Cheryl Langdon-Orr: Fantastic. Okay, Patrick. ICANN Security and Stability resumes the activities briefing for the At-Large community and anyone else who cares to drop in over the next 55 or so minutes. Over to you. Welcome, Patrick.
Patrick Jones: Well, thank you. Thanks Cheryl, and to the At-Large, I’m happy to spend some time, and I’m hopefully going to be able to answer your questions and talk on the fly, so this is intended to be an opportunity to talk about the FY11 Security, Stability, and Resiliency plan, answer questions from the community, and hopefully provide some direction where if I don’t have an immediate answer, Heidi or Mattias is going to be taking down questions or capturing the feedback, so that if I can’t answer something directly, I will be able to track the answer down.
Heidi Ullrich: Mattias will be doing that.
Patrick Jones: Great. So security and stability and resiliency fall within the core areas of ICANN’s commission, and I pulled a quote from the strategic plan, and it says one of the most important priorities for the ICANN communities and internet users which is of use to At-Large, the SSR plan, which I’ll refer to it from now on, was first published last year, and I think that Greg Rattray did a briefing for this group, but what I’m trying to do is continue to provide more regular updates and feedback and responsiveness to this group. So if you’ve got questions at any time I can come back, I’m happy to do so. So I’m doing a briefing in Cartagena, so if you want conditional time on specifics related to internet security, stability, and resiliency, I’m happy to spend some time with you there.
So as I mentioned, this is a key operational priority for ICANN, it falls under preserving and enhancing the operational stability, reliability, security, and global operability of the internet. Out of the strategic plan, as a team, the security group has taken the sections related to security, and delved much into greater detail, and developed a SSR plan, and as I mentioned, this fits under one of the four core pillars, from the strategic plan that starts from a strategic objective point of view 100% DNS uptime, lower DNS abuse, promote more secure top level domain operations, and work toward improving the DNS resilience to attacks.
This has gone down into some community work, such as the implementation of DNSsec, (inaudible 0:03:28) this past year. There’s continuing work around the internationalization of whois, and measures to address registration abuse. As a team, we’ve promoted some strategic projects, DNSsec being one of the most successful, establishing a DNS-Cert has received quite a bit of getting feedback, and now is part of a Working Group that I understand is At-Large representatives participating.
Cheryl Langdon-Orr: Actually, we’re a co-charter, as part of the cross community AC and SO, so yes.
Heidi Ullrich: Cheryl, can I just interrupt, just for clarity of sound?
Cheryl Langdon-Orr: Mm-hmm.
Heidi Ullrich: Are you on speaker phone?
Cheryl Langdon-Orr: Who? Who are you asking, Heidi?
Heidi Ullrich: Patrick.
Patrick Jones: No, I’m not on a speaker phone. Unfortunately, I’m on a mobile, and I know that’s difficult. I’ll try to speak directly into the – is this a little better?
Heidi Ullrich: Darlene? Is that a little better?
Darlene: Yes, it is. Thank you very much.
Patrick Jones: Okay, I’ll try to talk a little louder, too. So from these strategic projects, ICANN published a strategic initiatives paper last year, that went into greater detail around the DNS-Cert concept, and also in contingency planning and exercises. We recognize that work is still undergoing, so I just wanted to start from a baseline, and then describe in greater detail the SSR plan. So this has become the baseline document for describing ICANN’s role in this space. The original one was published last year. The Board accepted that document at the ICANN meeting in Sydney in June, 2009, and it goes into depth of ICANN’s operational activity, program objectives, milestones, and resourcing.
I printed the two biggest success items, the implementation of DNSsec and the launch of IDNccTLDs through the fast track, but probably something that has received less notice has been the overall maturing of our core security personnel, meeting security planning. ICANN’s published a meeting security document for Cartagena, also for the first time, we’ve published an overall meeting security plan. And that’s available for anyone to see. I think it’s linked off the Cartagena meeting site right now.
