<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p>Hi Rafik,</p>
    <p>As I said - I do not quite get what the first statement means in
      terms of issues raised so I can't come up with any suggestion. I
      wish I could. As this statement doesn't really contribute to
      anything and doesn't raise any issue (although it's supposed to as
      it is placed in the "issue" section) I suggest we just remove it
      for the sake of clarity. Unless the drafters are ready to clarify
      or rephrase. But I don't think removal will change anything in the
      document except making it clearer. <br>
    </p>
    <p>I am totally supporting your suggestion for removal of anotehr
      statement - let's not send the mix messages especially with vague
      wording proposals.</p>
    <p>Thanks! <br>
    </p>
    <p>Tanya <br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 08/08/17 08:08, Rafik Dammak wrote:<br>
    </div>
    <blockquote
cite="mid:CAH5sTh=5RcbZeHpMqZAtS-h9Uru0jx_huPEi6o=sj7x4eouiCw@mail.gmail.com"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <div dir="ltr">
        <div class="gmail_extra">Hi Tatiana,</div>
        <div class="gmail_extra"><br>
        </div>
        <div class="gmail_extra">Thanks for the comments,</div>
        <div class="gmail_extra">while we are late by our deadline to
          submit a comment, I think we can solve the concerns.</div>
        <div class="gmail_extra">1/ do you have a proposal of rephrasing
          for the first statement?</div>
        <div class="gmail_extra">2/ I understand your concerns and
          indeed doesn't seem aligned with our previous stances
          regarding domain suspension. probably we can remove that.<br>
          <br>
          really looking forward to solving this within the next
          24hours.</div>
        <div class="gmail_extra"><br>
        </div>
        <div class="gmail_extra">Best,</div>
        <div class="gmail_extra"><br>
        </div>
        <div class="gmail_extra">Rafik<br>
          <div class="gmail_quote">2017-08-05 6:56 GMT+09:00 Dr. Tatiana
            Tropina <span dir="ltr"><<a moz-do-not-send="true"
                href="mailto:t.tropina@mpicc.de" target="_blank">t.tropina@mpicc.de</a>></span>:<br>
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">
              <div bgcolor="#FFFFFF" text="#000000">
                <p>Hi all,</p>
                <p>I have a couple of comments:</p>
                <p>1) I have hard time making sense of the first point:</p>
                <p><font size="-2">"1. Registry Response, Responsible
                    Parties<br>
                    <br>
                     “ROs are not necessarily the best parties to
                    address certain security threats. The identification
                    of the parties considered as being most relevant and
                    appropriate in resolving the security threat is
                    critical to the prompt resolution of the matter.”<br>
                    <br>
                    More specifically, responsibility of identifying
                    security threats connected to New gTLDs and
                    resolving them when possible rests with ROs."</font></p>
                <p>As this point is a part of the comment that refers to
                  the "issue" I wonder what is this - a statement? What
                  kind of issue is identified here? Are we recommending
                  anything?  If not and if this is just an introduction,
                  may be it's better to rephrase? May be it's just too
                  late here but I struggling with what this "issue"
                  implies. <br>
                </p>
                <p>2) I wonder if this one is really in line with NSCG
                  values such as due process: <br>
                </p>
                <p><font size="-2">2. We ask you to consider including
                    the following GAC recommendation in Registry
                    Response:<br>
                    <br>
                    “If Registry operator identifies risk of  harm,
                    Registry operator will notify the relevant registrar
                    and , if the registrar does not take immediate
                    action, suspend the domain name until the matter is
                    resolved.” </font><br>
                </p>
                <p>The framework already lists the actions that Registry
                  can take even in the case if "a negative or
                  non-existent response from the Registrar", which
                  "should not<br>
                  preclude the Registry from taking action". I do not
                  like the notion of "immediate action" as it sound to
                  vague to me and I believe that there are enough
                  actions listed to address the issue under the
                  framework rather than suspension of domain name -
                  again, "till the matter is resolved" looks too vague.
                  I don't think it's acceptable when it comes to such a
                  matter as a suspension of domain name. I know enough
                  cases of mistakes when due to abuse claims customers
                  went dark, etc. I suggest we rather be careful here.
                  But if everyone is comfortable with this suggestion,
                  I'll surrender. <br>
                </p>
                <p>Warm regards,</p>
                <p>Tanya <br>
                </p>
                <div>
                  <div class="m_4966123089002198678h5">
                    <p><br>
                    </p>
                    <br>
                    <div
                      class="m_4966123089002198678m_-326150836554865276moz-cite-prefix">On
                      04/08/17 09:39, Rafik Dammak wrote:<br>
                    </div>
                    <blockquote type="cite">
                      <div dir="ltr">
                        <div class="gmail_extra">Dear PC members,</div>
                        <div class="gmail_extra"><br>
                        </div>
                        <div class="gmail_extra">any comment on the
                          draft? we got an extension till 6th August, we
                          should review quickly and make a decision.</div>
                        <div class="gmail_extra"><br>
                        </div>
                        <div class="gmail_extra">Best,</div>
                        <div class="gmail_extra"><br>
                        </div>
                        <div class="gmail_extra">Rafik</div>
                        <div class="gmail_extra"><br>
                        </div>
                        <div class="gmail_extra">
                          <div class="gmail_quote">2017-07-31 19:33
                            GMT+09:00 Rafik Dammak <span dir="ltr"><<a
                                moz-do-not-send="true"
