Re: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary
Hey all, So, one of the things that concerns me is that we might inadvertently try to draw boundaries around the problem space instead of the eventual recommendations. It seems to me that the problem space is as large as the systemic dependencies mandate it. That said, I think we were advised to try and make our recommendations actionable within ICANN’s remit, and we need to be on guard against trying to boil the ocean. What I’m trying to say is that if there are a lot of reasons that aspect _a_ of (say) the root servers is important for some reason that we can quantify, then _a_ is important, and we might want to study it (even if the reasons are external). Also, I hope this doesn’t seem overly pedantic, I think the disconnect here could be from the fact that the SSR team’s charter predates the PTI, right? I thought the SSR team was being convened to help provide some measure of oversight that doesn’t exist elsewhere, no? Regardless, my 0.02 is that it will be important to be flexible in what we assess as important, and then measured in our recommendations. Eric From: <ssr2-review-bounces@icann.org> on behalf of Emily Taylor <emily.taylor@oxil.co.uk> Date: Monday, March 20, 2017 at 5:58 AM To: Geoff Huston <gih@apnic.net> Cc: SSR2 <ssr2-review@icann.org> Subject: [EXTERNAL] Re: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary Hi Geoff I agree that "ICANN's execution of its commitments" is a key component of that sentence, and helps to limit the scope from boiling-the-ocean into something that's more organisationally focused. So, in that context, how would you view the word 'external'? Best Emily On Mon, Mar 20, 2017 at 9:54 AM, Geoff Huston <gih@apnic.net<mailto:gih@apnic.net>> wrote: When I read that sentence Emily I see "ICANN’s execution of its commitment.. . “ as being the subject of the sentence, rather than the systems and processes. i.e. a) what _exactly_ is ICANN’s commitment here in trying to look past the fluffy generic phrases and look at these commitments on more specific and tangible terms of expression in terms of process and programs, and b) how well is ICANN executing this commitment? So I’d like to think that the scope is about the scope of ICANN’s own commitments at this point in time. I’m sure there are many ways to interpret this sentence, but for me it begins and ends with ICANN’s current specific commitments. regards, Geoff
On 20 Mar 2017, at 7:53 pm, Emily Taylor <emily.taylor@oxil.co.uk<mailto:emily.taylor@oxil.co.uk>> wrote:
Hi Matagoro, Geoff, and James
As Matagoro says, we'll be discussing the scope in our upcoming call(s) and it is very important that we get it right.
Personally, I find the language of the bylaws rather confusing and complex, so it may be a challenge for us to define our scope.
One aspect of the bylaws text which wasn't up on the walls during our brainstorming session is this preamble, which I believe is relevant to the discussions on the list, and our discussions on scope. I've highlighted some words:
The Board shall cause a periodic review of ICANN’s execution of its commitment to enhance the operational stability, reliability, resiliency, security, and global interoperability of the systems and processes, both internal and external, that directly affect and/or are affected by the Internet’s system of unique identifiers that ICANN coordinates (“SSR Review”).
My question is, what do you think 'external' means in this context? All the systems and processes in the world that directly affect and/or are affected by the Internet's system of unique identifiers that ICANN coordinates? The PTI? ICANN's external facing systems? Something else?
Best wishes
Emily
On Mon, Mar 20, 2017 at 8:46 AM, Matogoro Jabera <jaberamatogoro@gmail.com<mailto:jaberamatogoro@gmail.com>> wrote: Thank Geoff,
The scope of our review is very important and I would appreciate if in the coming meeting we can have time to explore in detail the understanding of each review team on the scope of our work.
Regards, Matogoro
On Sun, Mar 19, 2017 at 10:46 PM, Geoff Huston <gih@apnic.net<mailto:gih@apnic.net>> wrote: Scope question: Is this an SSR of ICANN or an SSR of the PTI?
I had thought this was a SSR of ICANN, and the PTI has its own independent existence, governance structures, and I presume the PTI Board will be responsible for conducting its own processes of periodic audit and review.
If this is indeed the case, then I am hard pressed to understand why an ICANN SSR has any chartered responsibility to peer over the fence into the PTI’s space.
If I have this all wrong, I’d appreciate a better understanding of exactly why the PTI falls into the scope of this ICANN-chartered SSR exercise before we rush into any studies of KMFs, key ceremonies and the like.
kind regards,
Geoff
On 17 Mar 2017, at 10:06 pm, James Gannon <james@cyberinvasion.net<mailto:james@cyberinvasion.net>> wrote:
Apologies!
