Page History

1. Fix the broken links in the Final Implementation Report and ensure that relevant references have links (if it’s noted in the report as relevant to implementation, please make sure there’s a link to information about it).
2. Put all the documentation/information (links) for each Recommendation together in one place. Some are linked in the Final Implementation Report, some are listed under “Background Materials” in our wiki and others…. ?
3. In each Recommendation, provide completion dates for each listed “deliverable” that has a check-mark under “due date” instead of an actual date

See completed action item 104 for progress notes regarding related previous request.

ICANN SSR subgroup exploring potential face-to-face meeting in LA:

• Complete Doodle poll of potential dates.
• Subteam to seek approval from Review Team for subteam face-to-face meeting.

• Doodle poll closed. Email circulated identifying 9-10 October as most popular dates.
• Staff requested via email additional information regarding meeting objectives/ desired outcomes.

Circulate outline of detailed work items and proposed next steps after face-to-face meeting.

Žarko, Boban

Outline in writing a request to meet with ICANN staff responsible for Information Security Management, Auditing, Risk Management and Business Continuity Management. Request to include details of expected goals and outcomes of the meeting.

Team to provide feedback on the structure of the 9 work items, including identifying items which staff may be able to provide more information or help build out.

Provide responses to questions on SSR1 briefing: Recommendations 11, 12.

Recommendation 11:

1.     What was happening in the 5 years between when the recommendation was approved by the Board and when a draft consultant report was posted in April 2017?

2.    On the status and deliverables of Rec 11 it says that ICANN has implemented measures of success for the gTLDs, but we haven’t seen how you’ve implemented measures of success for new gTLDs and IDNs. That’s the first check mark, but what we’ve been provided with is a draft report of some ideas that you could do. How is that considered full implementation of this recommendation?

3.     Do you think it is ICANN staff’s responsibility to gather, analyze and publish this data or do you feel that it’s ICANN’s responsibility to facilitate others to do that?

4.     In a commercialized world of DNS service provision where data is considered to be a corporate asset, do you feel that either ICANN or the community at large have access to meaningful metrics? I cite the barriers that exist on information on root servers. Is this a barrier to the entire objective, that access to data appears to be challenging?

5.     The SSR1 review team called out a number of activities that were operational and within staff’s purview and contained in the SSR framework and called for implementation of measurements and metrics.  Was that work done and is it captured anywhere? To clarify, as part of the SSR1 report related to rec 11, the SSR1 review team noted ICANN administration of the new gTLD Program, IDN program, significant SSR related issues that are in the framework. They called for more specific goals, measurements and impact assessment. Was that work done and is it captured somewhere else?

6.     Is there more information on the steps that ICANN has taken in the past five years to facilitate data access and activities that involved other entities that had ownership or responsibilities on related activities?

7.     Broadly, in looking at the dashboard for rec 11 and all the checkmarks including operational items, it’s really unclear how staff defined and measured success related to SSR. It’s hard to see how the basic sprit of this recommendation was implementation, especially with an idea paper from a consultant. But in terms of the last 5 years and what staff did to implement, it’s unclear. Can you gather more information and provide more clarity and facts?

Recommendation 12:  

8.With regards to establishing best practices and integrating these into agreements to which ICANN enters: It’s linked to a paper that raises a whole host of issues and addresses proposed activities but it’s unclear how that then relates to integrating those into agreements into which ICANN has entered over the past 5 years. Can you provide more specific information on how best practices are reflected in agreements that ICANN has entered into?

9.  ‘Addressing SSR practices in MOUs’ links to a page that holds all of the MOUs. Can you provide some quantification of SSR-related practices in MOUs and more information on which ones contain SSR-related practices, which practices they contain, and how all that’s tracked or the implementation is assessed?

10.  Is there any quantification or more detailed information on what the working relationship with the APWG has yielded?

11. Which sections of the revised new gTLD registry agreement does OCTO staff feel advance SSR best practices and objectives?

12. What has changed after the implementation of Rec#12 as compared with the past?

1. In progress

2. In progress

3. Question answered during the call. See meeting record.

4. Geoff Huston (asker) clarified that he feels this is a question for the review team to answer, not ICANN Org.

5. Clarity requested via email. Awaiting input from Denise.

6. Clarity requested via email. Awaiting input from Denise.

7. In progress

8. In progress

9. Clarity requested via email. Awaiting input from Denise.

10. Question answered via email.

12. Question answered during the call. See meeting record.

• Briefing tentatively scheduled for 19 September 2017.
• Briefing confirmed for 25 June 2017. Postponed per Co-Chairs.

