Re: [dssa] RE: Revised Draft Confidentiality Guidelines

["Mike O'Connor" <mike@xxxxxxxxxx>]

hi all,

i'm pulling the questions into the email flow and taking a crack at my 
understanding of where we're at.  in the order they appear in the draft…

Don -- "Will subgroup involvement be required of all members? If so, this point 
couold be problematic if all of the groups need to handle confidential 
information."

My thoughts -- no, sub-group involvement is definitely not required.  we're 
imagining that just as there are the "regulars" on the teleconferences, there 
will be a subset of the DSSA who will want to participate in the subgroups.  
and conversely, it may turn out that we need subgroups to do work on 
NON-confidential information -- in which case this document does not apply.


Don and Jacques -- regarding the separate email-distribution system -- "use of 
PGP encryption?   Can ICANN provide a secure system for this purpose? I see the 
need for email security but PGP does not work in any reasonable fashion with 
some email systems and clients "   

My thoughts -- we left this open in this stage of the draft.  we decided to 
treat that puzzle as an implementation detail if and when we got closer to the 
point of needing it.  we figured that the members of the subgroup might have 
some ideas (or resources) regarding this as well.  but we left that undecided 
for now.


Don -- speaking to the kind of information that sub-group members might receive 
-- "I would remove 'technical.' I can imagine situations where, for example, 
the information might involve business processes."

My thoughts -- i agree, good catch


Jacques -- speaking to the "highest standard of protection" attribute of Type1 
information -- "this should be furthered defined in this document or another, 
information storage and access, encryption, etc…"

My thoughts -- this was intended to a relative term, on the range of 
lowest-protection to highest-protection.  again, we left the details of the 
implementation to another day and presumed that when we got closer to actually 
using this framework we would have a better idea of what the requirements might 
be.  


Don -- commenting on the removal of a sub-group member (very last paragraph) -- 
"This could happen two ways: a repudiation or one of the vouching members 
dropping out. I suggest clarifying that it apply only to the first case."

My thoughts -- we discussed this very question and came to the opposite 
conclusion, i think mostly based on the way OARC does stuff but i can't 
remember.  the notion here is that we're trying to maintain an 
actively-affirmed level of trust for all members of the sub-group.  the risk is 
that a member could become an "island" in the trust chain if one or both of 
their "vouch" people leave the group, thus making info-providers uncomfortable 
with sharing.  so our thought was that if a person lost one or both of their 
endorsers, they'd probably find it fairly easy to recruit a few more -- but 
that if they didn't, we avoid potential embarrassment (or worse) by simply 
having a matter-of-fact rule that removes them from the sub-group until they do.


great comments!  thoughts?

mikey


On Jan 25, 2012, at 12:37 PM, Don Blumenthal wrote:

> Some thoughts on top of the document from Jacques. As he said, the document 
> is very good.
> 
> Don
> 
> 
> From: Jacques Latour <jacques.latour@xxxxxxx<mailto:jacques.latour@xxxxxxx>>
> Date: Wed, 25 Jan 2012 13:10:55 -0500
> To: Julie Hedlund <julie.hedlund@xxxxxxxxx<mailto:julie.hedlund@xxxxxxxxx>>
> Cc: "dssa@xxxxxxxxx<mailto:dssa@xxxxxxxxx>" 
> <dssa@xxxxxxxxx<mailto:dssa@xxxxxxxxx>>
> Subject: [dssa] RE: Revised Draft Confidentiality Guidelines
> 
> Hi,
> 
> I just have a few comments/questions in the document, mostly around how we 
> handle sensitive information within the sub-groups.
> 
> Other than that, it looks good.
> 
> Jacques
> 
> 
> From: owner-dssa@xxxxxxxxx<mailto:owner-dssa@xxxxxxxxx> 
> [mailto:owner-dssa@xxxxxxxxx] On Behalf Of Julie Hedlund
> Sent: January-25-12 10:40 AM
> To: dssa@xxxxxxxxx<mailto:dssa@xxxxxxxxx>
> Subject: [dssa] Revised Draft Confidentiality Guidelines
> 
> Dear DSSA-WG members,
> 
> Based on the comments received here are revised draft guidelines with tracked 
> changes.  It will be helpful if you could let us know as soon as possible if 
> you have any further changes.
> 
> Best regards,
> 
> Julie
> 
> Julie Hedlund, Policy Director
> <DSSA - WG Confidentiality Guidelines v1 Rev 25 Jan 2012  J.LATOUR - dmb.doc>

- - - - - - - - -
phone   651-647-6109  
fax             866-280-2356  
web     http://www.haven2.com
handle  OConnorStP (ID for public places like Twitter, Facebook, Google, etc.)