AT-LARGE GATEWAY

At-Large Website

ALAC

RALOs

At-Large Regional Policy Engagement Program (ARPEP)

At-Large Governance

At-Large Reports

Policy Comments & Advice

Working Groups

ICANN Meetings

At-Large Summit (ATLAS III)

At-Large Review Implementation Plan Development

ALAC and RALO Elections, Selections, and Appointments

At-Large Priority Activities - 2021

Comment Close
Date		Statement
Name 

Status

Assignee(s) and
RALO(s)

Call for
Comments		Call for
Comments
Close 		Vote
Announcement 		Vote OpenVote
Reminder		Vote CloseDate of SubmissionStaff Contact and EmailStatement Number
11.02.2014Review of Trusted Community Representation in Root Zone DNSSEC Key Signing CeremoniesADOPTED12Y, 0N, 0ASalanieta Tamanikaiwaimaro (APRALO)31.01.201407.02.201411.02.201411.02.201416.02.201417.02.201418.02.2014Kim Davies
kim.davies@icann.org 		AL-ALAC-ST-0214-02-00-EN

For more information about this PC, please click here

FINAL VERSION TO BE SUBMITTED IF RATIFIED

Please click here to download a copy of the PDF below.

FINAL DRAFT VERSION TO BE VOTED UPON BY THE ALAC

Background

The Affirmation of Commitment describes the Internet as a transformative technology that empowers people around the globe, spurs innovation, facilitates trade and commerce, and enables the free and unfettered flow of information[1]. One of the elements of the Internet's success is a highly decentralized network that enables and encourages decision-making at a local level. Notwithstanding this decentralization, global technical coordination of the Internet's underlying infrastructure - the Domain Name System[2] (DNS) - is required to ensure interoperability[3].

DNS Security Extensions[4] (DNSSEC) is a protocol that is currently being deployed to secure the Domain Name System (DNS), the Internet’s global phone book. DNSSEC adds security to the DNS by incorporating public key cryptography into the DNS hierarchy, resulting in a single, open, global Public Key Infrastructure (PKI) for domain names.

In DNSSEC a secure response to a query is one which is cryptographically signed and validated. An individual signature is validated by following a chain of signatures to a key which is trusted for some extra-protocol reason. ICANN, as IANA Functions Operator, is responsible for the publication of trust anchors[5] for the root zone of the Domain Name System.

Since July 2010, the DNS Root Zone has been secured using DNSSEC. The model of using DNSSEC in the DNS Root Zone revolves around a "key signing key" (KSK) that is managed by ICANN in two secure facilities. Four times a year, a ceremony is conducted at these facilities to perform operations involving the KSK. As a key part of this process, a minimum of three from a pool of 21 trusted community representatives (TCRs) attend each ceremony to enable access to the secure materials, to witness the procedure, and to attest that the ceremony was conducted properly.

Introduction

The At Large Community recognizes the role and significance that the DNS plays in ensuring interoperability. We recognize the importance of DNSSEC in the security, stability and resiliency of the Internet in the root zone and the subsequent deployment in DNS Infrastructure. Noting that at the time this statement was written there were 427 TLDs in the root zone of which 235 are signed and that 229 have trust anchors published in the DS records in the root zone whilst 4 TLDs have trust anchors published in the ISC DLV Repository, we hope that in time more TLDs will move towards having trust anchors published.

The Root Zone Key Signing Ceremony points to one of ICANN’s important functions of preserving accountability and transparency in the manner in which it conducts its DNSSEC Key Signing Ceremonies.

We recognize the unique combination the key-signing and TCRs make of broad participation, transparency and accountability in order to serve the central function of preserving and enhancing the stability, security and resilience of the DNS, thus engendering widespread trust.

We would like to congratulate all the stakeholders involved in the KSK management process on the services since the first KSK signing ceremony till to date. We welcome the opportunity to contribute to the Review of Trusted Community Representation in Root Zone DNSSEC Key Signing Ceremonies. Following consultations with the At Large community along the questions that was raised, we found that on some issues there was divergence of views and we have captured both views.

 1.     Is the current TCR model effectively performing its function of ensuring trust in the KSK management process?

The current Trusted Community Representative (TCR) model has been effectively performing its functions of ensuring trust in the KSK management process; however, we make the following observations.

The Abbreviation Draft of the Key Signing Ceremony Annotated Scripts, which provides a permanent trusted record of the Ceremony, does not include a definition for "EW" when these appear to be sometimes the largest number of category of people at the Ceremony. The Key Signing Ceremony Annotated Scripts do not clearly state whether there are no other participants (including Camera person) present apart from those listed.

 2.      Is the current size of the TCR pool appropriate to ensure sufficient participation in the ceremonies, while not overburdening the availability of specific volunteers?

There are two different views on this. The first view is that the current size of the TCR pool is sufficient. The second view is that the current size needs to be expanded to cater for unforeseen circumstances (includes but is not limited to terrorist attacks, flight disruptions, state of emergency, civil war, etc) that could render a majority of the 21 TCRs unable to attend to their responsibilities. The possibility of having signing at the same time in either the same country or different countries or frequency of signing could also exhaust reserves leading to overburdening these volunteers. There might be some merit in expanding the pool and retaining the TCRs whilst rotating them from within the pool of candidate TCRs.

 3.     Should there be a minimum level of participation required of a TCR in order to be considered to be successfully discharging their duties?

The community believes that TCRs should meet the existing criteria merited of what would comprise a responsible TCR. TCRs should actively engage by writing reports which are made public. Minimum participation should include, attendance, engagement, carrying out responsibilities, writing full and thorough reports and listing concerns if any.

 4.     There is no standard provision to refresh the list of TCRs except when they are replaced due to inability to effectively perform their function. Should there be a process to renew the pool of TCRs, such as using term limits or another rotation mechanism?

There are two views on this matter. The first view is that the existing pool and their indefinite terms are sufficient and that the 21 TCRs are more than enough to meet possible contingencies that may arise. That there is no need for process to renew the pool neither of TCRs nor to use term limits or introduce a rotation mechanism. 

The other view is that there is a need for term limits as the original TCR mechanism is silent on the term. Given the Internet reaches an estimated 2.6 billion users all over the world, there should be enough candidates able to meet the criteria of being a TCR. The number of candidate or backup TCRs can also be increased. Regardless, where there is an assumption of indefinite service as a TCR, there should be a constant requirement to disclose any and all potential conflicts of interest to disable the risk of “capture” by any stakeholder or interest.  

 5.     The current model does not compensate TCRs for their services in order to

         ensure their independence from ICANN.

                 a.    Should the model of TCRs paying the costs of their participation be retained?

                 b.   Would some form of compensation to offset the expenses incurred by the TCRs detract from their independence in performing the role?

                 c.     If you support compensating TCRs for their expenses, are there requirements or limitations on whom the funding organization should be?