So we’ve done an update to the SSR plan, it was originally published on September 13, we’ve added the translations in French and Spanish and Russian and I believe the Chinese will be added shortly, as well, and then extended the comment period out to provide more time for the community to provide feedback. The major improvements to this version are just greater detail around what our security team program areas are, an update to the DNSsec implementation, description of various policy updates, among all of the ICANN policy Working Groups, and then in addition, description of our global security engagement and capacity building activities and training programs.
I can stop here and take some questions, or keep going.
Cheryl Langdon-Orr: Well, let’s see if we’ve got any questions at the moment. If you’re in the Adobe connect room, your usual waving of hand, if you’re not in the Adobe connect room, just make yourself known. Any questions for Patrick? Nothing at this stage, Patrick, go ahead.
Patrick Jones: So, I know the document is quite detailed. I’m hoping that the addition of translations, both on last year’s initial document as well as this year will help the greater community get a sense of the operational activities that not just ICANN staff, but the community as a whole is undertaking in the SSR area. The document, I think, is pretty helpful, because it describes what ICANN’s role is and is not in this space. We start from the premise that ICANN has to act in accordance with its by-laws, but I think it’s also helpful to lay out clearly where ICANN does not have a role, so we say, the document states that ICANN does not have a role in the use of the internet related to cyber-espionage or cyber-war, and ICANN does not have a role in determining what constitutes illicit content on the internet.
I think it’s useful in showing that a significant portion of ICANN’s role is to participate in activities with the broader internet community, these include combating of use of unique identifier systems, but it’s also more of a collaborative and facilitating role, rather than a leading role.
Cheryl Langdon-Orr: Patrick, in the chat space, there was a question raised by Siva. You might want to deal with that at this stage, or come back to it later when you look into DNSsec if you’re taking a deeper dive to that.
Patrick Jones: So I’ll take a note of that and then come back. And I’ll come up on DNSsec shortly.
Cheryl Langdon-Orr: Thank you.
Patrick Jones: So I think the document’s useful because it shows broadly where ICANN has made a commitment to the community in DNS security. One of the most successful initiatives has been in the response to the conflicker, dot net in the last year and a half. We’ve also conducted the first two global symposiums on DNS security, stability, and resiliency, and we’ve made the after meeting reports public, on the security team website. This document and its followup document are also very useful, but we’ve also been conducting continuity exercises over the last three years, and just published a request for proposals for a DNS operations at Lroot exercise consultant. Someone who can assist our DNS operations team and myself sometime next year, probably, in the January to March time range, and hopefully we’ll be able to do the exercise and then report to the community at the San Francisco meeting in March.
And then implementation of DNSsec, can answer Siva’s question. We’re starting with implementing DNSsec in the root zone, so encouraging registry operators, both ccTLD and gTLD registries to implement DNSsec. Probably over the last few months we’ve seen an increase in the ccTLD space registries implementing DNSsec, and I think over the next six to nine months we’ll be seeing a greater number of the generic registries as well. Net is due to implement DNSsec later this year, and com is waiting for mid to late 2011, which should start to rapidly increase the use of DNSsec, once registrars begin to offer it and make it available to end users in a way that is user friendly.
I think there’s still a lot of work in that area, and it’s one that not just our team but ICANN as a whole is working with the community to promote the introduction and use of DNSsec. And if that didn’t answer your question, then I’ll take that back to those who are more expert on that.
Cheryl Langdon-Orr: Thanks, Patrick.
Patrick Jones: Okay, so continuing with our commitment to DNS security, as a team we’re supporting the IDN fast track. I’m involved in string evaluation, and working with – we have a DNS stability panel looking at the strings that are requested through the fast track process to ensure that they either meet the requirements for the fast track, or aren’t going to lead to some confusion in the space. And then we updated our SSR plan, that’s the purpose of this call, and then ICANN’s also recently posted a page on the website about its internal computer internet response team, this is the team of staff to help deal with internal computer emergencies, but also it’s part of ICANN joining the forum for incident response teams. Then we’ve also been participating in cyber exercises including two over the last month. Does anybody have a supplementary question coming up, or should I wait for that when you’re ready?