                                href="mailto:rafik.dammak@gmail.com"
                                target="_blank">rafik.dammak@gmail.com</a>></span>:<br>
                            <blockquote class="gmail_quote"
                              style="margin:0 0 0 .8ex;border-left:1px
                              #ccc solid;padding-left:1ex">
                              <div dir="auto">
                                <div>Hi Ayden,
                                  <div dir="auto"><br>
                                  </div>
                                  <div dir="auto">Yes it is for PC
                                    review. We worked on it the last
                                    days with Juan, Dina and Niels.
                                    James cannot response since is off
                                    for the coming days. I was going to
                                    send email to related ICANN staff to
                                    inform that we will make a late
                                    submission, hopefully by end of this
                                    week.</div>
                                  <div dir="auto"><br>
                                  </div>
                                  <div dir="auto">Best,</div>
                                  <div dir="auto"><br>
                                  </div>
                                  <div dir="auto">Rafik </div>
                                  <br>
                                  <div class="gmail_extra"><br>
                                    <div class="gmail_quote">
                                      <div>
                                        <div
                                          class="m_4966123089002198678m_-326150836554865276h5">On
                                          Jul 31, 2017 7:18 PM, "Ayden
                                          Férdeline" <<a
                                            moz-do-not-send="true"
                                            href="mailto:icann@ferdeline.com"
                                            target="_blank">icann@ferdeline.com</a>>
                                          wrote:<br type="attribution">
                                        </div>
                                      </div>
                                      <blockquote
class="m_4966123089002198678m_-326150836554865276m_7229474843329171798quote"
                                        style="margin:0 0 0
                                        .8ex;border-left:1px #ccc
                                        solid;padding-left:1ex">
                                        <div>
                                          <div
                                            class="m_4966123089002198678m_-326150836554865276h5">
                                            <div>I believe the PC is
                                              being asked to review this
                                              comment which has been
                                              drafted by Dina and Juan.
                                              The submission deadline
                                              for comments on this issue
                                              is today, but I suspect we
                                              will not be able to meet
                                              that, so let's try for
                                              this Friday? I think we
                                              need to bring in a topic
                                              expert, James Gannon
                                              (cc'd), to get his opinion
                                              on this comment, too --
                                              because I am happy to
                                              raise my hand and say I do
                                              not know anything about
                                              this topic. <br>
                                            </div>
                                            <div><br>
                                            </div>
                                            <div
class="m_4966123089002198678m_-326150836554865276m_7229474843329171798m_6307797313055180449protonmail_signature_block">
                                              <div
class="m_4966123089002198678m_-326150836554865276m_7229474843329171798m_6307797313055180449protonmail_signature_block-user">
                                                <div>Best, Ayden <br>
                                                </div>
                                              </div>
                                              <div
class="m_4966123089002198678m_-326150836554865276m_7229474843329171798m_6307797313055180449protonmail_signature_block-protonm_7229474843329171798m_6307797313055180449protonmail_signature_block-empty"><br>
                                              </div>
                                            </div>
                                            <div
class="m_4966123089002198678m_-326150836554865276m_7229474843329171798elided-text">
                                              <div><br>
                                              </div>
                                              <blockquote type="cite"
class="m_4966123089002198678m_-326150836554865276m_7229474843329171798m_6307797313055180449protonmail_quote">
                                                <div>-------- Original
                                                  Message --------<br>
                                                </div>
                                                <div>Subject:
                                                  [NCUC-DISCUSS]
                                                  Suggested Comment:
                                                  Draft Framework for
                                                  Registry Operators to
                                                  Respond to Security
                                                  Threats<br>
                                                </div>
                                                <div>Local Time: July
                                                  30, 2017 11:24 PM<br>
                                                </div>
                                                <div>UTC Time: July 30,
                                                  2017 10:24 PM<br>
                                                </div>
                                                <div>From: <a
                                                    moz-do-not-send="true"
href="mailto:thomascovenant@thomascovenant.org" target="_blank">thomascovenant@thomascovenant.<wbr>org</a><br>
                                                </div>
                                                <div>To: NCUC-discuss