There are two divergent views in relation to this. The first view holds that the current model where TCRs pay the costs should be retained. TCRs should be cost-neutral for those not supported by firms or other entities should suffice.  To create another source of travel funds for TCRs is poor and unwarranted.

The second view acknowledges the financial burden placed on TCRs. Although TCRs are volunteers, a system should be set in place that guarantees independence yet allows them to carry out their duty. A fund should be managed externally that is independent that can cater for the expenses of the TCRs.There should be limitations on those who can contribute to this fund. Any funds or gifts being awarded to the TCR should be promptly and formally disclosed through appropriate avenues. One of the suggestions for possible funding model is where ICANN sets up the fund as in the case of the Office of the Independent Objector (IO) where ICANN does not interfere with the decisions of the (IO).

FIRST DRAFT SUBMITTED

Background

The Affirmation of Commitment describes the Internet as a transformative technology that empowers people around the globe, spurs innovation, facilitates trade and commerce, and enables the free and unfettered flow of information[1]. One of the elements of the Internet's success is a highly decentralized network that enables and encourages decision-making at a local level. Notwithstanding this decentralization, global technical coordination of the Internet's underlying infrastructure - the Domain Name System[2] (DNS) - is required to ensure interoperability[3].

DNS Security Extensions[4] (DNSSEC) is a protocol that is currently being deployed to secure the Domain Name System (DNS), the Internet’s global phone book. DNSSEC adds security to the DNS by incorporating public key cryptography into the DNS hierarchy, resulting in a single, open, global Public Key Infrastructure (PKI) for domain names.

In DNSSEC a secure response to a query is one which is cryptographically signed and validated. An individual signature is validated by following a chain of signatures to a key which is trusted for some extra-protocol reason. ICANN, as IANA Functions Operator, is responsible for the publication of trust anchors[5] for the root zone of the Domain Name System.

Since July 2010, the DNS Root Zone has been secured using DNSSEC. The model of using DNSSEC in the DNS Root Zone revolves around a "key signing key" (KSK) that is managed by ICANN in two secure facilities. Four times a year, a ceremony is conducted at these facilities to perform operations involving the KSK. As a key part of this process, a minimum of three from a pool of 21 trusted community representatives (TCRs) attend each ceremony to enable access to the secure materials, to witness the procedure, and to attest that the ceremony was conducted properly.

Questions for the At Large

  1. Is the current TCR model effectively performing its function of ensuring trust in the KSK management process?
  2. Is the current size of the TCR pool appropriate to ensure sufficient participation in the ceremonies, while not overburdening the availability of specific volunteers?
  3. Should there be a minimum level of participation required of a TCR in order to be considered to be successfully discharging their duties?
  4. There is no standard provision to refresh the list of TCRs except when they are replaced due to inability to effectively perform their function. Should there be a process to renew the pool of TCRs, such as using term limits or another rotation mechanism?
  5. The current model does not compensate TCRs for their services in order to ensure their independence from ICANN.
    1. Should the model of TCRs paying the costs of their participation be retained?
    2. Would some form of compensation to offset the expenses incurred by the TCRs detract from                          their independence in performing the role?
    3. If you support compensating TCRs for their expenses, are there requirements or limitations                    on whom the funding organization should be?

DRAFT ALAC STATEMENT

Introduction

The At Large Community recognizes the role and significance that the DNS plays in ensuring interoperability. We recognize the importance of DNSSEC in the security, stability and resiliency of the Internet in the root zone and the subsequent deployment in DNS Infrastructure. Noting that to date there are 427 TLDs in the root zone of which 235 are signed and that 229 have trust anchors published in the DS records in the root zone whilst 4 TLDs have trust anchors published in the ISC DLV Repository, we hope that in time more TLDs will move towards having trust anchors published.

The Root Zone Key Signing Ceremony points to one of ICANN’s most sacred functions of preserving accountability and transparency in the manner in which it conducts its DNSSEC Key Signing Ceremonies. We would like to congratulate all the stakeholders involved in the KSK management process on the services since the first KSK signing ceremony till to date. We welcome the opportunity to contribute to the Review of Trusted Community Representation in Root Zone DNSSEC Key Signing Ceremonies.

We believe that the current Trusted Community Representative (TCR) model has been effectively performing its functions of ensuring trust in the KSK management process. We would like to suggest a few additional processes that could complement the existing process. The original TCR proposal is silent on the term. Where there is an assumption of indefinite service as a TCR, there should be a constant requirement to disclose any and all potential conflicts of interest to disable the risk of “capture” by any stakeholder or interest.  

We note that there is a financial burden placed on the TCR although they are volunteers and a system should be set in place that guarantees independence yet allows for ease in carrying out their duty. A fund should be managed externally that is independent that can cater for the expenses of the TCRs.There should be limitations on those who can contribute. Any funds or gifts being awarded to the TCR should be promptly and formally disclosed through appropriate avenues.

The At Large community is curious as to whether the TCR who resigned did so because of an inability to continue in his or her role due to arising conflict, lack of finances etc. The current size of the TCR pool needs to be expanded to ensure that there is sufficient participation in ceremonies as ICANN should account for the remote possibility of mass unavailability due to random unforeseen circumstances. There might be some merit in expanding the pool and retaining the TCRs whilst rotating them from within the pool.

  • No labels

21 Comments

  1. Salanieta Tamanikaiwaimaro

     

    Background

    The Affirmation of Commitment describes the Internet as a transformative technology that empowers people around the globe, spurs innovation, facilitates trade and commerce, and enables the free and unfettered flow of information[1]. One of the elements of the Internet's success is a highly decentralized network that enables and encourages decision-making at a local level. Notwithstanding this decentralization, global technical coordination of the Internet's underlying infrastructure - the Domain Name System[2] (DNS) - is required to ensure interoperability[3].

    DNS Security Extensions[4] (DNSSEC) is a protocol that is currently being deployed to secure the Domain Name System (DNS), the Internet’s global phone book. DNSSEC adds security to the DNS by incorporating public key cryptography into the DNS hierarchy, resulting in a single, open, global Public Key Infrastructure (PKI) for domain names.

    In DNSSEC a secure response to a query is one which is cryptographically signed and validated. An individual signature is validated by following a chain of signatures to a key which is trusted for some extra-protocol reason. ICANN, as IANA Functions Operator, is responsible for the publication of trust anchors[5] for the root zone of the Domain Name System.

    Since July 2010, the DNS Root Zone has been secured using DNSSEC. The model of using DNSSEC in the DNS Root Zone revolves around a "key signing key" (KSK) that is managed by ICANN in two secure facilities. Four times a year, a ceremony is conducted at these facilities to perform operations involving the KSK. As a key part of this process, a minimum of three from a pool of 21 trusted community representatives (TCRs) attend each ceremony to enable access to the secure materials, to witness the procedure, and to attest that the ceremony was conducted properly.