So the KMFs are the Key Management Facilities that are used to store and operate the extremely important set of private keys that sign the root zone of the internet for the DNSSEC. https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en
You can see what the facilities look like and one of the high trust ceremonies being performed at https://www.iana.org/dnssec/ceremonies/28
They are one of the few physical facilities that have extremely high security requirements and it would be useful for the team to understand where the contract for management of the KMFs stands and did it transfer to PTI as part of the IANA transition, as when it comes to the DNSSEC and the Key Ceremonies we still have a lot of overlap.
-James
From: Emily Taylor <emily.taylor@oxil.co.uk<mailto:emily.taylor@oxil.co.uk>> Date: Friday 17 March 2017 at 12:02 To: James Gannon <james@cyberinvasion.net<mailto:james@cyberinvasion.net>> Cc: Karen Mulberry <karen.mulberry@icann.org<mailto:karen.mulberry@icann.org>>, SSR2 <ssr2-review@icann.org<mailto:ssr2-review@icann.org>>, Eleeza Agopian <eleeza.agopian@icann.org<mailto:eleeza.agopian@icann.org>>, Elise Gerich <elise.gerich@iana.org<mailto:elise.gerich@iana.org>> Subject: Re: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary
Hi James
Thanks for this. Would you be able to spell out the acronyms for those members of the team who are less familiar with the ICANN environment?
Best wishes
Emily
On Fri, Mar 17, 2017 at 11:00 AM, James Gannon <james@cyberinvasion.net<mailto:james@cyberinvasion.net>> wrote: Hi Karen,
Also just putting in writing my request for John from the SSR side or the PTI team to set out the ownership and responsibility matrix for the KMFs as requested in the meeting.
-james
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org<mailto:Ssr2-review@icann.org> https://mm.icann.org/mailman/listinfo/ssr2-review
-- MATOGORO Jabhera Assistant Lecturer & Coordinator - Microsoft Innovation Center, Tanzania College of Informatics and Virtual Education The University of Dodoma (www.udom.ac.tz<http://www.udom.ac.tz>)
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org<mailto:Ssr2-review@icann.org> https://mm.icann.org/mailman/listinfo/ssr2-review
-- Emily Taylor CEO, Oxford Information Labs Associate Fellow, Chatham House; Editor, Journal of Cyber Policy
PLEASE NOTE MY NEW EMAIL ADDRESS AND CONTACTS AS OF 1 JANUARY 2017
Magdalen Centre, Oxford OX4 4GA | T: 01865 582885 E: emily.taylor@oxil.co.uk<mailto:emily.taylor@oxil.co.uk> | D: 01865 582811 | M: +44 7540 049322<tel:%2B44%207540%20049322>
Registered office: 37 Market Square, Witney, Oxfordshire OX28 6RE. Registered in England and Wales No. 4520925. VAT No. 799526263
.
-- Emily Taylor CEO, Oxford Information Labs Associate Fellow, Chatham House; Editor, Journal of Cyber Policy PLEASE NOTE MY NEW EMAIL ADDRESS AND CONTACTS AS OF 1 JANUARY 2017 Magdalen Centre, Oxford OX4 4GA | T: 01865 582885 E: emily.taylor@oxil.co.uk<mailto:emily.taylor@oxil.co.uk> | D: 01865 582811 | M: +44 7540 049322 [https://s3-eu-west-1.amazonaws.com/static.oxil/oxil_logo-150x.png] [https://docs.google.com/a/oxil.co.uk/uc?id=0B7sS_6djDxsHNm92d21jM21HMDQ&expo...] <http://explore.tandfonline.com/cfp/pgas/rcyb-cfp-2017> Registered office: 37 Market Square, Witney, Oxfordshire OX28 6RE. Registered in England and Wales No. 4520925. VAT No. 799526263 .
