<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi Rafik,</p>
<p>As I said - I do not quite get what the first statement means in
terms of issues raised so I can't come up with any suggestion. I
wish I could. As this statement doesn't really contribute to
anything and doesn't raise any issue (although it's supposed to as
it is placed in the "issue" section) I suggest we just remove it
for the sake of clarity. Unless the drafters are ready to clarify
or rephrase. But I don't think removal will change anything in the
document except making it clearer. <br>
</p>
<p>I am totally supporting your suggestion for removal of anotehr
statement - let's not send the mix messages especially with vague
wording proposals.</p>
<p>Thanks! <br>
</p>
<p>Tanya <br>
</p>
<br>
<div class="moz-cite-prefix">On 08/08/17 08:08, Rafik Dammak wrote:<br>
</div>
<blockquote
cite="mid:CAH5sTh=5RcbZeHpMqZAtS-h9Uru0jx_huPEi6o=sj7x4eouiCw@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div dir="ltr">
<div class="gmail_extra">Hi Tatiana,</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Thanks for the comments,</div>
<div class="gmail_extra">while we are late by our deadline to
submit a comment, I think we can solve the concerns.</div>
<div class="gmail_extra">1/ do you have a proposal of rephrasing
for the first statement?</div>
<div class="gmail_extra">2/ I understand your concerns and
indeed doesn't seem aligned with our previous stances
regarding domain suspension. probably we can remove that.<br>
<br>
really looking forward to solving this within the next
24hours.</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Best,</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Rafik<br>
<div class="gmail_quote">2017-08-05 6:56 GMT+09:00 Dr. Tatiana
Tropina <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:t.tropina@mpicc.de" target="_blank">t.tropina@mpicc.de</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>Hi all,</p>
<p>I have a couple of comments:</p>
<p>1) I have hard time making sense of the first point:</p>
<p><font size="-2">"1. Registry Response, Responsible
Parties<br>
<br>
“ROs are not necessarily the best parties to
address certain security threats. The identification
of the parties considered as being most relevant and
appropriate in resolving the security threat is
critical to the prompt resolution of the matter.”<br>
<br>
More specifically, responsibility of identifying
security threats connected to New gTLDs and
resolving them when possible rests with ROs."</font></p>
<p>As this point is a part of the comment that refers to
the "issue" I wonder what is this - a statement? What
kind of issue is identified here? Are we recommending
anything? If not and if this is just an introduction,
may be it's better to rephrase? May be it's just too
late here but I struggling with what this "issue"
implies. <br>
</p>
<p>2) I wonder if this one is really in line with NSCG
values such as due process: <br>
</p>
<p><font size="-2">2. We ask you to consider including
the following GAC recommendation in Registry
Response:<br>
<br>
“If Registry operator identifies risk of harm,
Registry operator will notify the relevant registrar
and , if the registrar does not take immediate
action, suspend the domain name until the matter is
resolved.” </font><br>
</p>
<p>The framework already lists the actions that Registry
can take even in the case if "a negative or
non-existent response from the Registrar", which
"should not<br>
preclude the Registry from taking action". I do not
like the notion of "immediate action" as it sound to
vague to me and I believe that there are enough
actions listed to address the issue under the
framework rather than suspension of domain name -
again, "till the matter is resolved" looks too vague.
I don't think it's acceptable when it comes to such a
matter as a suspension of domain name. I know enough
cases of mistakes when due to abuse claims customers
went dark, etc. I suggest we rather be careful here.
But if everyone is comfortable with this suggestion,
I'll surrender. <br>
</p>
<p>Warm regards,</p>
<p>Tanya <br>
</p>
<div>
<div class="m_4966123089002198678h5">
<p><br>
</p>
<br>
<div
class="m_4966123089002198678m_-326150836554865276moz-cite-prefix">On
04/08/17 09:39, Rafik Dammak wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_extra">Dear PC members,</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">any comment on the
draft? we got an extension till 6th August, we
should review quickly and make a decision.</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Best,</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Rafik</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">
<div class="gmail_quote">2017-07-31 19:33
GMT+09:00 Rafik Dammak <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:rafik.dammak@gmail.com"
target="_blank">rafik.dammak@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div dir="auto">
<div>Hi Ayden,
<div dir="auto"><br>
</div>
<div dir="auto">Yes it is for PC
review. We worked on it the last
days with Juan, Dina and Niels.
