ICANN ICANN Email List Archives


<<< Chronological Index >>>    <<< Thread Index    

Comments on Question 35

  • To: 5gtld-evaluation@xxxxxxxxx
  • Subject: Comments on Question 35
  • From: Eric Brunner-Williams <ebw@xxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 11 Jan 2011 18:05:27 -0500

Question 35 appears from "out of the blue". It has no prior existence in any prior DAG, and represents an amazing display of narrow, albeit destructive, advocacy work by some party with more access to ICANN than others.

It is reasonable to attempt to quantify some technical aspects of the applicant's narrative concerning their (or their senior "partner's") registry capabilities. This is dealt with questions 23 through 44.

This public comment reprises a note I sent to the HSTLD-AG mailing list on December 22nd, following comments made during an HSTLD-AG conference call the same day.

Comments on the language of question 35:

1. Security is not a defined term, therefore the applicants, and the
evaluators, cannot predict evaluation outcomes.

2. The specific controls, HSTLD's current work product in particular,
or ISO 27001, are not yet known to have any causal relationship with
registry operational art, and the scope of registry operational art
any candidate control could, in theory, affect, is not yet known to be materially significant to the secure operation of a registry.

3. "Full Interplay of Business and Technical requirements" is not a
quantitative property, and it is doubtful that it is a quantitative

4. Does "on hand or committed" include mutual assistance agreements or cooperative agreements with OARC or CAIDA or CERTs or similar centers of excellence?

The "fails requirement" term could be changed to "does not attempt the (still partially defined) feature set"

See the language of question 44, for features that are optional at time of launch.

At a minimum, the "criteria" associated with, and the scoring value of "2", should be removed from the DAG.

All reference to the HSTLD be removed from the DAG, as the HSTLD-AG has consensus that its work product not be referenced, let alone incorporated, into the DAG.

The "fail" language should be changed to reflect some criteria "not
attempted" rather than "failure", and the feature set be optional at
the time of launch (and so possible at a later point in time).

In a personal capacity,
Eric Brunner-Williams

<<< Chronological Index >>>    <<< Thread Index    

Privacy Policy | Terms of Service | Cookies Policy