Re: [registrars] Proposed Agenda for Marina del Rey Constituencymeeting

[Rick H Wesson <wessorh@ar.com>]

Paul,

since you helped write it and it appears to be quite detailed, your
evaluation version is over 500 pages, could you give us some pointers on
which sections we should pay specific attention to? infact if you could
just distil the specific policy into an email I'm sure we would all
appreciate it.

are you attributed in the text? I'll buy it (110 pounds) if your name is
in it.

-rick


On Wed, 24 Oct 2001, Paul M. Kane wrote:

> In light of Dan's email focusing on security issues, it may be helpful to
> members of the Registrar Constituency to review ISO 17799 - a British Standard I
> was involved in writing a few years ago discussing Security Issues in the
> Digital Age.  see http://www.SecurityIssues.ac
>
> Best
>
> Paul
>
> Dan Halloran wrote:
>
> > Rick,
> >
> > Thanks for posting the proposed agenda for the registrars constituency
> > meeting on Monday, November 12.  I'm glad that we were able to arrange a
> > full day for the constituency meeting since there are a number of important
> > issues on the constituency's plate.  In response to several questions I've
> > received, I'd like to supplement your posting with some additional details
> > about the special focus on "Security and Stability of the Internet Naming
> > and Address Allocation Systems" that is planned for the remainder of the
> > week's meetings.
> >
> > A bit of background may help explain why the November meeting was re-focused
> > in the wake of 11 September.  As most of you already know, ICANN's primary
> > responsibility is ensuring the stability of the Internet's naming and
> > numbering systems.  The "White Paper"
> > <http://www.icann.org/general/white-paper-05jun98.htm>, based on which ICANN
> > was founded, lists the first guiding principle of the new DNS management
> > system as "1. Stability: The U.S. Government should end its role in the
> > Internet number and name address system in a manner that ensures the
> > stability of the Internet. The introduction of a new management system
> > should not disrupt current operations or create competing root systems.
> > During the transition and thereafter, the stability of the Internet should
> > be the first priority of any DNS management system. Security and reliability
> > of the DNS are important aspects of stability, and as a new DNS management
> > system is introduced, a comprehensive security strategy should be
> > developed."
> >
> > In light of this mandate, made urgent by the public's concern about
> > terrorism, ICANN is dedicating its November meeting to an in-depth
> > examination of security requirements related to the Internet's domain name
> > and address allocation systems, the extent to which these requirements are
> > currently being met, and what individual, organizational and/or collective
> > actions are needed to create a security environment for the domain name and
> > address allocation systems that reasonably assures their continued operation
> > under, and recovery from emergency conditions.  More specifically, the
> > meeting will seek to: (a) improve the knowledge base and heighten awareness
> > about DNS security by ICANN constituents and the broader public, (b) develop
> > and adopt suggestions for security improvements by all DNS service
> > providers, including registries, registrars, and nameserver operators, (c)
> > develop recommendations to the ICANN Board for any near-term actions by
> > ICANN that may be advisable, and (d) launch continuing efforts to assess and
> > improve security and readiness across the defined scope of ICANN's
> > activities and communities.  (Note that these goals are tightly focused on
> > the DNS and its component service providers -- the registries, registrars,
> > name server operators, etc.  General network security for the Internet is
> > outside the scope of ICANN's mandate.  Technical standards for security, for
> > example, are up to e.g. the IETF to develop.)
> >
> > ICANN Accredited Registrars are central to the stable operation of the
> > Internet's domain name system.  Although I'm reluctant to single any
> > particular companies out just because a particular incident received
> > publicity, I think it would be helpful for all registrars to review the
> > following news stories about registrars that have experienced DNS-related
> > security incidents:
> > <http://www.theregister.co.uk/content/archive/21689.html> and
> > <http://sa.internet.com/InternetNews/intarc/01/01/30.htm>.  Again, these are