Cheryl Langdon-Orr: Let’s poll for just a minute. Any questions at this stage? Siva did notice up on entry, but not at this stage. Okay, thanks. Patrick?
Patrick Jones: So one area that has been updated in this document from the previous version, and what I tried to do was if there’s any substantial changes in text in the document, it’s in italics. I’m not sure – I haven’t actually looked to see if that difference was picked up in the translations, but in the English version, new text is in italics. This would include a description of our team program areas. We’ve divided those up amongst our group, so you’re a retailer handling global security outreach, just includes engagement and awareness with the community. John Crane is leading up our DNS security collaboration and capacity building initiatives, so we’ve recently done training and partnership with ISOC, and with AFTLD in Mali.
That happened a few weeks ago, and then there’s another training session coming up the first week of November in Jordan, with APTLD and as part of the meeting there. Jeff Vickers is responsible for meeting security, our corporate information security, and fiscal personnel security programs, and then I’m working on the whois continuity, our exercises involving that with Diana and other functions to break away test them, reach out to gTLD registries and registrars on our continuity efforts, and then we have a catch all area that includes cross departmental support. You’ll recognize Dave Picsotello for his long participation in ICANN, and his work with the DNSsec.
So under global security outreach, this area includes work on the symposium with ICANN sponsored workshops, we’re doing more with ENISA, which is the European Network and Security Agency, participation at advanced internet governance forum, and infirst. Under DNS security collaboration, this includes work around measurement and health. General risk assessment, and contingency collaboration, and then partnerships, which we have some with DNSOR, ISOC, and rans Moscow State University.
Under capacity building, the pass over here is ICANN’s work with ISOC and NSRC, which is for a packing contingency response training program. We’ve also done a registry operations curriculum, and something new, and I think there will be more information coming out about this, but designating some of the fellows who have expressed an interest in security as security fellows, and then our team will be doing more work with them, and encouraging them to go to different sessions at ICANN meetings that relate specifically to security.
Hopefully there will be some information coming out about that, so that the rest of the community is informed about this effort. And that’s pretty much covered corporate security, continuity, and cross departmental activities. This is just a sampling of what we include in this area, so it’s assisting with the policy development team, new gTLD process, IDNs, DNSsec implementation, I’ve been involved in the key ceremony and we have another one coming up, and it’s public. So November 1st will be the next key ceremony in Culpepper, Virginia, with one to follow in February in the Los Angeles area.
So this next couple of slides describes the attention to security, stability, and resiliency in the new gTLD process. If you have specific questions about the new gTLD program, I can try to answer them, but understand this is still a work in progress. There isn’t a final applicant guidebook that’s been published yet, so some of these things may change between now and the publication of documents for Cartagena. But the current discussion has been around evaluation criteria, best practices for registries, inclusion of registry transition processes, work to mitigate malicious conduct in the new gTLD program, and then on the technical side, updates to the (inaudible 0:19:26) specifications. Ensuring that there are pre-delegation checks, and then after a new top level domain is delegated that there be continued monitoring of root zone for impacts.
On malicious conduct, there is a further detail around the work that has gone in, in the applicant guidebook, including vetting of registry operators. Ensuring that applicants have demonstrated compliance for DNSsec appointment, and include prohibitions for synthesized domains, or wild cards, and then processes for the removal of (inaudible 0:20:07) records, requirement for fixed whois records, centralized zone file access, where there’s still, I believe, a Working Group and work underway. But also there’s language for documenting of abuse contacts, and procedures for registries to handle abuse complaints. That should be an area of interest for the At-Large community, just making sure that new registries post somewhere public, easily accessible their contacts for abuse, and that people who are interested and have complaints have a way to reach out to those registries.