James cannot response since is off
for the coming days. I was going to
send email to related ICANN staff to
inform that we will make a late
submission, hopefully by end of this
week.</div>
<div dir="auto"><br>
</div>
<div dir="auto">Best,</div>
<div dir="auto"><br>
</div>
<div dir="auto">Rafik </div>
<br>
<div class="gmail_extra"><br>
<div class="gmail_quote">
<div>
<div
class="m_4966123089002198678m_-326150836554865276h5">On
Jul 31, 2017 7:18 PM, "Ayden
Férdeline" <<a
moz-do-not-send="true"
href="mailto:icann@ferdeline.com"
target="_blank">icann@ferdeline.com</a>>
wrote:<br type="attribution">
</div>
</div>
<blockquote
class="m_4966123089002198678m_-326150836554865276m_7229474843329171798quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div>
<div
class="m_4966123089002198678m_-326150836554865276h5">
<div>I believe the PC is
being asked to review this
comment which has been
drafted by Dina and Juan.
The submission deadline
for comments on this issue
is today, but I suspect we
will not be able to meet
that, so let's try for
this Friday? I think we
need to bring in a topic
expert, James Gannon
(cc'd), to get his opinion
on this comment, too --
because I am happy to
raise my hand and say I do
not know anything about
this topic. <br>
</div>
<div><br>
</div>
<div
class="m_4966123089002198678m_-326150836554865276m_7229474843329171798m_6307797313055180449protonmail_signature_block">
<div
class="m_4966123089002198678m_-326150836554865276m_7229474843329171798m_6307797313055180449protonmail_signature_block-user">
<div>Best, Ayden <br>
</div>
</div>
<div
class="m_4966123089002198678m_-326150836554865276m_7229474843329171798m_6307797313055180449protonmail_signature_block-protonm_7229474843329171798m_6307797313055180449protonmail_signature_block-empty"><br>
</div>
</div>
<div
class="m_4966123089002198678m_-326150836554865276m_7229474843329171798elided-text">
<div><br>
</div>
<blockquote type="cite"
class="m_4966123089002198678m_-326150836554865276m_7229474843329171798m_6307797313055180449protonmail_quote">
<div>-------- Original
Message --------<br>
</div>
<div>Subject:
[NCUC-DISCUSS]
Suggested Comment:
Draft Framework for
Registry Operators to
Respond to Security
Threats<br>
</div>
<div>Local Time: July
30, 2017 11:24 PM<br>
</div>
<div>UTC Time: July 30,
2017 10:24 PM<br>
</div>
<div>From: <a
moz-do-not-send="true"
href="mailto:thomascovenant@thomascovenant.org" target="_blank">thomascovenant@thomascovenant.<wbr>org</a><br>
</div>
<div>To: NCUC-discuss
<<a
moz-do-not-send="true"
href="mailto:ncuc-discuss@lists.ncuc.org" target="_blank">ncuc-discuss@lists.ncuc.org</a>><br>
</div>
<div><br>
</div>
<div>Hello,<br>
</div>
<div><br>
</div>
<div>the comment
proposal is
underneath, what are
your thoughts?<br>
</div>
<div><br>
</div>
<div><a
moz-do-not-send="true"
href="https://docs.google.com/document/d/1TfgHuMqzD660_CHLQMXMW4phnBtLSP94j6X5riY2Ko4/edit"
target="_blank">https://docs.google.com/docume<wbr>nt/d/1TfgHuMqzD660_CHLQMXMW4ph<wbr>nBtLSP94j6X5riY2Ko4/edit</a><br>
</div>
<div><br>
</div>
<div>Note from Security
Framework Drafting
Team wiki workspace:<br>
</div>
<div><br>
</div>
<div>- Is Public Comment
required for the draft
Framework?<br>
</div>
<div>- This is not a
policy implementation
nor a contractual
requirements document;
therefore, a public
comment proceeding
would not be required.
However, SFDT has
decided to conduct a
public comment for
broader community
feedback prior to
finalization of the
Framework.<br>
</div>
<div><br>
</div>
<div>Main points:<br>
</div>
<div><br>
</div>
<div>- Framework should
be expanded<br>
</div>
<div>- Several minor
details are to be
clarified,
restructuring proposal<br>
</div>
<div>- as a small step
in response to
proposed detailed
report examination, I
suggest we include a
recommendation on
Responsible Threat
Disclosure.<br>
</div>
<div><br>
</div>
<div>Finally, I quote
Point 3 from the
Comment:<br>
</div>
<div><br>
</div>
<div>"Since the
following examination
of threat report is
identified in the
Framework, we strongly
suggest including a
recommendation on
Responsible Threat
Disclosure to be
included in the
document:<br>
</div>
<div><br>
</div>
<div>"Each RO should
scrutinize, question
or otherwise inquire
about the legitimacy
of the origin<br>
</div>
<div>of a request, in
accordance with their
own internal policies
and processes."<br>
</div>
<div><br>
</div>
<div>We have seen a
broad variation in
handling security
threat reports,
varying from
constructive actions
addressing the issues
to punishment of the
reporting party.
