[NCSG-PC] Fw: [NCUC-DISCUSS] Suggested Comment: Draft Framework for Registry Operators to Respond to Security Threats
Rafik Dammak
rafik.dammak at gmail.com
Fri Aug 4 10:39:13 EEST 2017
Dear PC members,
any comment on the draft? we got an extension till 6th August, we should
review quickly and make a decision.
Best,
Rafik
2017-07-31 19:33 GMT+09:00 Rafik Dammak <rafik.dammak at gmail.com>:
> Hi Ayden,
>
> Yes it is for PC review. We worked on it the last days with Juan, Dina and
> Niels. James cannot response since is off for the coming days. I was going
> to send email to related ICANN staff to inform that we will make a late
> submission, hopefully by end of this week.
>
> Best,
>
> Rafik
>
>
> On Jul 31, 2017 7:18 PM, "Ayden Férdeline" <icann at ferdeline.com> wrote:
>
> I believe the PC is being asked to review this comment which has been
> drafted by Dina and Juan. The submission deadline for comments on this
> issue is today, but I suspect we will not be able to meet that, so let's
> try for this Friday? I think we need to bring in a topic expert, James
> Gannon (cc'd), to get his opinion on this comment, too -- because I am
> happy to raise my hand and say I do not know anything about this topic.
>
> Best, Ayden
>
>
> -------- Original Message --------
> Subject: [NCUC-DISCUSS] Suggested Comment: Draft Framework for Registry
> Operators to Respond to Security Threats
> Local Time: July 30, 2017 11:24 PM
> UTC Time: July 30, 2017 10:24 PM
> From: thomascovenant at thomascovenant.org
> To: NCUC-discuss <ncuc-discuss at lists.ncuc.org>
>
> Hello,
>
> the comment proposal is underneath, what are your thoughts?
>
> https://docs.google.com/document/d/1TfgHuMqzD660_CHLQMXMW4ph
> nBtLSP94j6X5riY2Ko4/edit
>
> Note from Security Framework Drafting Team wiki workspace:
>
> - Is Public Comment required for the draft Framework?
> - This is not a policy implementation nor a contractual requirements
> document; therefore, a public comment proceeding would not be required.
> However, SFDT has decided to conduct a public comment for broader community
> feedback prior to finalization of the Framework.
>
> Main points:
>
> - Framework should be expanded
> - Several minor details are to be clarified, restructuring proposal
> - as a small step in response to proposed detailed report examination, I
> suggest we include a recommendation on Responsible Threat Disclosure.
>
> Finally, I quote Point 3 from the Comment:
>
> "Since the following examination of threat report is identified in the
> Framework, we strongly suggest including a recommendation on Responsible
> Threat Disclosure to be included in the document:
>
> "Each RO should scrutinize, question or otherwise inquire about the
> legitimacy of the origin
> of a request, in accordance with their own internal policies and
> processes."
>
> We have seen a broad variation in handling security threat reports,
> varying from constructive actions addressing the issues to punishment of
> the reporting party. Benefits of responsible threat submission are obvious.
>
> In this context, it is important to underline benefits and importance of
> responsible threat disclosure. We request recommendation to extend goodwill
> and not cause harm to the reporting party whenever possible:
>
> When applicable, RO should provide:
>
> - an easy way to report security threats and violation
> - encrypted ways of communication
> - option of anonymous submission"
>
> Other:
>
> - This is my first comment drafted with input from Juan Manuel Rojas
> (thank you for commenting). Access to shared document and request for
> review was given to those who expressed interest in working on it. All
> input from the list is very welcome. Please let me know what needs to be
> corrected and I will promptly do it.
> - Comment is a bit late, I will request an extra week to discuss the
> proposal with my humble excuses.
>
> BR,
> Dina Solveig Jalkanen
> --
> * * *
> Friendly geek in Amsterdam, FSFE Fellow
> https://wiki.techinc.nl/index.php/User:Thomascovenant
>
>
> _______________________________________________
> Ncuc-discuss mailing list
> Ncuc-discuss at lists.ncuc.org
> http://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
>
>
>
> _______________________________________________
> NCSG-PC mailing list
> NCSG-PC at lists.ncsg.is
> https://lists.ncsg.is/mailman/listinfo/ncsg-pc
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncsg.is/pipermail/ncsg-pc/attachments/20170804/b7831017/attachment.htm>
More information about the NCSG-PC
mailing list