And then finally, the last two items, the expedited registry security request process is in place, and it’s available for registries today to use if they need – specifically this came out of the work related to conflicker, so that the existing registries could request release in order to take action against names that were subject to the botnet.
And the high security zone verification program is one where there’s been some work recently published for comment. This is a program to offer a verification for registries that want to be more secure, and provide greater security. Is there any other questions on this so far?
Cheryl Langdon-Orr: People will need to raise their hands in the Adobe room, as Heidi has noted, all the lines except Patrick’s and mine are muted at the moment. So if you raise your hand, we will un-mute your line.
Patrick Jones: So for the team, upcoming, we’re going to be doing a consultation in Cartagena on security, stability, and resiliency. We are, as a team, supportive of the community discussion that’s underway within the joint security and stability analysis Working Group. I know I’m available and Yuri Ito is also available as staff inputs, but we want to facilitate the community discussion around DNS-Cert and other areas of internet security which better can be discussed in this Working Group.
The other major activity that’s underway now is the affirmation review team on security, stability, and resiliency. The Review Team members were published on the ICANN website, I don’t think I have a slide on that, but I can talk about that if anyone’s interested. In addition, we’ve recently participated in a large cyber exercise, there’s another one coming up next month, and we’ll be continuing to participate in these. It’s useful both for the community and it’s useful for ICANN to be engaged in this way. Then we are continuing to work with root operators on root scaling, the IPv6 introduction, and IPv4 run out. There’s a really good blog post today from IANA on the IPv4 run out, so I encourage anyone who is interested to check that out.
Apologies for the noise in the background, and yeah.
Cheryl Langdon-Orr: Patrick, there’s a fairly extensive question in the chat space. Rather than just have it silently read, I think for the recording and transcript it would be worthwhile having that read to the record. Do you want to give yourself a moment to read through that, or would you like to read it to the record, or how would you like to manage that question?
Patrick Jones: If there’s a way that lengthy questions like this can be extracted out and then sent to me then --
Cheryl Langdon-Orr: You’d prefer to take those on notice? Okay. We can do that. We’ll extract it out of the chat, in fact, the whole of the chat will be distributed to all parties of interest and be part of the record of this call. So Heidi will make sure that comes across to you. Any other questions at this point? Okay. Back to you.
Patrick Jones: So we’re – I’m now at the IDN variance, IDN table activities. We’re coming up on the first anniversary of the IDN fast track. And the process that was approved was that this would be reviewed on an annual basis, and I’m not talking about a full blown review as in some of the community and committee reviews, but we will be publishing a list of observations and then opening up for comment for other observations from the community. Two of the areas were we, as staff, see there is work to be done around IDN variance and then also on tables. So there will be more information made available shortly on that. I’ve already mentioned that we’ve published the RFP for a contingency exercise consultant on DNS operations and (inaudible 0:26:11).
I’m at the end of the slides, but I want to go back, because this document I think is useful, not just for staff , because it lays out a baseline of what we’re going to do, and then it something that we can measure ourselves against – how we’ve done against the programs and initiatives that we said we would do in the fiscal year, but it’s also important for the community, that they see that we’re taking time to boil down from the strategic plan and provide more detail from the operating plan in one of the core areas that ICANN is involved in. I think it’s useful, also, to show where the different functions within ICANN staff, and how those functions relate to security, stability, and resiliency.
They have in the document a description of what IANA staff are doing, what DNS operations staff are doing, what the services and compliance staff are doing, policy, global partnerships, communications, security group, and then the committees, and I think it’s useful, because it shows how all of the different intermoving parts of the organization and the community play a role in DNS security.
Let me stop there for a second.
I know I went through the slides that I provided fairly quickly, but I wanted to be sure that I provided more opportunity for the group to talk generally about security, maybe tell me what some of the areas we should be paying attention to that aren’t listed. When I provide this as a time for this group to talk.