     

     

    Questions for the At Large

     

     1.     Is the current TCR model effectively performing its function of ensuring trust

             in the KSK management process?

     

     2.      Is the current size of the TCR pool appropriate to ensure sufficient

              participation in the ceremonies, while not overburdening the availability of

              specific volunteers?


     3.     Should there be a minimum level of participation required of a TCR in order

            to be considered to be successfully discharging their duties?


     4.     There is no standard provision to refresh the list of TCRs except when they

             are replaced due to inability to effectively perform their function. Should

             there be a process to renew the pool of TCRs, such as using term limits or

             another rotation mechanism?


     5.     The current model does not compensate TCRs for their services in order to

             ensure their independence from ICANN.

                     a.     Should the model of TCRs paying the costs of their participation be retained?

                    b.      Would some form of compensation to offset the expenses incurred by the TCRs detract from                          their independence in performing the role?

                    c.      If you support compensating TCRs for their expenses, are there requirements or limitations                           on whom the funding organization should be?

     

     

    DRAFT ALAC STATEMENT

     

    Introduction

    The At Large Community recognizes the role and significance that the DNS plays in ensuring interoperability. We recognize the importance of DNSSEC in the security, stability and resiliency of the Internet in the root zone and the subsequent deployment in DNS Infrastructure. Noting that to date there are 427 TLDs in the root zone of which 235 are signed and that 229 have trust anchors published in the DS records in the root zone whilst 4 TLDs have trust anchors published in the ISC DLV Repository, we hope that in time more TLDs will move towards having trust anchors published.

     

    The Root Zone Key Signing Ceremony points to one of ICANN’s most sacred functions of preserving accountability and transparency in the manner in which it conducts its DNSSEC Key Signing Ceremonies. We would like to congratulate all the stakeholders involved in the KSK management process on the services since the first KSK signing ceremony till to date. We welcome the opportunity to contribute to the Review of Trusted Community Representation in Root Zone DNSSEC Key Signing Ceremonies.

     

    We believe that the current Trusted Community Representative (TCR) model has been effectively performing its functions of ensuring trust in the KSK management process. We would like to suggest a few additional processes that could complement the existing process. The original TCR proposal is silent on the term. Where there is an assumption of indefinite service as a TCR, there should be a constant requirement to disclose any and all potential conflicts of interest to disable the risk of “capture” by any stakeholder or interest.  

     

    We note that there is a financial burden placed on the TCR although they are volunteers and a system should be set in place that guarantees independence yet allows for ease in carrying out their duty. A fund should be managed externally that is independent that can cater for the expenses of the TCRs.There should be limitations on those who can contribute. Any funds or gifts being awarded to the TCR should be promptly and formally disclosed through appropriate avenues.

     

     The At Large community is curious as to whether the TCR who resigned did so because of an inability to continue in his or her role due to arising conflict, lack of finances etc. The current size of the TCR pool needs to be expanded to ensure that there is sufficient participation in ceremonies as ICANN should account for the remote possibility of mass unavailability due to random unforeseen circumstances. There might be some merit in expanding the pool and retaining the TCRs whilst rotating them from within the pool.

     

    Ends

  2. Olivier Crepin-Leblond

    Reading through the documents reporting on the ceremonies, I have noticed two discrepancies which I suggest the ALAC should point out:

    1. The Abbreviation Draft of the Key Signing Ceremony Annotated Scripts, which provides a permanent trusted record of the Ceremony does not include a definition for "EW" when these appear to be sometimes the largest number of category of people at the Ceremony.
    2. The Key Signing Ceremony Annotates Scripts do not clearly state that there are no other participants (including Camera person) present apart from those listed.

     

    Commenting on Sala's draft:

    • I would shy of using terms such as "sacred" which might have religious connotations.
    • I would cringe on assumptions of indefinite service as TCR - in an growing Internet world of 2.6Bn users, these should really rotated
    • I completely support the requirement for continuous disclosure of potential conflicts
    • I completely support proposal for the funding of expenses of TCRs to meet face to face
    • I would recommend removing the "curious" part of the Statement. The ALAC should not be curious and asking for information on the reasons of someone's resignation is, in my opinion, a potential breach of privacy.

    Olivier (in an individual capacity)

    1. Salanieta Tamanikaiwaimaro

      Thank you Olivier for your comments.

  3. Alejandro Pisanty

    The statement should be expanded to the recognition of the unique combination the key-signing and TCRs make of broad participation, transparency and accountability in order to serve the central function of preserving and enhancing the stability, security and resilience of the DNS, thus engendering widespread trust.

     

    I do not believe ALAC should propose any increase in processes; streamlining should be the direction. 

     

    As for support for TCRs, a statement that acting as a TCR should be cost-neutral for those not supported by firms or other entities should suffice. A statement in very restrained terms would go counter to the possibility that the draft be read as suggesting the poorly warranted creation of yet another source of travel funds.

