Dear SSR2 RT members, During the meeting today, the review team assigned a ‘lead’ volunteer for each work topic. ACTION FOR RT MEMBERS: * Please check the Google doc<https://docs.google.com/document/d/1nmPIw-Q6nKI4UdQjAz4KAH83jMU2TIJWncZroWEL...> to see which topics you are assigned as the lead (lead is indicated in bold). * If you are the lead for a topic, please reach out to the other volunteers in the topic to coordinate the writing. If you have an objection to being the lead for any topic you’re assigned to, please speak up. The content from the Google doc is also pasted below for ease of reference. ICANN SSR Topic Volunteers # of outstanding questions 1. Perform a assessment of ICANN's Information Security Management System. Jabhera M, Alain A,Noorul A 1 2. Perform a assessment of ICANN's Business Continuity Management System. Boban K, Alain A 18 3. Perform a assessment of ICANN's Risk Management Methodology and Framework. Laurin W, Boban K, Kerry-Ann B 7 4. Perform an how effectively ICANN has implemented its Security Incident Management and Response Processes to reduce (pro-active and reactive) the probability of DNS-related incidents. Scott M, Noorul A 9 5. Perform a assessment of internal security, stability and resiliency of ICANN's operation processes and services. Russ H, Kerry-Ann B (compliance), Naveed R 2 6. Perform an assessment on how effectively ICANN has implemented its processes around vetting registry operators and services concerning the New gTLD Delegation and Transition process. Norm R, Ram P 2 7. Perform an assessment how effectively ICANN has implemented its processes to ensure compliance regarding registrar agreements and the consensus policies. Denise M, Kerry-Ann B 12 DNS SSR Topic Volunteers # of questions outstanding Section I: Root Zone Management Data sharing/ data release KC 0 BC - DR plan Boban K, Zarko K 0 Name Collision Denise M 0 Root zone change management (Verification, etc.) Laurin W, Boban K 2 TLD label management Boban K, Laurin W 2 NS / DS record management Boban K, Laurin W 0 + 2 Section II: Root server system (e.g. l-root) Best practice + System hardening of l-root Alain A, Naveed R 0 Comment on RSSAC document around proposed governance model for the root servers environment KC, Alain A, Naveed R 0 Section III: Alternate Root Deployment & Co-existence Accountability & Transparency with respect to risks and benefits - annual report Eric O, Naveed R 0 Section IV: SSR Measurements SLA compliance (SLAs for what? with whom?) Kerry-Ann B 0 Propagation delay and consistency of changes of zone contents across name servers Eric O, KC 0 IANA registry availability measurements - security Scott M 0 Identify KPI for SSR measurements Eric, KC, Laurin, Naveed R 0 Section V: Namespace Abuse Transparency with respect to abuse (is this DAAR?) Denise M, KC, Jabhera M, Norm R 0 Reactive vs. proactive compliance - one-off complaints response vs. data driven priorities Proactive anti-abuse by registrars and registries Denise M, Kerry--Ann B, Norm R, Laurin W, Eric O 0 Leadership: Give ICANN compliance a “big stick” to lead abuse remediation initiatives and take action Laurin W, Norm R, KC, Denise M 0 IDN domain names (glyph phish) Russ H, Laurin W 2 Section VI: Software interop Testbed of software variants (NS / resolver / etc.) for regression testing Eric O, Laurin W 0 Future Challenges Topic Volunteers # of questions outstanding Coalescence of registrars/registry/backend operators for multiple TLDs Eric O, Denise M, Norm R, Boban K 6 Access to data, info, research on important abuse attack vectors Laurin W, Norm R, Denise M, Eric O, Scott M, Jabhera M, KC 1 New crypto-systems in DNSSEC (ECC + PQ) Eric O, Russ H, Ram P, Laurin W, Alain A 1 New uses for DNS (IoT etc.) Laurin W, Eric O, Kerry-Ann B, Naveed R 0 Alternate naming systems (interactions, conflicts etc) Norm R, Laurin W, Eric O 1 Root server system protection: assess the threatscape of top threats (e.g. DDoS to the root system) Kerry-Ann B, Eric O, Norm R, Laurin W, Noorul A 2 Privacy protections Kerry-Ann B, Eric O, Norm R, Laurin W, Noorul A 1 clarification requested -- Jennifer Bryce Senior Reviews Coordinator Internet Corporation for Assigned Names and Numbers (ICANN) Email: jennifer.bryce@icann.org Skype: jennifer.bryce.icann www.icann.org