Cheryl Langdon-Orr: Okay. Well, thanks for that, Patrick. Heidi, it might be appropriate to perhaps un-mute lines now, and see if we can encourage some dialogue. Is anyone in the Adobe connect room got a particular question, first of all addressed to the specifics of what Patrick introduced to us in this call? Certainly I think we appreciate the clearer pathways that we can see out of the upcoming activities and the illumination of who is doing what in the wonderful world of SSR. I think that’s going to be extremely useful, and a number of our At-Large membership, of course, have been involved in the work groups, obviously, for the IDN fast track and high security zone verification program.
We’ve been in there from the ground up, and clearly, as you mentioned, will be an integral part of the JSSR analysis Working Group, which is only just getting off the ground a little bit. Cart before the horse, in some people’s views, here. What we had particularly with the briefing with the community last time, a number of questions raised on the bottom up mechanisms for instigation of a DNS-Cert, in particular. Still relating unanswered, unfortunately, after our last call. So I trust, Patrick, you’re comfortable taking questions on those topics as well, (inaudible 0:30:05).
Obviously, we don’t want to pre-empt the Working Group, the joint security and stability analysis Working Group, but the needs analysis for the ICANN based DNS-Cert is something that I’m sure it will be looking at, but perhaps, Patrick, we could hear from you when the public comments input involving DNS-Cert and a number – in fact, when we did our analysis, we didn’t find an overwhelming request from community. Both ICANN community and the wider DNS-Cert community, for us to dive headlong into this area, perhaps you could give us a little bit of a briefing on that, because that was missing from our last presentation, I’m afraid.
Patrick Jones: I think what was probably missing from that is a overview of some of the discussions that happened before the strategic initiatives paper was published. I’ve put together a timeline and it’s a document that was shared with the Accountability and Transparency Review Team, at least I know that the Berkman group received it, I think that there’s no problem in sending this to the joint Working Groups, I think it would be a good starting point. This is a timeline with links to all of the discussion around DNS-Cert --
Cheryl Langdon-Orr: That would be an excellent resource.
Patrick Jones: What I’d like to point to is from the first SSR symposium conducted at Georgia Tech University in February of 2009, and that, out of those discussions, the concept of some kind of a computer emergency response team for the DNS was explored. And then that concept was put into discussions within the strategic plan. I think probably there does need to be some --
Cheryl Langdon-Orr: Patrick, if I may – I think perhaps it would be useful to help us understand how what seems to be a divergence on the definition of ICANN community and community, from that timeline on would be helpful to particularly help the regional people understand.
Patrick Jones: So rather than dive into that now, why don’t I make sure that is addressed very clearly, not just in the Working Groups, but in providing some explanation on where we are now.
Cheryl Langdon-Orr: Fantastic. Well, someone’s having a good time. Quite exciting when you un-mute the line. Sebastian, is that you? Sebastian, were you wishing to speak?
Sebastian Bachollet: No, no sorry. I mute myself, but I don’t know why – okay, I will re-mute myself and --
Cheryl Langdon-Orr: Okay. Well, while we work through the wonderful world of muting and um-muting, which is always exciting, is there any particular questions? I may have monopolized Patrick the last couple of moments, but I suppose --
Patrick Jones: I’m interested in, as a group, that At-Large is interested in hearing more about emerging threats to the DNS? Things that we’re seeing that are happening that maybe we haven’t done full research on. What they are, where they’re coming from, but things that either other groups that we’re hearing from are seeing; a set of things that At-Large might look out for. And that might be a good discussion item in Cartagena, because we, as a team, new things there are changes with conflicker that look like they’re something else, developments of threat models, and that might be something that At-Large would need to know more about. If it is something that – we can talk about in Cartagena.
Cheryl Langdon-Orr: I think that would be an excellent plan. It would build and complement from the previous briefings we’ve had with SSAC, of course, and probably comes from a slightly different level and at a different end than what we’ve had previously in the past from briefings from SSAC, which probably would be more retrospective. This would be a little bit more predictive, so I think that would be excellent. I would also suggest, Patrick, that it might be something that we could look at as an updateable and an ongoing information sharing mechanism. The ability for the At-Large community who are at the edges, where is of course, where a lot of this information exchange and warning and responses need to happen, would be a very useful resource/tool to be exploited, I think, in any successful planning.