  4. Matt Ashtiani

    > Dear Salanieta:
>
>   I was unable to add my comments on the wiki because the editor does not
> load, although I tried several times.
>
> My comment was sent yesterday LACRALO <
> lac-discuss-es@atlarge-lists.icann.org> list in spanish, and I copy this
> below,  with a variant cleared on that list in another mail, in which I
> send it deleted the wrong paragraph .
>
> Best Regards
>
>
> I agree with the draft Salanieta with the observations made by Olivier ,
> except the issue of financing , which I agree with Alexander. The word "
> sacred " could be changed to " solemn " because it is a solemnity and
> compliance is an essential requirement in the process of KSK .
>
> Responsibility regarding the control of TCR , which mentions Alexander on
> ensuring transparency , accountability , and defending the Internet users,
> and is set to generic point 9 of the Statement of Commitment between the
> Department of Commerce U.S. and ICANN , (the first document cited by
> Salanieta ) .
>
>  Moreover, the entire process of the ceremony itself is a guarantee of
> transparency and protection of users . There are strict controls and
> detailed in the DNSSEC Practice Statement of the procedure for
> accreditation of entry of persons, etc., for the Root Zone Operator (TCR )
> , your responsibilities are established and each of the steps you must
> follow what is proper documents governing safety at these levels of the
> root.
>
>  There are also prerequisites for the selection and appointment of the TCR
> , instructions for its function.That's part of the technical process of the
> company Verisign , specialist in informatic security .
>
>  As for the number of TCR , understand that it is reasonable and who
> applied for the position, must know and accept their demands were selected
> according to rules and monitored compliance with requirements and is
> scheduled for the 21 selected will be appointed only some will setected ( 6
> or 8) for two ceremonies that simultaneously at different locations each
> year in four opportunities . The amount would be more to cover possible
> contingencies.
>
> Regarding see major funding strictly maintain the independence of the
> process being controlled , between those who are appointed to control the
> process and who is responsible of it, in these last ICANN. This, besides
> exposing Alexander and there are many whose travel costs that could and
> perhaps should be without, given the possibility of remote participation ,
> which is not the case of the TCR , which have be physically present .
>
>
>
>
>
>
> 2014-02-04 Salanieta T. Tamanikaiwaimaro <
> salanieta.tamanikaiwaimaro@gmail.com>:
>
>> Dear All,
>>
>> The call for comments from At Large closes on 7th February, 2014.
>>
>> There is currently some difference in views on whether the Trusted
>> Community Representatives (TCRs) should have indefinite terms of whether
>> this should rotated.
>>
>> Should TCRs continue to remain self funded or should they be funded?
>>
>> There are also a few other important aspects of this that we would like to
>> consult the wider community on before amending the draft. For those of you
>> who have already commented, thank you. I am mindful that we still have not
>> heard from others. Feel free to comment directly on the wiki via the link
>> below or by responding to this thread.
>>
>> https://community.icann.org/x/nge6Ag
>>
>> Your input into this process will help us finalize the Draft. May we have
>> your views please?
>>
>> Kind Regards,
>> Sala
>>
>>
>> On Mon, Feb 3, 2014 at 7:45 AM, Salanieta T. Tamanikaiwaimaro <
>> salanieta.tamanikaiwaimaro@gmail.com> wrote:
>>
>>> Dear All,
>>>
>>> This is just a friendly reminder in case you missed it that there is an
>>> ongoing Review on Trusted Community Representation in Root Zone DNSSEC
>> Key
>>> Signing Ceremonies. Grateful if the RALO Chairs could also ask their
>>> members for their views.
>>>
>>> For the benefit of the general community at large and those who have just
>>> entered the community, you would have been advised at some point that
>>> anyone in At Large can have their say on aspects of Policies either
>>> individually as you comment directly on the site to the staff concerned
>> or
>>> as we in the At Large community do it through the At Large channels by
>> way
>>> of the "Wiki" or through email discussions.
>>>
>>> If you would like to comment on the Draft Statement currently being
>>> developed by the At Large on this matter, visit:
>>>
>>>
>>>
>> https://community.icann.org/display/alacpolicydev/At-Large+Review+of+Trusted+Community+Representation+in+Root+Zone+DNSSEC+Key+Signing+Ceremonies+Workspace?focusedCommentId=46498543#comment-46498543
>>> If you are finding that you have difficulties posting your comment on the
>>> wiki, feel free to respond to this thread and post your thoughts. On the
>>> wiki you will see that the Review Team had laid several questions for the
>>> public and wider community. This can help guide your comments and to
>> have a
>>> fair idea of the areas that they want and value your feedback on. The At
>>> Large will close the call for comments on the 7th of February, 2014 so
>> get
>>> your thoughts in if you want them factored in.
>>>
>>> In case you do not have a profile to enable you to post on the Wiki
>> (ICANN
>>> Confluence) - please contact At Large staff offline.
>>>
>>> Kind Regards,
>>> Sala

  5. Silvia Vivanco

     COMMENT POSTED BY STAFF ON BEHALF OF FATIMA CAMBRONERO

     

    Regarding the ALAC statement about Review of Trusted Community Representation in Root Zone DNSSEC Key Signing Ceremonies and based on the comments made in LACRALO, these are the main points to be included in the ALAC statement.
    -We agree that the signing process of cryptographic keys that are at the basis of the DNSSEC reliability is of great importance.
    -The word "sacred" could be changed to "solemn" because it is a solemnity and its compliance is an essential requirement to the KSK process.
    -We believe that the whole process of the ceremony itself is a guarantee of transparency and protection of users. It should be expressed more clearly how this issue may affect Internet users.
    -The statement should be expanded to the recognition of the unique combination the key-signing and TCRs make of broad participation, transparency and accountability in order to serve the central function of preserving and enhancing the stability, security and resilience of the DNS, thus engendering widespread trust.
    -We do not believe ALAC should propose any increase in processes; streamlining should be the direction. We also consider it is not necessary to increase the number of TCR. This number is reasonable. These members were selected according to clear rules and ensuring compliance with requirements.
    -As for support for TCRs, a statement that acting as a TCR should be cost-neutral for those not supported by firms or other entities should suffice. A statement in very restrained terms would go counter to the possibility that the draft be read as suggesting the poorly warranted creation of yet another source of travel funds. We consider it important to maintain the independence and accountability of the process that is being controlled.
    - We believe that the entire last paragraph of the statement should be removed. We don't agree with the reference to the "curiosity" of ALAC. That's something should not of interest to ALAC. Also we don't agree to expand the pool of TCR.
    Please take these comments into account to be included in the aforementioned statement.


    Fatima Cambronero

    1. Salanieta Tamanikaiwaimaro

      Dear Fatima,

      Thank you for your comments. I am in the process of drafting and edited version of the previous statement and will alert the community to place their final comments and tweaking before this is closed by Staff and sent to the ALAC.

      Thank you Sylvia for placing the comments on the wiki - much appreciated.

      Kind Regards,

      Sala

       

      Tags @Fatima @Oliver @Alejandro

       

  6. Olivier Crepin-Leblond

    I note that there have been several concerns about "increase in processes". I am not sure why the draft mentions an increase - all I see is a suggestion that Terms are limited and/or that full continuous disclosure is needed. That's not an increase in process but certainly is an increase in transparency that serves the public interest.

    I understand Alejandro's suggested use of terms to describe cost neutrality. Indeed, suggesting "travel budgets" touches on a raw nerve for some critics.

    Olivier

    1. Salanieta Tamanikaiwaimaro

      I am currently editing the previous statement and will try to factor in the considerations and issues raised by all. As soon as it is ready it will be posted here to invite the community for some final feedback before it is consolidated and put to the ALAC.

  7. Olivier Crepin-Leblond

    Copied from the At-Large mailing list, for the record:

     

    Dear Sala,

I am reviewing the Statement & very much like its early sections but I
have noticed a couple of things which probably need your attention:

- In the response to Q4, the first paragraph starts with "That" and this
needs to be improved grammatically.
In the second paragraph of the response to Q4 there is a sentence that
needs cleaning up:
"There are 2.6 billion internet users should indicate that there are at
least sufficient persons in the world who could meet the criteria for
selection."
--> With 2.6 billion Internet users in the world, there should be enough
people in the world who could meet the criteria for selection

- Answer to Q5: you mention that there are two points of view and I am
not sure that this is the case. What I understood from Alejandro is that
the TCRs should be cost neutral which in my understanding means some
organisation has to pick up the costs, whether their firm or whether a
third party. This might not be called "ICANN travel support", which is
what effectively I understood Alejandro to object to but could
definitely be some allocation that would make sure costs were paid by
the TCR.
Perhaps you might like to check this before affirming there's divergence.

