025 Waterfront Dr., Suite 300
Los Angeles, CA 90094
Phone: +1 424 353 9745
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
-- Emily Taylor CEO, Oxford Information Labs Associate Fellow, Chatham House; Editor, Journal of Cyber Policy
PLEASE NOTE MY NEW EMAIL ADDRESS AND CONTACTS AS OF 1 JANUARY 2017
Magdalen Centre, Oxford OX4 4GA | T: 01865 582885 E: emily.taylor@oxil.co.uk | D: 01865 582811 | M: +44 7540 049322
Registered office: 37 Market Square, Witney, Oxfordshire OX28 6RE. Registered in England and Wales No. 4520925. VAT No. 799526263
.
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
participants (7)
-
ALAIN AINA -
Emily Taylor -
Geoff Huston -
James Gannon -
John L. Crain -
Karen Mulberry -
Matogoro Jabera