And as part of the bigger picture with extreme invested interest in the security, stability, and resiliency of the domain name system, I’m sure without having checked with each and every one of the regions, that all of the regional leaders would be very keen to have anything with specific to their areas of interest, whether or not their region is a source of particular risk or is being at risk by something that’s going on.
Patrick Jones: Okay.
Cheryl Langdon-Orr: How we formalize that would be interesting. and obviously it would be something that we would need to extend beyond just our community. We do have a set of briefing sessions at each face to face meeting at ICANN. Patrick, I’m wondering if you could work with Heidi to see if there’s a time slot that suits your demands on the Tuesday.
Patrick Jones: Okay.
Cheryl Langdon-Orr: That would be most helpful. Heidi, one little AI on you and Patrick for now.
Patrick Jones: And this can even be something that is not lengthy, but where we lay out “Here’s some of the things that we’re seeing and hearing from others, and it might be good to let you know that this is going on, and either watch out for it or provide feedback to us is it’s something worth further discussion.” And I think Eric added a point, and I will check with John Crane about that, because he is on the conflicker Working Group list, and should be the expert in that area.
Cheryl Langdon-Orr: Thank you. Eric’s typing, so I think there might be a response there as well.
Patrick Jones: I’m hoping it’s helpful that we did take the time to extend the comment period, but not just to do that, but to provide translation for this SSR plan and to spend some time letting know, not just what this document is, but how it fits in with the broader picture of our activities and where it comes from.
Cheryl Langdon-Orr: It’s extremely helpful. One question, I suppose, is the question that you’re taking on notice. The answers to those would be extremely useful as the region, and indeed, the ALAC itself formulates its responses to the public comment period. What’s the turn around time likely to be on these issues?
Patrick Jones: Why don’t – within the week I’ll try to put something around questions asked and some update to the page, so there’s a way to track it.
Cheryl Langdon-Orr: Terrific. Okay, and I must say, we must be at a little difficulty if there is a set of assumptions within your department on what our peer understanding as a community was from our last briefing call. And what actually happened, because unfortunately, Greg didn’t do the presentation at all. It was presented by Yuri, which was great, but not being the primary author of the presentation or document, we found a number of things were either unanswered, glossed over, or ignored, none of which left us particularly happy. So feel free to go back and scoop up stuff from the previous presentation that we’ve clearly not picked up on, or that our questions appear to be highlighting. If you’re wondering, “Why didn’t they get that last time?” It’s because we didn’t get that last time. We’re not just being bloody minded and difficult, of course, we’re capable of being that, but we’re not just being bloody minded and difficult.
Patrick Jones: One of the other things that I’ve observed in discussions with the cc community around DNS-Cert, and I don’t really want this briefing to turn into all DNS-Cert, but there’s – and rightfully so – a lot of concern about the genesis of the concept. But as we tried to make clear in Brussels, that ICANN is no longer promoting to be the entity that would operate a DNS-Cert, from a staff perspective, we’ve taken a step back, we’re going to let the community discuss it, help facilitate discussions, but not push the concept. So we’re not at the point of saying this is something that should be done, we’re saying --
Cheryl Langdon-Orr: Let’s explore.
Patrick Jones: Here’s something we’ve observed, let’s let the community talk about it, and see what the best way forward is, but not try to say this is something that ICANN should run.
Cheryl Langdon-Orr: The sets of assumptions that we’re all going to be very keen to hear more about and which I believe would be coming out of your offer of the earlier sharing of information and proactive briefings of risks as they appear, would also help us understand, because particularly in the world of At-Large, we have very close involvement with the cc environment, and so our day to day, month to month, and year to year understanding of risk is strictly based from the perspectives of the cc’s. To that too, as a local internet community, we have a much more hand in glove relationship with, and where there’s their bewilderment on how high risk things are, you’ll see that reflected in our community as well.