Hello All, While the scope of this review looks confusing, i do think we shall take it as it is. We have an organisation governed by a Bylaws which stated its vision, mission and so….. It also has 5-year strategic and operational plans, a SSR framework and produce annual reports. https://www.icann.org/resources/pages/governance/annual-report-en These are enough to tell what ICANN does and how we should read the followings: =========== 1- "The Board shall cause a periodic review of ICANN’s execution of its commitment to enhance the operational stability, reliability, resiliency, security, and global interoperability of the systems and processes, both internal and external, that directly affect and/or are affected by the Internet’s system of unique identifiers that ICANN coordinates (“SSR Review”)” 2- (ii) The issues that the review team for the SSR Review (“SSR Review Team”) may assess are the following: "(A) security, operational stability and resiliency matters, both physical and network, relating to the coordination of the Internet’s system of unique identifiers; (B) conformance with appropriate security contingency planning framework for the Internet’s system of unique identifiers; and (C) maintaining clear and globally interoperable security processes for those portions of the Internet’s system of unique identifiers that ICANN coordinates. (iii) The SSR Review Team shall also assess the extent to which ICANN has successfully implemented its security efforts, the effectiveness of the security efforts to deal with actual and potential challenges and threats to the security and stability of the DNS, and the extent to which the security efforts are sufficiently robust to meet future challenges and threats to the security, stability and resiliency of the DNS, consistent with ICANN’s Mission. (iv) The SSR Review Team shall also assess the extent to which prior SSR Review recommendations have been implemented and the extent to which implementation of such recommendations has resulted in the intended effect.” ==================== The SSR1 was conducted based on the AoC. Does the scope of the new SSR (Based of the new bylaw) different ?. We started this discussion and i think we should continue and conclude. ICANN was the IANA function operator. What changes with the IANA stewardship transition ? which changes are related to the SSR ? Hope this helps —Alain
On Mar 20, 2017, at 7:32 PM, Osterweil, Eric via Ssr2-review <ssr2-review@icann.org> wrote:
Hey all,
So, one of the things that concerns me is that we might inadvertently try to draw boundaries around the problem space instead of the eventual recommendations. It seems to me that the problem space is as large as the systemic dependencies mandate it. That said, I think we were advised to try and make our recommendations actionable within ICANN’s remit, and we need to be on guard against trying to boil the ocean. What I’m trying to say is that if there are a lot of reasons that aspect _a_ of (say) the root servers is important for some reason that we can quantify, then _a_ is important, and we might want to study it (even if the reasons are external).
Also, I hope this doesn’t seem overly pedantic, I think the disconnect here could be from the fact that the SSR team’s charter predates the PTI, right? I thought the SSR team was being convened to help provide some measure of oversight that doesn’t exist elsewhere, no?
Regardless, my 0.02 is that it will be important to be flexible in what we assess as important, and then measured in our recommendations.
Eric
From: <ssr2-review-bounces@icann.org> on behalf of Emily Taylor <emily.taylor@oxil.co.uk> Date: Monday, March 20, 2017 at 5:58 AM To: Geoff Huston <gih@apnic.net> Cc: SSR2 <ssr2-review@icann.org> Subject: [EXTERNAL] Re: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary
Hi Geoff
I agree that "ICANN's execution of its commitments" is a key component of that sentence, and helps to limit the scope from boiling-the-ocean into something that's more organisationally focused. So, in that context, how would you view the word 'external'?
Best
Emily
On Mon, Mar 20, 2017 at 9:54 AM, Geoff Huston <gih@apnic.net> wrote:
When I read that sentence Emily I see "ICANN’s execution of its commitment.. . “ as being the subject of the sentence, rather than the systems and processes.
i.e. a) what _exactly_ is ICANN’s commitment here in trying to look past the fluffy generic phrases and look at these commitments on more specific and tangible terms of expression in terms of process and programs,
and b) how well is ICANN executing this commitment?
So I’d like to think that the scope is about the scope of ICANN’s own commitments at this point in time. I’m sure there are many ways to interpret this sentence, but for me it begins and ends with ICANN’s current specific commitments.
regards,
Geoff
On 20 Mar 2017, at 7:53 pm, Emily Taylor <emily.taylor@oxil.co.uk> wrote:
Hi Matagoro, Geoff, and James
As Matagoro says, we'll be discussing the scope in our upcoming call(s) and it is very important that we get it right.
Personally, I find the language of the bylaws rather confusing and complex, so it may be a challenge for us to define our scope.
One aspect of the bylaws text which wasn't up on the walls during our brainstorming session is this preamble, which I believe is relevant to the discussions on the list, and our discussions on scope. I've highlighted some words:
The Board shall cause a periodic review of ICANN’s execution of its commitment to enhance the operational stability, reliability, resiliency, security, and global interoperability of the systems and processes, both internal and external, that directly affect and/or are affected by the Internet’s system of unique identifiers that ICANN coordinates (“SSR Review”).