> > just examples (and they don't necessarily represent the full breadth of
> > potential problems), but I think it's fair to say that these kinds of
> > incidents make it reasonable for people to ask whether the registrars as a
> > group are doing everything they can to protect the integrity of the DNS
> > within the scope of their operations.  While no registrar is a single point
> > of failure for the DNS (in fact that's one of the architectural strengths of
> > the Internet), each registrar is potentially a single point of failure for
> > its own customers.
> >
> > Please be sure to review the "Update" on the meeting that was just posted at
> > <http://www.icann.org/announcements/update-21oct01.htm>.  (**All attendees
> > will need to pre-register for this meeting, at
> > <http://register.icann.org/register.php>.**)  The Update also provides
> > information about the security/stability schedule and agenda.  For complete
> > details, please see <http://www.icann.org/mdr2001/schedule.htm>.  Here's a
> > brief overview of the schedule:
> >
> > 12 November 2001 (Monday)
> >    - Non-security-focused meetings of ICANN's
> >      various constituent organizations
> >    - Public forum on ICANN At Large
> >
> > 13 November 2001 (Tuesday)
> >    - Keynote speakers
> >    - Plenary panels
> >    - Break-out sessions for all attendees
> >
> > 14 November 2001 (Wednesday)
> >    - Parallel sessions
> >         - Tutorials
> >         - Workshops
> >    - Constituent-focused working meetings for
> >      registries, registrars, ISPs, etc.
> >
> > 15 November 2001 (Thursday)
> >    - ICANN Public Forum on DNS security/stability
> >         - Reporting session
> >         - Open Mike
> >         - ICANN Board meeting
> >    - Open Mike on all other matters
> >    - ICANN Board meeting on other matters
> >
> > An informal program committee <http://www.icann.org/mdr2001/program.htm> has
> > been set up to plan the meeting's schedule and agenda.  The registrars are
> > represented on the committee by Elliot Noss of Tucows.
> >
> > One important topic for registrar review and discussion will be Registrar
> > Data Escrow.  When operational, the escrow program will assure the stability
> > of gTLD registrations by preserving domain registration information and
> > continuing registrar services even in the case of total failure of a
> > registrar or its data storage systems -- thereby increasing consumer
> > confidence in the gTLD shared registry architecture.  ICANN and the
> > registrars need to finalize the terms of an agreement concerning the
> > potential uses, release conditions, and rights to the registration data to
> > be escrowed.  Also, ICANN needs to specify the schedule, terms and format
> > for registrar submission of this data.  The specification for the format of
> > the escrowed data was created by a committee that included technical experts
> > from the Registrars Constituency.  Very shortly ICANN will post for review
> > and comment a draft "Registrar Data Escrow Appendix" (to the Registrar
> > Accreditation Agreement.) This appendix will set forth the proposed deposit
> > contents and procedure, data security provisions, release conditions,
> > right-to-use terms, and the license for a new ICANN Data Escrow Program
> > logo.
> >
> > If you have any other suggestions for topics, speakers or panelists on DNS
> > security/stability, please forward them to Elliot Noss or
> > <meeting@icann.org>.
> >
> > Thank you very much for your attention.
> >
> > Best regards,
> > Dan Halloran
> > Chief Registrar Liaison
> > ICANN
> >
> > -----Original Message-----
> > From: owner-registrars@dnso.org [mailto:owner-registrars@dnso.org]On
> > Behalf Of Rick H Wesson
> > Sent: 23 October, 2001 10:43 AM
> > To: Registrars List
> > Subject: [registrars] Proposed Agenda for Marina del Rey Constituency
> > meeting
> >
> > Registrars:
> >
> > Below you will find the proposed agenda for the registrars meeting. If
> > there is an issue you wish to have put on the agenda please comment.
> >
> > Be prepared for a long day.
> >
> > Monday November 12th 2001
> > ==========================
> >
> >   0830 to 1200
> >     o intro and agenda bash
> >     o deletes
> >     o transfers / nc transfers task force
> >     o whois
> >     o below $6 pricing
> >     o annual report / budget
> >
> >   1200 to 1330
> >     o lunch
> >
> >   1330 to 1730
> >     o nc elections/nominations
> >     o nc reports
> >     o icann restructuring
> >     o epp
> >     o idn
> >     o Q1 registrars meeting
> >     o open mike
> >
> > -rick
>
>