I am also concerned that we are not quite answering the questions in Q5.
The vote will launch on Monday 0:00 UTC - so thanks for looking into
this during the week-end!

Kind regards,

Olivier

    1. Salanieta Tamanikaiwaimaro

      Comments from Aida Noblia via email on February 8

      Dear Salanieta and All:
      Regarding the amount of TCR: Of the 21 TRC only must attend each time, 6 or 8 people, half of which go to a place and half to another. From the point of view of those risks posed the biggest problem is that the two places where ceremonies are are located in the same country: if something in there is no other backup occurs. But that is no reason the query.
      Regards
      Comments from Olivier via email on February 8
      Dear Sala,

      On 08/02/2014 07:30, Salanieta T. Tamanikaiwaimaro wrote:
      > There are 2.6 billion internet users should indicate that there are at
      > least sufficient persons in the world who could meet the criteria for
      > selection."
      > --> With 2.6 billion Internet users in the world, there should be enough
      > people in the world who could meet the criteria for selection

      Reviewing my suggestion again this morning, I realise my English is not
      much of an improvement on the sentence.
      Perhaps it needs to be re-phrased better than my suggestion. Please feel
      free to improve it. :-)
      Kind regards,

      Olivier

      Comments from Aida Noblia via email on February 9 
      Salanieta, Oliver , all:

      I agree that the costs could be paid by others. The point was that ICANN
      will not pay because it is part of the ceremony and to maintain the
      objectivity of the TCR, which were not involved and witnessing part at a
      time.
      Regards

      Comments from Mc Tim via email on February 9
      Hi,

      There could be a funding mechanism set up by ICANN which would give TCRs
      independence from ICANN.

      See IO office for an example.

      Comments from Olivier via email on February 9

      Thanks McTim - that's exactly the sort of suggestion which I think would
      be welcome in the Comment.
      Kind regards,

      Olivier

      Comments from Aida Noblia via email on February 9

      Maybe it could be .. would have to be something independent because for
      example if Verisign understand that finance is not for being the company
      that makes the technical part. I do not remember where I read the
      suggestion that it could be an independent body and put sample Unesco.

      Aída

      Editor's comments

      I have tried to factor in people's comments save for the use of the UNESCO model. Changes have been highlighted in blue and are in "bold" for ease of reading. I will ask Staff to replace the previous version with this but to remove the bold and the "color blue" so it is a cleaned edited version. I will also send them a word document via email for their records and alternatively for ease of copying into the final statement space.

      Many thanks to the global At Large community for engaging in the discussions and allowing us to have a voice into the statement.

      THIS IS THE FURTHER REVISED DRAFT OF THE STATEMENT

       

      Background

      The Affirmation of Commitment describes the Internet as a transformative technology that empowers people around the globe, spurs innovation, facilitates trade and commerce, and enables the free and unfettered flow of information[1]. One of the elements of the Internet's success is a highly decentralized network that enables and encourages decision-making at a local level. Notwithstanding this decentralization, global technical coordination of the Internet's underlying infrastructure - the Domain Name System[2] (DNS) - is required to ensure interoperability[3].

      DNS Security Extensions[4] (DNSSEC) is a protocol that is currently being deployed to secure the Domain Name System (DNS), the Internet’s global phone book. DNSSEC adds security to the DNS by incorporating public key cryptography into the DNS hierarchy, resulting in a single, open, global Public Key Infrastructure (PKI) for domain names.

      In DNSSEC a secure response to a query is one which is cryptographically signed and validated. An individual signature is validated by following a chain of signatures to a key which is trusted for some extra-protocol reason. ICANN, as IANA Functions Operator, is responsible for the publication of trust anchors[5] for the root zone of the Domain Name System.

      Since July 2010, the DNS Root Zone has been secured using DNSSEC. The model of using DNSSEC in the DNS Root Zone revolves around a "key signing key" (KSK) that is managed by ICANN in two secure facilities. Four times a year, a ceremony is conducted at these facilities to perform operations involving the KSK. As a key part of this process, a minimum of three from a pool of 21 trusted community representatives (TCRs) attend each ceremony to enable access to the secure materials, to witness the procedure, and to attest that the ceremony was conducted properly.

      Introduction

      The At Large Community recognizes the role and significance that the DNS plays in ensuring interoperability. We recognize the importance of DNSSEC in the security, stability and resiliency of the Internet in the root zone and the subsequent deployment in DNS Infrastructure. Noting that at the time this statement was written there were 427 TLDs in the root zone of which 235 are signed and that 229 have trust anchors published in the DS records in the root zone whilst 4 TLDs have trust anchors published in the ISC DLV Repository, we hope that in time more TLDs will move towards having trust anchors published.

       The Root Zone Key Signing Ceremony points to one of ICANN’s important functions of preserving accountability and transparency in the manner in which it conducts its DNSSEC Key Signing Ceremonies.

      We recognize the unique combination the key-signing and TCRs make of broad participation, transparency and accountability in order to serve the central function of preserving and enhancing the stability, security and resilience of the DNS, thus engendering widespread trust.

      We would like to congratulate all the stakeholders involved in the KSK management process on the services since the first KSK signing ceremony till to date. We welcome the opportunity to contribute to the Review of Trusted Community Representation in Root Zone DNSSEC Key Signing Ceremonies. Following consultations with the At Large community along the questions that was raised, we found that on some issues there was divergence of views and we have captured both views.

       

       1.     Is the current TCR model effectively performing its function of ensuring trust

               in the KSK management process?

      The current Trusted Community Representative (TCR) model has been effectively performing its functions of ensuring trust in the KSK management process; however, we make the following observations.

      The Abbreviation Draft of the Key Signing Ceremony Annotated Scripts, which provides a permanent trusted record of the Ceremony, does not include a definition for "EW" when these appear to be sometimes the largest number of category of people at the Ceremony. The Key Signing Ceremony Annotates Scripts do not clearly state that there are no other participants (including Camera person) present apart from those listed.

       

       2.      Is the current size of the TCR pool appropriate to ensure sufficient

                participation in the ceremonies, while not overburdening the availability of

                specific volunteers?

       

      There are two different views on this. The first view is that the current size of the TCR pool is sufficient. The second view suggests that the current size needs to be expanded to cater for unforeseeable circumstances (includes but is not limited to terrorist attacks, flight disruptions, state of emergency, civil war, etc) that could render all 21 TCRs incapable from attending to their responsibilities. The possibility of having signing at the same time in either the same country or different countries or frequency of signing could also exhaust reserves leading to overburdening these volunteers. There might be some merit in expanding the pool and retaining the TCRs whilst rotating them from within the pool.