The difference, of course, in our community is the heightened concern from a consumer, and from a protection point of view, where we also need to recognize that At-Large, quite reasonably, needs to think about the average end user and the risks to them, so we’d be very keen to find mechanisms whereby, in our outreach to – by ‘our’ I’m talking about the At-Large structures and individuals out at the edges – how we can become part, and effective part of a more resilient and more robust SSR system. So perhaps that’s something we could take as a piece of future planning, as well, which of course would help with earlier engagement and more proactivity rather than reactivity, which is unfortunately, I think what has happened now. We’ve got the Joint Security and Stability analysis Working Group sort of – that’s the sort of thing that really ought to have been in place and happening well before Nairobi. But we’re getting there, just a bit ass up, if you’ll pardon the language.
Any other questions? Particularly anything we might like to highlight as we move toward putting in our public comments? We’ve got some questions on notice that Patrick’s going to turn around for us. I see Eric typing again. We’re going to organize some face to face time with you and we will certainly appreciate that. One of the benefits of that, Patrick, and I’d encourage you, if you want to do a little bit of preparatory work and we can have any documents or presentations that you want to discuss with us on the Tuesday, pre-translated and put out as materials for our community that will be meeting face to face. But we also have the benefit of real time interpretation at any presentation that goes on during the ICANN meeting.
So you’ll have an opportunity to create at least a Spanish and French version of what you say, and that might be a useful resource. Again, At-Large is particularly keen to make sure that things don’t always just come out in English, or advanced out in English, beyond the other languages. I know Latin American and European regional leaders will be very pleased to see, as will the Asia Pacific, when Chinese does come out, come out in these languages.
Now, with the dates of the translations coming out, is there any talk of extension for those languages? Are you extending your end point of public comment, for example, for Chinese language response by any length of time? Or is the closing date just a hard stop?
Patrick Jones: You know, we hadn’t planned on extending it out again, but I can look at that.
Cheryl Langdon-Orr: Perhaps if we suggested it’s a non-request space. If there is an Asia community group who do wish to respond, but desire a few more days, they can just come through our system and Heidi can let you know?
Patrick Jones: I think that’s certainly capable – our expectation is that whatever comments come in, we want to try to turn those around and do a very thorough summary analysis, before Cartagena. They would still be a month and a half between then and the ICANN meeting, so they could still – if anyone from the region wants to provide input, there’s still a way for their input to be taken into consideration and provide good feedback for us.
Cheryl Langdon-Orr: Excellent. Just as we come toward ten minutes prior to the top of the hour, I know a number of us have either been on the interminably long vertical integration call, or are about to enter into another call, I did want to take the opportunity just to say how much we appreciate the efforts that you’ve made in putting this briefing together, to just reiterate that the chat space will be collected out of the Adobe connect room, and will be sent to you and all the other participants. But we’d like to ask, if it’s possible, that you might be approached, Patrick, to talk directly to any of the regions.
Each of the regions have a monthly meeting, and it would probably be as a product of getting together in Cartagena, but perhaps a work plan looking towards a little visitation in the agenda for the matters of security, stability, and resiliency of the DNS to be injected at a predictable point in time. Perhaps it would facilitate some of the joint security and stability Working Group activities. Maybe in Q3 or Q4 of the current financial year where there’s a little round robin in the regions. I’ll leave that to be considered, obviously, by the leadership of the regions, but it strikes me as something that could be particularly useful – particularly when we look at how unfriendly this particular time is for large lumps of, for example, Asia.
