RE: [dssa] hm. does anybody have an authoritative source for the definition of "core registry functions"?

[Greg Aaron <gaaron@xxxxxxxxxxxx>]

Hi, Mikey.  Cloud Registry seems to be mainly talking to new TLD
applicants who want to comply with ICANN's new TLD contractual
requirements.  Which are not all "critical functions," of course.   Cloud
Registry's list kind of reinvents the wheel, and is not a great fit for
our work because:
* EPP is not a "critical function."  Accepting and storing data is a
critical function.  EPP is a protocol for transmitting data.
* See my notes below regarding DNSSEC.
* IDN is no "critical" registry function, because you can run a registry
quite well without offering IDNs.  For example, .AU does not offers IDNs.
Yet somehow, .AU perseveres.  ;-)

All best,
--Greg


-----Original Message-----
From: Mike O'Connor [mailto:mike@xxxxxxxxxx]
Sent: Wednesday, January 11, 2012 8:51 AM
To: dssa@xxxxxxxxx
Subject: Re: [dssa] hm. does anybody have an authoritative source for the
definition of "core registry functions"?


so in a recent blog post, the Cloud Registry folks quoted that same
section of the Guidebook and then summarized the list thusly;

EPP, DNS, Whois, IDN and DNSSEC

how do people feel about that list of services?

if i were a stratifying kinda guy, i might say that DNS is one kind of
thing ("the DNS") and EPP, WHOIS, IDN and DNSSEC are another kind of thing
(services that support "the DNS" but not actually part of it).  so from
our charter, are those other things "in scope" for our review?

i'm posing this partly from the project-manager point of view (trying to
manage scope) and partly from a technical/architecture/boundaries point of
view.  it seems to me that "the DNS" could run without any of those other
services.  and attacks against those other things, while causing a lot of
pain, wouldn't take down "the DNS"

discuss.  ;-)

mikey

btw, here's a link to their post --
http://www.cloudregistry.net/blog/e/gtld-registry-services/


On Jan 9, 2012, at 10:04 AM, Greg Aaron wrote:

>
> Please see the legal definition in the nTLD contract (Specification 6,
> #2), which was taken from and is the same definition as for existing
> gTLDs (see "core registry services" on the RSEP page at:
> http://www.icann.org/en/registries/rsep/rsep.html ).  That's the
> definition relevant to both existing and new gTLDs.
>
> That definition says that critical registry services are those:
> "critical to the following tasks: the receipt of data from registrars
> concerning registrations of domain names and name servers; provision
> to registrars of status information relating to the zone servers for
> the TLD; dissemination of TLD zone files; operation of the registry
> zone servers; and dissemination of contact and other information
> concerning domain name server registrations in the TLD as required by
the Registry Agreement".
>
> New gTLDs will be contractually required to have DNSSEC, but existing
> gTLDs are not required to have DNSSEC.  Many ccTLDs have not signed
> their zones, and many ccTLDs and gTLDs who have signed their zones
> still don't allow registrants to sign individual domains.  It is
> highly desirable for registries to provide DNSSEC, and when they do
> it's important to do it correctly.  But because of the above reasons
> it may not be possible to say that DNSSEC is a "critical" registry
function.
>
> Escrow's an important thing, but it doesn't seem to fall under the
> above definition.  (The clause "dissemination of contact and other
> information concerning domain name server registrations" is about
> WHOIS, I believe.) Note that some, maybe many, ccTLDs don't escrow.
> Hopefully all make off-site backups and observe other prudent
> practices, but perhaps few do it like ICANN requires, which mandates
> the use of third-party independent escrow providers.
>
> All best,
> --Greg
>
>
>
> -----Original Message-----
> From: Drazek, Keith [mailto:kdrazek@xxxxxxxxxxxx]
> Sent: Sunday, January 08, 2012 12:53 PM
> To: dssa@xxxxxxxxx
> Subject: RE: [dssa] hm. does anybody have an authoritative source for
> the definition of "core registry functions"?
>
>
>
> Hi Mikey,
>
> The phrase now used by ICANN is "critical registry functions," which
> has been defined most recently through the new gTLD application
> process. The definition is in several places in the Applicant
> Guidebook, including in the section covering the Continued Operations
Instrument.
>
> http://www.icann.org/en/registries/continuity/gtld-registry-continuity
> -pla
> n-25apr09-en.pdf
>
>
> Earlier definitions had a slightly longer lists of six or more:
>
> http://www.icann.org/en/registries/reports/registry-failover-01jun07.h
> tm#a
> nchor3 (see Section 3 of the 2007 Registry Failover Report)
>
> http://www.icann.org/en/registries/continuity/gtld-registry-continuity
> -pla n-25apr09-en.pdf (see page 4 of the 2009 Registry Continuity
> Plan)
>
>
> Hope this helps.
>
> Regards, Keith
>
>
>
>
> Keith Drazek
> Director of Policy
> kdrazek@xxxxxxxxxxxx
>
> m: +1-571-377-9182
> 21345 Ridgetop Circle Dulles, VA 20166
>
> VerisignInc.com
>
>
>
> -----Original Message-----
> From: owner-dssa@xxxxxxxxx [mailto:owner-dssa@xxxxxxxxx] On Behalf Of
> Mike O'Connor
> Sent: Sunday, January 08, 2012 9:20 AM
> To: dssa@xxxxxxxxx
> Subject: [dssa] hm. does anybody have an authoritative source for the
> definition of "core registry functions"?
>
>
> hi all,
>
> i came across the "core registry functions" phrase and thought that
> might be a good list for us to have.  here's the quote that got me
> started
>
>       "Core registry functions are: access to the shared registry
system;
> Whois, DNS resolution; data escrow; and DNSSEC"
>
> the list looks like a good scope-defining punch-list for some of our
work.
>
> but this is from a Minds and Machines advocacy piece on CircleID and
> is by no means authoritative.  are they quoting an RFC or something
> that *is* authoritative?  if so, could you point me in the right
direction?
>
> thanks,
>
> mikey
>
> - - - - - - - - -
> phone         651-647-6109
> fax           866-280-2356
> web   http://www.haven2.com
> handle        OConnorStP (ID for public places like Twitter, Facebook,
Google,
> etc.)

- - - - - - - - -
phone   651-647-6109
fax             866-280-2356
web     http://www.haven2.com
handle  OConnorStP (ID for public places like Twitter, Facebook, Google,
etc.)