       

       

       3.     Should there be a minimum level of participation required of a TCR in order

              to be considered to be successfully discharging their duties?

       

      The community believes that TCRs should meet the existing criteria merited of what would comprise a responsible TCR. TCRs should actively engage by writing reports which are made public. Minimum participation should include, attendance, engagement, carrying out responsibilities, writing full and thorough reports and listing concerns if any.

       

       4.     There is no standard provision to refresh the list of TCRs except when they

               are replaced due to inability to effectively perform their function. Should

               there be a process to renew the pool of TCRs, such as using term limits or

               another rotation mechanism?

       

       There are two views on this matter. The first view is that the existing pool and their indefinite terms are sufficient and that the 21 TCRs are more than enough to meet possible contingencies that may arise. That there is no need for process to renew the pool neither of TCRs nor to use term limits or introduce a rotation mechanism.

       

      The other view is that there is need for term limits as the original TCR mechanism is silent on the term. Rotation would protect against potential capture. The world currently has an estimated population of 2.6 billion internet users. Given the said population of internet users, there would be a fraction of this that would constitute persons who have the technical proficiency to carry out the functions of a TCR from around the world. There is bound to be a sufficient pool of candidates that meet the prerequisites of a TCR. As such, it is possible to draw a larger reserve where persons of character, integrity who also possess all the pertinent skills are selected to facilitate the tasks of a TCR. Where there is an assumption of indefinite service as a TCR, there should be a constant requirement to disclose any and all potential conflicts of interest to disable the risk of “capture” by any stakeholder or interest.  

       

       5.     The current model does not compensate TCRs for their services in order to

               ensure their independence from ICANN.

                       a.    Should the model of TCRs paying the costs of their participation be retained?

                       b.   Would some form of compensation to offset the expenses incurred by the TCRs detract from their independence in performing the role?

       c.     If you support compensating TCRs for their expenses, are there requirements or limitations on whom the funding organization should be?

       

       There are two divergent views in relation to this. The first view holds that the current model where TCRs pay the costs should be retained. TCRs should be cost-neutral for those not supported by firms or other entities should suffice.  To create another source of travel funds for TCRs is poor and unwarranted.

       The second view acknowledges the financial burden placed on TCRs. Although TCRs are volunteers, a system should be set in place that guarantees independence yet allows them to carry out their duty. A fund should be managed externally that is independent that can cater for the expenses of the TCRs.There should be limitations on those who can contribute to this fund. Any funds or gifts being awarded to the TCR should be promptly and formally disclosed through appropriate avenues. One of the suggestions for possible funding model is where ICANN sets up the fund as in the case of the Office of the Independent Objector (IO) where ICANN does not interfere with the decisions of the (IO).

      Ends

       

       

       

       

       

       

  8. Dev Anand Teelucksingh

    Suggested change to the answer in Q1. New words in red, strikethrough in word should be removed


    1. Is the current TCR model effectively performing its function of ensuring trust in the KSK management process?

    The current Trusted Community Representative (TCR) model has been effectively performing its functions of ensuring trust in the KSK management process; however, we make the following observations.

    The Abbreviation Draft of the Key Signing Ceremony Annotated Scripts, which provides a permanent trusted record of the Ceremony, does not include a definition for "EW" when these appear to be sometimes the largest number of category of people at the Ceremony. The Key Signing Ceremony Annotates Annotated Scripts do not clearly state that whether there are no other participants (including Camera person) present apart from those listed.

     

     

    1. Salanieta Tamanikaiwaimaro

      These changes have been made. Thanks Dev for picking up on the grammatical errors.

  9. Dev Anand Teelucksingh

    Suggested change to the answer in Q2. New words in red, strikethrough in word should be removed

    2.          Is the current size of the TCR pool appropriate to ensure sufficient participation in the ceremonies, while not overburdening the availability of specific volunteers?


    There are two different views on this. The first view is that the current size of the TCR pool is sufficient.

    The second view suggests is that the current size needs to be expanded to cater for unforeseeable circumstances unforeseen situations (includes but is not limited to terrorist attacks, flight disruptions, state of emergency, civil war, etc) that could render all 21 a majority of the TCRs incapable from attending unable to attend to their responsibilities. 

    The possibility of having signing at the same time in either the same country or different countries or frequency of signing could also exhaust reserves leading to overburdening these volunteers. However, there might be some merit in expanding the pool of candidate TCRs and retaining the TCRs whilst rotating them from within the pool of candidate TCRs.

     

    The line "The possibility of having signing at the same time....." is confusing to me. As I understand the Key Signing Ceremony, any such ceremony requires travel by some of 7 Crypto Officers to one of two facilities in the US. I don't think there are simultaneous actions happening at both facilities at the same time. I'll appreciate any clarification on this.

     

     

    1. Salanieta Tamanikaiwaimaro

      Thanks Dev. ICANN Staff will wait for a bit before they open the call on the statement and will make some adjustments. Many thanks for taking the time to review and contribute. I will accept the changes to the first paragraph on Q.2 but not with what you crossed out as it is a direct contribution from one of the stakeholders and it is simply to hammer the point.

      I will not use "However"  but will accept the other changes you made by elaborating on which pool. 

       

  10. Dev Anand Teelucksingh

    Suggested change to the answer in Q4. New words in red, strikethrough in words should be removed.

    4.     There is no standard provision to refresh the list of TCRs except when they are replaced due to inability to effectively perform their function. Should there be a process to renew the pool of TCRs, such as using term limits or another rotation mechanism?

     

    There are two views on this matter. The first view is that the existing pool and their indefinite terms are sufficient and that the 21 TCRs are more than enough to meet possible contingencies that may arise. That there is no need for process to renew the pool neither of TCRs nor to use term limits or introduce a rotation mechanism.

     

    The other view is that there is a need for term limits. as the original TCR mechanism is silent on the term. Rotation would protect against potential capture. The world currently has an estimated population of 2.6 billion internet users. Given the said population of internet users, there would be a fraction of this that would constitute persons who have the technical proficiency to carry out the functions of a TCR from around the world. There is bound to be a sufficient pool of candidates that meet the prerequisites of a TCR. As such, it is possible to draw a larger reserve where persons of character, integrity who also possess all the pertinent skills are selected to facilitate the tasks of a TCR.  

    Given the Internet reaches an estimated 2.6 billion users all over the world, there should be enough candidates able to meet the criteria of being a TCR. Also, the number of candidate or backup TCRs can also be increased.

    Regardless, where there is an assumption of indefinite service as a TCR, there should be a constant requirement to disclose any and all potential conflicts of interest to disable the risk of “capture” by any stakeholder or interest.