Patrick Jones: Yeah, I really appreciate this group being flexible for the time for a call. What I might offer up is a time where if there’s a group that wants to hear a specialized briefing, or even a conversation about our SSR activities, at a time that’s very, very late Eastern time for me, might be a better time for other parts of the world. So I’d be happy to do that. And I recognize that even though we have the document, we are trying to update it every year, that SSR issues and threats emerging issues with DNS are an ongoing and daily thing. It’s something that’s intended to be more of a living document than something that’s cast in stone once a year and never looked at again. So we really want to encourage direct participation, engagement between our side, not just our side, but with the community in a facilitating way.
Cheryl Langdon-Orr: Well, that’s music to our ears, because we would prefer to be seen as both an effective resource for outreach, but also a very specific opportunity for community concerns, questions, and levels of understanding to be inserted into the mulling over and ruminations that go on as the ICANN particular plans are done. We certainly do appreciate your time today, and I’ve noticed too, Dev has put in a particular specific request for the briefings which we do already have through contractual compliance. We’re getting to that point now where we have a reasonable amount of overlap, and rather than continue working too much in our silos, we might need to be getting a little bit of cross pollination happening with what we’re looking at, and from whom.
So we all work smarter rather than harder. Eric, did you want to have the matter of shell registries discussed before we wrap up? Or is that okay to be taken as a statement on notice? Eric? Oh, he might be on mute.
Patrick Jones: I think that was more a comment on the previous comment before.
Cheryl Langdon-Orr: Yes, okay. Just to be clear, I wanted to know that we were having a dialogue rather than asking a particular questions. Fantastic. Okay, oh dear, and you can’t un-mute. I know just how that feels, when I wear my headset at home, when I’m not sitting in a hotel room in another part of Australia I have exactly the same problem. Well, if there’s no other particular questions from anybody, we’ll do a last call on questions.
Patrick Jones: Again, I appreciate the flexibility that – think of this as the continuation of some conversations with this group, not just the one time briefing. Sebastian, do you have a question?
Cheryl Langdon-Orr: Go ahead, Sebastian.
Sebastian Bachollet: Thank you. Yes, I have one question about the IDNs, since this is the subject we are currently discussing in the SSR space, and the some people were wanting to have some feedback. I don’t know if the sound is good, but hopefully you can understand me. If there are a lot of – if there’s an organization of the problem of the user of IDNs for phishing and then some other, but it was one of minefields about introduction of IDNs, with compliance so far, do you have some feedback on that? Or it’s to wait your work at the end of the first year of implementation?
Patrick Jones: The initial feedback, I think, has been positive, but it’s primarily because it started small. We’re still working with the Russian Federation and some Arabic countries that have been the first movers in the space, and China, Taiwan, Hong Kong, there will lessons learned very soon, but the initial observations seem to be positive. I think Tina Damm(sp) will be in Cartagena and be able to talk more about the initial observations of IDNs, but so far I haven’t seen a lot of issues around – probably because many of these registries are just now at the stage where they’re opening up for registration. But so far, it’s been positive.
Cheryl Langdon-Orr: So it really is very much a ‘watch this space’.
Patrick Jones: Yes.
Cheryl Langdon-Orr: Well, Patrick. It’s five minutes to the top of the hour. I’d like to just thank you very much not only for what you’ve done today and tonight, but what you’re committing to continue to do with us, and look forward to the turnaround of the questions with notice. Heidi will make sure you get a copy of everything we’ve got in our chat space here, and we look forward to a more proactive and productive interaction with the matters of security, stability, and resiliency in the world of ICANN, not just the Joint Security and Stability analysis Working Group, but perhaps more directly direction with our ALSs, our regions, obviously the capitalized At-Large, and also, of course, dear old ALAC, the specific in person Advisory Committee, which has a clear vested interest in all of this, and is very keen to see what we see as the advantages we have of being out on the edges working to maximize the security, stability, and resiliency, the core values that ICANN has, and that we certainly are very passionate about as well.
So thank you very much, and thank you to each and every one of you. Many of you now have to dash off to another call, for those of you on the executive committee call, we will now start our call at ten past the hour. Thank you one and all. Bye for now.
- End of transcript -