                                                  <<a
                                                    moz-do-not-send="true"
href="mailto:ncuc-discuss@lists.ncuc.org" target="_blank">ncuc-discuss@lists.ncuc.org</a>><br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div>Hello,<br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div>the comment
                                                  proposal is
                                                  underneath, what are
                                                  your thoughts?<br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div><a
                                                    moz-do-not-send="true"
href="https://docs.google.com/document/d/1TfgHuMqzD660_CHLQMXMW4phnBtLSP94j6X5riY2Ko4/edit"
                                                    target="_blank">https://docs.google.com/docume<wbr>nt/d/1TfgHuMqzD660_CHLQMXMW4ph<wbr>nBtLSP94j6X5riY2Ko4/edit</a><br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div>Note from Security
                                                  Framework Drafting
                                                  Team wiki workspace:<br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div>- Is Public Comment
                                                  required for the draft
                                                  Framework?<br>
                                                </div>
                                                <div>- This is not a
                                                  policy implementation
                                                  nor a contractual
                                                  requirements document;
                                                  therefore, a public
                                                  comment proceeding
                                                  would not be required.
                                                  However, SFDT has
                                                  decided to conduct a
                                                  public comment for
                                                  broader community
                                                  feedback prior to
                                                  finalization of the
                                                  Framework.<br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div>Main points:<br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div>- Framework should
                                                  be expanded<br>
                                                </div>
                                                <div>- Several minor
                                                  details are to be
                                                  clarified,
                                                  restructuring proposal<br>
                                                </div>
                                                <div>- as a small step
                                                  in response to
                                                  proposed detailed
                                                  report examination, I
                                                  suggest we include a
                                                  recommendation on
                                                  Responsible Threat
                                                  Disclosure.<br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div>Finally, I quote
                                                  Point 3 from the
                                                  Comment:<br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div>"Since the
                                                  following examination
                                                  of threat report is
                                                  identified in the
                                                  Framework, we strongly
                                                  suggest including a
                                                  recommendation on
                                                  Responsible Threat
                                                  Disclosure to be
                                                  included in the
                                                  document:<br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div>"Each RO should
                                                  scrutinize, question
                                                  or otherwise inquire
                                                  about the legitimacy
                                                  of the origin<br>
                                                </div>
                                                <div>of a request, in
                                                  accordance with their
                                                  own internal policies
                                                  and processes."<br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div>We have seen a
                                                  broad variation in
                                                  handling security
                                                  threat reports,
                                                  varying from
                                                  constructive actions
                                                  addressing the issues
                                                  to punishment of the
                                                  reporting party.
                                                  Benefits of
                                                  responsible threat
                                                  submission are
                                                  obvious.<br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div>In this context, it
                                                  is important to
                                                  underline benefits and
                                                  importance of
                                                  responsible threat
                                                  disclosure. We request
                                                  recommendation to
                                                  extend goodwill and
                                                  not cause harm to the
                                                  reporting party
                                                  whenever possible:<br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div>When applicable, RO
                                                  should provide:<br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div>- an easy way to