    1. Salanieta Tamanikaiwaimaro

      Comments from Aida Noblia via Email on February 12

      Dear Dev and All_

      The proportion of the world population and the number of TCR is not
      relevant for the purposes of these ceremonies. This ratio is determined by
      the specific needs of the ceremony, not proportion the world population.

      There are four times in the year they are made ceremonies. To them is
      determined by technical rules attending 6 or 8 people out of 21 that are
      available. Increased availability does not mean most people in the
      ceremonies. The question is not about how many people attend the ceremonies
      but many are available for selection.

      Kind Regards
      Aída


      Disclaimer: are only two times a year the ceremonies. There are two
      ceremonies at a time, in total there are four ceremonies a year.

      Aída

      Hola a todos:

      Al comentario de Dev: en la wiki:

      La línea "La posibilidad de contar con la firma al mismo tiempo ....." es
      confuso para mí. Según tengo entendido la ceremonia de firma clave,
      cualquier acto requiere viajar por algunos de 7 Oficiales Crypto a una de
      las dos instalaciones en los EE.UU.. Creo que no hay acciones simultáneas
      que ocurren en ambas instalaciones al mismo tiempo. Voy a apreciar
      cualquier aclaración al respecto.

      Dev y todos: respecto al pedido de aclaración que Ud hizo  sobre que se
      hacen dos ceremonias por vez:

      El documento "Review of Trusted Community Representation in Root Zone
      DNSSEC Key Signing Ceremonies" dice en uno de sus párrafos  Pego abajo los
      textos y en negrita lo que copie textual.


      "De los 21 TCR , siete tienen las credenciales como "oficiales " cripto
      (COS) *para cada uno de los dos instalaciones*, y los siete restantes
      actúan como "accionistas clave de recuperación " que sólo participar en las
      ceremonias en el caso de que el número requerido de las OP no pueden
      participar o existe la necesidad de reconstruir el KSK después de un evento
      imprevisto. *De los siete* objetores de conciencia *para cada instalación*,
      ICANN espera tener *cuatro asisten cada ceremonia* ."


      En otro de los documentos de IANA, está más detallado y dice que ambas
      ceremonias serán en dos diferentes lugares de un mismo país, al que
      menciona, y aclara que una en la zona Este y otra en la zona Oeste. Estoy
      buscando en cuál de los documentos leí esto. Es en el referido
      específicamente a las ceremonias de la KSK. No recuerdo si es un txt..
       refieren a normas técnicas de seguridad informática.


      "Of the 21 TCRs, seven are credentialed as "crypto officers" (COs)* for
      each of the two*

      *facilities*, and the remaining seven act as "recovery key shareholders"
      who only

      participate in ceremonies in the event the requisite number of COs are
      unable to

      participate or there is a need to rebuild the KSK following an unforeseen
      event. Of

      the seven COs for each facility, ICANN aims to have *four attend each
      ceremony.*."



      In other documents IANA, is more detailed and it says both ceremonies will
      be in two different places in the same country, which mentions and
      clarifies that in the east and another in the west. I am looking at which
      of the documents I read this. It is specifically referred to in the
      ceremonies of the KSK. I do not remember if it's a txt .. refer to
      technical standards of information security.


      Saludos a todos


      Aída

      "

      Email from Dev Anand Teelucksingh via email February 12

      Thanks Aida for your attention to this.

      I've been reading the document titled
      "DNSSEC Root Zone High Level Technical Architecture" at
      http://www.root-dnssec.org/wp-content/uploads/2010/06/draft-icann-dnssec-arch-v1dot4.pdf

      pages 8 to 10 talks about the Key Signing Key (KSK) Ceremonies.

      Some excerpts:

      "The ceremonies will alternate between mirror sites to exercise their
      operational readiness in case of emergency.....

      ....Once a new KSK is generated during a key generation ceremony, it is
      backed up in
      encrypted form on a smart card and distributed to the mirror site for
      import and storage.
      The key ceremony is inclusive of these events and is not deemed complete
      until they
      have all been performed. Key signing ceremonies (during which the contents
      of the KSR are signed) are
      more frequent than KSK generation ceremonies and, though they alternate
      between sites,
      a given signing ceremony does not involve the corresponding mirror site."

      "The KSKs for the DNSSEC root zone system will be maintained at two offline
      sites
      each mirroring the other in functionality. To meet DoC requirements, the
      two sites
      maintaining the private half of the KSKs will be geographically dispersed
      and within the
      United States: one in Los Angeles, California (near ICANN headquarters) and
      the other
      outside the metropolitan Washington, D.C. area"


      Therefore, this document indicates that the two facilities are NOT used at
      the same time for any ceremony, but rather alternates between the two
      venues.

      Kind Regards,

      Dev Anand

      Email from Aida Noblia on February 12

      Thanks Dev for direction and clarification. That's where I read it.
      Actually I never thought I will use the facilities for any kind of
      ceremonies independent of each other, but there is as two complementary
      parts are related. I think that says mirror for a ceremony. I'm not a
      computer technician.
      This topic is highly regulated by technical standards and Verisign company
      offering computer security.

       Regarding the TCR think it is important to note that the amount is
      sufficient to meet the requirements and that of 21 selected 6 or 8. If a
      ceremony without the other as you mention can be done with more reason is
      that I do not need more than 21 TCR.

      Greetings to all

  11. Salanieta Tamanikaiwaimaro

    Thank you Dev for these edits. I like the revised version with the population and ratio. I will also see what Aida's comments were but for the most part we should be good to wrap this up soon.

  12. Salanieta Tamanikaiwaimaro

    Editor's Notes

    This is the revised version following comments from Dev and Aida. The Community is invited to see if there is consensus on the draft as it stands now. We have a very minute window for adjustments before this goes to the ALAC. 

     

    Further Revised Draft ALAC Statement on Review of TCR Mechanism dated 12th February, 2014

    Background

    The Affirmation of Commitment describes the Internet as a transformative technology that empowers people around the globe, spurs innovation, facilitates trade and commerce, and enables the free and unfettered flow of information[1]. One of the elements of the Internet's success is a highly decentralized network that enables and encourages decision-making at a local level. Notwithstanding this decentralization, global technical coordination of the Internet's underlying infrastructure - the Domain Name System[2] (DNS) - is required to ensure interoperability[3].

    DNS Security Extensions[4] (DNSSEC) is a protocol that is currently being deployed to secure the Domain Name System (DNS), the Internet’s global phone book. DNSSEC adds security to the DNS by incorporating public key cryptography into the DNS hierarchy, resulting in a single, open, global Public Key Infrastructure (PKI) for domain names.

    In DNSSEC a secure response to a query is one which is cryptographically signed and validated. An individual signature is validated by following a chain of signatures to a key which is trusted for some extra-protocol reason. ICANN, as IANA Functions Operator, is responsible for the publication of trust anchors[5] for the root zone of the Domain Name System.

