Emergency Changes in the Root Zone Database
Hi all, I have received some information from Kim in the meantime: The IANA Naming Function states that emergency changes should be completed within 12 hours. The SLAs and contracts are available at https://pti.icann.org/agreements (note the emergency SLA is in the contract itself, not the SLA annex) I personally see no need for any concrete recommendations regarding emergency changes (except the regular testing). SLA's are in place. We can therefore focus on the topics of integrity, authenticity and confidentiality within the communication process. Best regards, - Boban
Under Service levels in the naming agreement . Even made clear in the amendment to the contact https://www.icann.org/en/system/files/files/iana-naming-function-agreement-a... And there is a process for amending the service levels. thanks Boban. —Alain
On 5 Nov 2019, at 15:16, Boban Krsic <krsic@denic.de> wrote:
Hi all,
I have received some information from Kim in the meantime:
The IANA Naming Function states that emergency changes should be completed within 12 hours. The SLAs and contracts are available at https://pti.icann.org/agreements (note the emergency SLA is in the contract itself, not the SLA annex)
I personally see no need for any concrete recommendations regarding emergency changes (except the regular testing). SLA's are in place.
We can therefore focus on the topics of integrity, authenticity and confidentiality within the communication process.
Best regards,
- Boban
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
All: Given this information, and the fact that every email that I recieve from anyone at iana.org <http://iana.org/> already has an S/MIME signature, I think we should drop the IANA portal recommendation altogether. Russ
On Nov 5, 2019, at 11:29 AM, ALAIN AINA via Ssr2-review <ssr2-review@icann.org> wrote:
Under Service levels in the naming agreement . Even made clear in the amendment to the contact https://www.icann.org/en/system/files/files/iana-naming-function-agreement-a...
And there is a process for amending the service levels.
thanks Boban.
—Alain
On 5 Nov 2019, at 15:16, Boban Krsic <krsic@denic.de> wrote:
Hi all,
I have received some information from Kim in the meantime:
The IANA Naming Function states that emergency changes should be completed within 12 hours. The SLAs and contracts are available at https://pti.icann.org/agreements (note the emergency SLA is in the contract itself, not the SLA annex)
I personally see no need for any concrete recommendations regarding emergency changes (except the regular testing). SLA's are in place.
We can therefore focus on the topics of integrity, authenticity and confidentiality within the communication process.
Best regards,
- Boban
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Hi Russ, all, On 05.11.19 18:42, Russ Housley wrote:
Given this information, and the fact that every email that I recieve from anyone at iana.org <http://iana.org/> already has an S/MIME signature, I think we should drop the IANA portal recommendation altogether.
Maybe only for personal accounts? I have a mail from the Root Zone Management (rzm@iana.org) in my inbox. The mail contains a URL to confirm a change we initiated at IANA - in plain text. A signature (S/MIME or PGP) is also not available at the message. I would also like to distinguish mail communication from Root Zone Management portal (https://rzm.iana.org/rzm/login). The portal should have a recommendation regarding a strong authentication procedure (currently username and password). - Boban.
Okay. Let's focus on those two things, being clear that even automated email accounts should be signed. Russ
On Nov 5, 2019, at 3:49 PM, Boban Krsic <krsic@denic.de> wrote:
Hi Russ, all,
On 05.11.19 18:42, Russ Housley wrote:
Given this information, and the fact that every email that I recieve from anyone at iana.org <http://iana.org/> already has an S/MIME signature, I think we should drop the IANA portal recommendation altogether.
Maybe only for personal accounts? I have a mail from the Root Zone Management (rzm@iana.org) in my inbox. The mail contains a URL to confirm a change we initiated at IANA - in plain text. A signature (S/MIME or PGP) is also not available at the message.
I would also like to distinguish mail communication from Root Zone Management portal (https://rzm.iana.org/rzm/login). The portal should have a recommendation regarding a strong authentication procedure (currently username and password).
- Boban.
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
hello,
On 5 Nov 2019, at 20:49, Boban Krsic <krsic@denic.de> wrote:
Hi Russ, all,
On 05.11.19 18:42, Russ Housley wrote:
Given this information, and the fact that every email that I recieve from anyone at iana.org <http://iana.org/> already has an S/MIME signature, I think we should drop the IANA portal recommendation altogether.
Maybe only for personal accounts? I have a mail from the Root Zone Management (rzm@iana.org) in my inbox. The mail contains a URL to confirm a change we initiated at IANA - in plain text. A signature (S/MIME or PGP) is also not available at the message.
I would also like to distinguish mail communication from Root Zone Management portal (https://rzm.iana.org/rzm/login). The portal should have a recommendation regarding a strong authentication procedure (currently username and password).
As the current system is outdated and a new system is being designed, i would assume that IANA team will take the necessary measures to meet the security requirements in the naming contract. I would rather discuss ICANN providing a clear roadmap towards the implementation of the new system including the usual community input on the specifications and rollout of the new system Hope this helps —Alain
- Boban.
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Given this information, and the fact that every email that I recieve from anyone at iana.org <http://iana.org/> already has an S/MIME signature, I think we should drop the IANA portal recommendation altogether.
Maybe only for personal accounts? I have a mail from the Root Zone Management (rzm@iana.org) in my inbox. The mail contains a URL to confirm a change we initiated at IANA - in plain text. A signature (S/MIME or PGP) is also not available at the message.
I would also like to distinguish mail communication from Root Zone Management portal (https://rzm.iana.org/rzm/login). The portal should have a recommendation regarding a strong authentication procedure (currently username and password).
As the current system is outdated and a new system is being designed, i would assume that IANA team will take the necessary measures to meet the security requirements in the naming contract.
I would rather discuss ICANN providing a clear roadmap towards the implementation of the new system including the usual community input on the specifications and rollout of the new system
Alain: Can you write a clear question to ICANN Org to get the information you seek? We need to write it in a way that will not lead to follow-up questions or the schedule will be impacted. Russ
Russ,
On 12 Nov 2019, at 16:48, Russ Housley <housley@vigilsec.com> wrote:
Given this information, and the fact that every email that I recieve from anyone at iana.org <http://iana.org/> already has an S/MIME signature, I think we should drop the IANA portal recommendation altogether.
Maybe only for personal accounts? I have a mail from the Root Zone Management (rzm@iana.org) in my inbox. The mail contains a URL to confirm a change we initiated at IANA - in plain text. A signature (S/MIME or PGP) is also not available at the message.
I would also like to distinguish mail communication from Root Zone Management portal (https://rzm.iana.org/rzm/login). The portal should have a recommendation regarding a strong authentication procedure (currently username and password).
As the current system is outdated and a new system is being designed, i would assume that IANA team will take the necessary measures to meet the security requirements in the naming contract.
I would rather discuss ICANN providing a clear roadmap towards the implementation of the new system including the usual community input on the specifications and rollout of the new system
Alain:
Can you write a clear question to ICANN Org to get the information you seek? We need to write it in a way that will not lead to follow-up questions or the schedule will be impacted.
Noted. I will provide text for a question. I have been parsing old Q&A document. Thanks —Alain
Russ
participants (3)
-
ALAIN AINA -
Boban Krsic -
Russ Housley