                                                  report security
                                                  threats and violation<br>
                                                </div>
                                                <div>- encrypted ways of
                                                  communication<br>
                                                </div>
                                                <div>- option of
                                                  anonymous submission"<br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div>Other:<br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div>- This is my first
                                                  comment drafted with
                                                  input from Juan Manuel
                                                  Rojas (thank you for
                                                  commenting). Access to
                                                  shared document and
                                                  request for review was
                                                  given to those who
                                                  expressed interest in
                                                  working on it. All
                                                  input from the list is
                                                  very welcome. Please
                                                  let me know what needs
                                                  to be corrected and I
                                                  will promptly do it.<br>
                                                </div>
                                                <div>- Comment is a bit
                                                  late, I will request
                                                  an extra week to
                                                  discuss the proposal
                                                  with my humble
                                                  excuses.<br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div>BR,<br>
                                                </div>
                                                <div>Dina Solveig
                                                  Jalkanen<br>
                                                </div>
                                                <div>-- <br>
                                                </div>
                                                <div>* * *<br>
                                                </div>
                                                <div>Friendly geek in
                                                  Amsterdam, FSFE Fellow<br>
                                                </div>
                                                <div><a
                                                    moz-do-not-send="true"
href="https://wiki.techinc.nl/index.php/User:Thomascovenant"
                                                    target="_blank">https://wiki.techinc.nl/index.<wbr>php/User:Thomascovenant</a><br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div>______________________________<wbr>_________________<br>
                                                </div>
                                                <div>Ncuc-discuss
                                                  mailing list<br>
                                                </div>
                                                <div><a
                                                    moz-do-not-send="true"
href="mailto:Ncuc-discuss@lists.ncuc.org" target="_blank">Ncuc-discuss@lists.ncuc.org</a><br>
                                                </div>
                                                <div><a
                                                    moz-do-not-send="true"
href="http://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss"
                                                    target="_blank">http://lists.ncuc.org/cgi-bin/<wbr>mailman/listinfo/ncuc-discuss</a><br>
                                                </div>
                                              </blockquote>
                                              <div><br>
                                              </div>
                                            </div>
                                            <br>
                                          </div>
                                        </div>
                                        ______________________________<wbr>_________________<br>
                                        NCSG-PC mailing list<br>
                                        <a moz-do-not-send="true"
                                          href="mailto:NCSG-PC@lists.ncsg.is"
                                          target="_blank">NCSG-PC@lists.ncsg.is</a><br>
                                        <a moz-do-not-send="true"
                                          href="https://lists.ncsg.is/mailman/listinfo/ncsg-pc"
                                          rel="noreferrer"
                                          target="_blank">https://lists.ncsg.is/mailman/<wbr>listinfo/ncsg-pc</a><br>
                                        <br>
                                      </blockquote>
                                    </div>
                                    <br>
                                  </div>
                                </div>
                              </div>
                            </blockquote>
                          </div>
                          <br>
                        </div>
                      </div>
                      <br>
                      <fieldset
                        class="m_4966123089002198678m_-326150836554865276mimeAttachmentHeader"></fieldset>
                      <br>
                      <pre>______________________________<wbr>_________________
NCSG-PC mailing list
<a moz-do-not-send="true" class="m_4966123089002198678m_-326150836554865276moz-txt-link-abbreviated" href="mailto:NCSG-PC@lists.ncsg.is" target="_blank">NCSG-PC@lists.ncsg.is</a>
<a moz-do-not-send="true" class="m_4966123089002198678m_-326150836554865276moz-txt-link-freetext" href="https://lists.ncsg.is/mailman/listinfo/ncsg-pc" target="_blank">https://lists.ncsg.is/mailman/<wbr>listinfo/ncsg-pc</a>
</pre>
    </blockquote>
    

  </div></div></div>


______________________________<wbr>_________________

NCSG-PC mailing list

<a moz-do-not-send="true" href="mailto:NCSG-PC@lists.ncsg.is" target="_blank">NCSG-PC@lists.ncsg.is</a>

<a moz-do-not-send="true" href="https://lists.ncsg.is/mailman/listinfo/ncsg-pc" rel="noreferrer" target="_blank">https://lists.ncsg.is/mailman/<wbr>listinfo/ncsg-pc</a>


</blockquote></div>
</div></div>



</blockquote>
</body></html>