    Since July 2010, the DNS Root Zone has been secured using DNSSEC. The model of using DNSSEC in the DNS Root Zone revolves around a "key signing key" (KSK) that is managed by ICANN in two secure facilities. Four times a year, a ceremony is conducted at these facilities to perform operations involving the KSK. As a key part of this process, a minimum of three from a pool of 21 trusted community representatives (TCRs) attend each ceremony to enable access to the secure materials, to witness the procedure, and to attest that the ceremony was conducted properly.

    Introduction

    The At Large Community recognizes the role and significance that the DNS plays in ensuring interoperability. We recognize the importance of DNSSEC in the security, stability and resiliency of the Internet in the root zone and the subsequent deployment in DNS Infrastructure. Noting that at the time this statement was written there were 427 TLDs in the root zone of which 235 are signed and that 229 have trust anchors published in the DS records in the root zone whilst 4 TLDs have trust anchors published in the ISC DLV Repository, we hope that in time more TLDs will move towards having trust anchors published.

     The Root Zone Key Signing Ceremony points to one of ICANN’s important functions of preserving accountability and transparency in the manner in which it conducts its DNSSEC Key Signing Ceremonies.

    We recognize the unique combination the key-signing and TCRs make of broad participation, transparency and accountability in order to serve the central function of preserving and enhancing the stability, security and resilience of the DNS, thus engendering widespread trust.

    We would like to congratulate all the stakeholders involved in the KSK management process on the services since the first KSK signing ceremony till to date. We welcome the opportunity to contribute to the Review of Trusted Community Representation in Root Zone DNSSEC Key Signing Ceremonies. Following consultations with the At Large community along the questions that was raised, we found that on some issues there was divergence of views and we have captured both views.

     

     1.     Is the current TCR model effectively performing its function of ensuring trust

             in the KSK management process?

    The current Trusted Community Representative (TCR) model has been effectively performing its functions of ensuring trust in the KSK management process; however, we make the following observations.

    The Abbreviation Draft of the Key Signing Ceremony Annotated Scripts, which provides a permanent trusted record of the Ceremony, does not include a definition for "EW" when these appear to be sometimes the largest number of category of people at the Ceremony. The Key Signing Ceremony Annotated Scripts do not clearly state whether there are no other participants (including Camera person) present apart from those listed.

     

     2.      Is the current size of the TCR pool appropriate to ensure sufficient

              participation in the ceremonies, while not overburdening the availability of

              specific volunteers?

     

    There are two different views on this. The first view is that the current size of the TCR pool is sufficient. The second view is that the current size needs to be expanded to cater for unforeseen circumstances (includes but is not limited to terrorist attacks, flight disruptions, state of emergency, civil war, etc) that could render a majority of the 21 TCRs unable to attend to their responsibilities. The possibility of having signing at the same time in either the same country or different countries or frequency of signing could also exhaust reserves leading to overburdening these volunteers. There might be some merit in expanding the pool and retaining the TCRs whilst rotating them from within the pool of candidate TCRs.

     

     

     3.     Should there be a minimum level of participation required of a TCR in order

            to be considered to be successfully discharging their duties?

     

    The community believes that TCRs should meet the existing criteria merited of what would comprise a responsible TCR. TCRs should actively engage by writing reports which are made public. Minimum participation should include, attendance, engagement, carrying out responsibilities, writing full and thorough reports and listing concerns if any.

     

     4.     There is no standard provision to refresh the list of TCRs except when they

             are replaced due to inability to effectively perform their function. Should

             there be a process to renew the pool of TCRs, such as using term limits or

             another rotation mechanism?

     

     There are two views on this matter. The first view is that the existing pool and their indefinite terms are sufficient and that the 21 TCRs are more than enough to meet possible contingencies that may arise. That there is no need for process to renew the pool neither of TCRs nor to use term limits or introduce a rotation mechanism.

     

    The other view is that there is a need for term limits as the original TCR mechanism is silent on the term. Given the Internet reaches an estimated 2.6 billion users all over the world, there should be enough candidates able to meet the criteria of being a TCR. The number of candidate or backup TCRs can also be increased. Regardless, where there is an assumption of indefinite service as a TCR, there should be a constant requirement to disclose any and all potential conflicts of interest to disable the risk of “capture” by any stakeholder or interest.  

     

     5.     The current model does not compensate TCRs for their services in order to

             ensure their independence from ICANN.

                     a.    Should the model of TCRs paying the costs of their participation be retained?

                     b.   Would some form of compensation to offset the expenses incurred by the TCRs detract from their independence in performing the role?

     c.     If you support compensating TCRs for their expenses, are there requirements or limitations on whom the funding organization should be?

     

     There are two divergent views in relation to this. The first view holds that the current model where TCRs pay the costs should be retained. TCRs should be cost-neutral for those not supported by firms or other entities should suffice.  To create another source of travel funds for TCRs is poor and unwarranted.

     The second view acknowledges the financial burden placed on TCRs. Although TCRs are volunteers, a system should be set in place that guarantees independence yet allows them to carry out their duty. A fund should be managed externally that is independent that can cater for the expenses of the TCRs.There should be limitations on those who can contribute to this fund. Any funds or gifts being awarded to the TCR should be promptly and formally disclosed through appropriate avenues. One of the suggestions for possible funding model is where ICANN sets up the fund as in the case of the Office of the Independent Objector (IO) where ICANN does not interfere with the decisions of the (IO).

    Ends

     

     

     

     

     

     

  13. Salanieta Tamanikaiwaimaro

    The Statement has just been put to the ALAC for voting and the poll was open minutes ago.  Please note that the poll will be open from 11-Feb-2014 23:59 UTC to 17-Feb-2014 23:59 UTC.

    Many thanks to all those that contributed. Acknowledgements and Gratitude to the following persons:

     

    1. Alejandro Pisanty - LACRALO
    2. Fatima Cambronero - LACRALO
    3. Aida Noblia - LACRALO
    4. Dev Anand Teelucksingh- LACRALO
    5. McTim - NARALO
    6. Olivier Crepin-Leblond - EURALO

    Noting that all these people except for Fatima made comments and contributions in the personal capacity unless otherwise expressed on the wiki.

     

     

    Best Wishes,

     

    Salanieta Tamanikaiwaimaro

     

    (Pen Holder from APRALO)


  14. Salanieta Tamanikaiwaimaro

    For those who missed it, the ALAC voted 12 in favour of the Final Draft Statement. There were no abstentions and no negative votes. This is now closed. Thank you to all who participated in the process through either sharing the information to your ALSes, or soliciting input within the ALSes and RALOs. Many thanks. Finally, thank you to the ALAC for the final outcome. Thank you Staff for facilitating the process. This matter is now officially concluded.