• Briefing scheduled for 5 September 2017.
• Briefing confirmed for 25 July 2017. Postponed per Co-Chairs
• Briefing confirmed for 26 June 2017. Postponed per Co-Chairs.

13 June 2017

• 68. b. Follow-up via email: Please provide a written explanation as to how the original question was felt to be objectionable.
  
  
• 68. a. ICANN DNS Engineering team to reframe the following question and provide an answer (Q3 from SSR2 Plenary 14, 6 June GSE presentation) so as to better align with the RT mandate: Regarding L-root operations and hosting: What is the planning process vs. passive response? Is there a master plan for anyone who operates, in terms of Anycast? And how is that overall process implemented? (GH) 

• 68. a. Question reframe response circulated via email 11 July 2017.
• 68. a. ICANN DNS Engineering team provided proposed reframe of the question: "What measures are undertaken by ICANN for the anycast deployment for L-Root to ensure physical and network security and stability?"

68.a. 11 July 2017

11

14 May 2017

• 43. b. Follow-up via email: Could you please clarify when ITHI will start regularly publishing (or giving the public access to) data? It seems that the “schedule” below is about discussions rather than production, or am I misunderstanding?

• 43. a. Provide the SSR2 RT a timeline of the ITHI project, when they have clarity on next steps and schedules.

• 43. a. Email circulated to Review Team 26 June 2017.

43. a. 26 June 2017

The ICANN security team (now OCTO/SSR) developed a framework that provided a definition for "security".  The SSR2 team used that definition. The Board response to the Terms of Reference expressed that this definition is too broad for the Review Team’s use. Is Board asking staff to redefine definition of “security”?

Provide responses to questions from SSR1 briefings (Ops + Finance)

1. To what extent do you work with the relevant standards bodies (UNICODE and the IETF) over the issues with the use of IDNs and longer label TLDs?
2. There are many challenges in IDN WHOIS lookups.  How do we get an accurate IDN WHOIS database for the Incident Handling process?
   

3. How is the expansion of the name space with more gTLDs contributing to the security and stability of the Internet?

4. What metric is being used to ensure a "healthy" DNS marketplace?

5. How does ICANN proactively make sure to implement policy (eg. New gTLD Program expansion) in a secure and stable manner?

6. New gTLD contract has a lot on New gTLDs to make sure they are secure and stable. To clarify, the main means you see to do that in implementation is through contracts, vs.  that as an aspect? Is that the primary means for ICANN to push the SSR remit?

7. Can GDD comment on the failures of both SLAM and EBERO where they apply to RSP failure scenarios, also implementation of EBERO testing took 3 years from implementation of the first new gTLD delegation, no security review of the EBERO’s has ever taken place, what is the justification for that?

8. Can Francisco to brief us on both systems (EBERO and SLAM) from an SSR2 perspective (Rather than the SSR1 implementation perspective)?

9. I’m also looking for not how much departments are spending but how much their spending on EBERO.

10. Who will be the contracting entity for future SOC2/3 audits of PTI?
    

ICANN Org

1. In progress

2. In progress

3. In progress

8. In progress

9. In progress

4. Question answered during the meeting. See meeting record.

5. Question answered during the meeting. See meeting record.

6. Question answered during the meeting. See meeting record.

7. Question answered during the meeting. See meeting record.

10. Question answered via email.

11. Question answered via email

75, b. Provide responses to draft questions for ICANN Chief Innovation & Information Officer (CIO).

75. a. Prepare draft questions for ICANN Chief Innovation & Information Officer (CIO). Questions will be sent to the CIO in preparation for holding a briefing for the RT.

75.b. ICANN Org

75. a. SSR2-RT

75. b.

75. a. 25 July 2017

• 75.a. Questions sent to ICANN CIO.

75. a. 25 July 2017

• Staff seeking clarification via email as to the style as it differs from the template outline agreed on 25 July plenary.
• Work plan circulated via email by Co-Chairs.
  
  

11

Draft note and summary of SSR1 implementation for ICANN to send to SSR1 team members and invite them to share their assessment with the SSR2-RT.

11

14 May 2017

Review non-disclosure form with ICANN Legal and report back to RT on any updates or edits to the circulated form.

James Gannon, Kerry-Ann Barrett

11

14 May 2017

Research collaborative tools the RT may use that can be publicly archived.

Email request from James Gannon & PDF attachment

• ICANN IT researched requested tools and provided response to James Gannon and Co-Chairs.
• Face-to-face meeting with ICANN IT, MSSI support staff and James Gannon in Johannesburg, June 24.
• Tools demonstration scheduled for SSR2 plenary meeting 18, with ICANN and MSSI support staff.

Briefing scheduled for 15 August 2017. Background information provided via email 14 August 2017.