Benefits of
responsible threat
submission are
obvious.<br>
</div>
<div><br>
</div>
<div>In this context, it
is important to
underline benefits and
importance of
responsible threat
disclosure. We request
recommendation to
extend goodwill and
not cause harm to the
reporting party
whenever possible:<br>
</div>
<div><br>
</div>
<div>When applicable, RO
should provide:<br>
</div>
<div><br>
</div>
<div>- an easy way to
report security
threats and violation<br>
</div>
<div>- encrypted ways of
communication<br>
</div>
<div>- option of
anonymous submission"<br>
</div>
<div><br>
</div>
<div>Other:<br>
</div>
<div><br>
</div>
<div>- This is my first
comment drafted with
input from Juan Manuel
Rojas (thank you for
commenting). Access to
shared document and
request for review was
given to those who
expressed interest in
working on it. All
input from the list is
very welcome. Please
let me know what needs
to be corrected and I
will promptly do it.<br>
</div>
<div>- Comment is a bit
late, I will request
an extra week to
discuss the proposal
with my humble
excuses.<br>
</div>
<div><br>
</div>
<div>BR,<br>
</div>
<div>Dina Solveig
Jalkanen<br>
</div>
<div>-- <br>
</div>
<div>* * *<br>
</div>
<div>Friendly geek in
Amsterdam, FSFE Fellow<br>
</div>
<div><a
moz-do-not-send="true"
href="https://wiki.techinc.nl/index.php/User:Thomascovenant"
target="_blank">https://wiki.techinc.nl/index.<wbr>php/User:Thomascovenant</a><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>______________________________<wbr>_________________<br>
</div>
<div>Ncuc-discuss
mailing list<br>
</div>
<div><a
moz-do-not-send="true"
href="mailto:Ncuc-discuss@lists.ncuc.org" target="_blank">Ncuc-discuss@lists.ncuc.org</a><br>
</div>
<div><a
moz-do-not-send="true"
href="http://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss"
target="_blank">http://lists.ncuc.org/cgi-bin/<wbr>mailman/listinfo/ncuc-discuss</a><br>
</div>
</blockquote>
<div><br>
</div>
</div>
<br>
</div>
</div>
______________________________<wbr>_________________<br>
NCSG-PC mailing list<br>
<a moz-do-not-send="true"
href="mailto:NCSG-PC@lists.ncsg.is"
target="_blank">NCSG-PC@lists.ncsg.is</a><br>
<a moz-do-not-send="true"
href="https://lists.ncsg.is/mailman/listinfo/ncsg-pc"
rel="noreferrer"
target="_blank">https://lists.ncsg.is/mailman/<wbr>listinfo/ncsg-pc</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset
class="m_4966123089002198678m_-326150836554865276mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
NCSG-PC mailing list
<a moz-do-not-send="true" class="m_4966123089002198678m_-326150836554865276moz-txt-link-abbreviated" href="mailto:NCSG-PC@lists.ncsg.is" target="_blank">NCSG-PC@lists.ncsg.is</a>
<a moz-do-not-send="true" class="m_4966123089002198678m_-326150836554865276moz-txt-link-freetext" href="https://lists.ncsg.is/mailman/listinfo/ncsg-pc" target="_blank">https://lists.ncsg.is/mailman/<wbr>listinfo/ncsg-pc</a>
</pre>
</blockquote>
</div></div></div>
______________________________<wbr>_________________
NCSG-PC mailing list
<a moz-do-not-send="true" href="mailto:NCSG-PC@lists.ncsg.is" target="_blank">NCSG-PC@lists.ncsg.is</a>
<a moz-do-not-send="true" href="https://lists.ncsg.is/mailman/listinfo/ncsg-pc" rel="noreferrer" target="_blank">https://lists.ncsg.is/mailman/<wbr>listinfo/ncsg-pc</a>
</blockquote></div>
</div></div>
</blockquote>
</body></html>