My question is, what do you think 'external' means in this context? All the systems and processes in the world that directly affect and/or are affected by the Internet's system of unique identifiers that ICANN coordinates? The PTI? ICANN's external facing systems? Something else?
Best wishes
Emily
On Mon, Mar 20, 2017 at 8:46 AM, Matogoro Jabera <jaberamatogoro@gmail.com> wrote: Thank Geoff,
The scope of our review is very important and I would appreciate if in the coming meeting we can have time to explore in detail the understanding of each review team on the scope of our work.
Regards, Matogoro
On Sun, Mar 19, 2017 at 10:46 PM, Geoff Huston <gih@apnic.net> wrote: Scope question: Is this an SSR of ICANN or an SSR of the PTI?
I had thought this was a SSR of ICANN, and the PTI has its own independent existence, governance structures, and I presume the PTI Board will be responsible for conducting its own processes of periodic audit and review.
If this is indeed the case, then I am hard pressed to understand why an ICANN SSR has any chartered responsibility to peer over the fence into the PTI’s space.
If I have this all wrong, I’d appreciate a better understanding of exactly why the PTI falls into the scope of this ICANN-chartered SSR exercise before we rush into any studies of KMFs, key ceremonies and the like.
kind regards,
Geoff
On 17 Mar 2017, at 10:06 pm, James Gannon <james@cyberinvasion.net> wrote:
Apologies!
So the KMFs are the Key Management Facilities that are used to store and operate the extremely important set of private keys that sign the root zone of the internet for the DNSSEC. https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en
You can see what the facilities look like and one of the high trust ceremonies being performed athttps://www.iana.org/dnssec/ceremonies/28
They are one of the few physical facilities that have extremely high security requirements and it would be useful for the team to understand where the contract for management of the KMFs stands and did it transfer to PTI as part of the IANA transition, as when it comes to the DNSSEC and the Key Ceremonies we still have a lot of overlap.
-James
From: Emily Taylor <emily.taylor@oxil.co.uk> Date: Friday 17 March 2017 at 12:02 To: James Gannon <james@cyberinvasion.net> Cc: Karen Mulberry <karen.mulberry@icann.org>, SSR2 <ssr2-review@icann.org>, Eleeza Agopian <eleeza.agopian@icann.org>, Elise Gerich <elise.gerich@iana.org> Subject: Re: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary
Hi James
Thanks for this. Would you be able to spell out the acronyms for those members of the team who are less familiar with the ICANN environment?
Best wishes
Emily
On Fri, Mar 17, 2017 at 11:00 AM, James Gannon <james@cyberinvasion.net> wrote: Hi Karen,
Also just putting in writing my request for John from the SSR side or the PTI team to set out the ownership and responsibility matrix for the KMFs as requested in the meeting.
-james
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
-- MATOGORO Jabhera Assistant Lecturer & Coordinator - Microsoft Innovation Center, Tanzania College of Informatics and Virtual Education The University of Dodoma (www.udom.ac.tz)
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
-- Emily Taylor CEO, Oxford Information Labs Associate Fellow, Chatham House; Editor, Journal of Cyber Policy
PLEASE NOTE MY NEW EMAIL ADDRESS AND CONTACTS AS OF 1 JANUARY 2017
Magdalen Centre, Oxford OX4 4GA | T: 01865 582885 E: emily.taylor@oxil.co.uk | D: 01865 582811 | M: +44 7540 049322
Registered office: 37 Market Square, Witney, Oxfordshire OX28 6RE. Registered in England and Wales No. 4520925. VAT No. 799526263
.
-- Emily Taylor CEO, Oxford Information Labs Associate Fellow, Chatham House; Editor, Journal of Cyber Policy
PLEASE NOTE MY NEW EMAIL ADDRESS AND CONTACTS AS OF 1 JANUARY 2017
Magdalen Centre, Oxford OX4 4GA | T: 01865 582885 E: emily.taylor@oxil.co.uk | D: 01865 582811 | M: +44 7540 049322
Registered office: 37 Market Square, Witney, Oxfordshire OX28 6RE. Registered in England and Wales No. 4520925. VAT No. 799526263
.
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
participants (2)
-
ALAIN AINA -
Osterweil, Eric