<<<
Chronological Index
>>>
Thread Index
>>>
Expedited Registry Security Request -- public archive of requests?
- To: ersr@xxxxxxxxx
- Subject: Expedited Registry Security Request -- public archive of requests?
- From: George Kirikos <gkirikos@xxxxxxxxx>
- Date: Thu, 1 Oct 2009 10:03:45 -0700 (PDT)
Hello,
It's unclear from the announcement at:
http://www.icann.org/en/announcements/announcement-01oct09-en.htm
http://www.icann.org/en/registries/ersr/
whether the requests will be posted to the ICANN website, as exists for RSEP
requests:
http://www.icann.org/en/registries/rsep/
There should be such a page with a public archive of ERSR requests and RSS
feed, for transparency (registries might want to redact parts of their requests
for security reasons on a temporary basis, but the unredacted parts should be
posted after the security incident has completely passed).
The After-Action Report appears to simply be optional, and that is not good
enough, nor timely enough.
Registry operators will be tempted to abuse the "imminent security incident"
aspect to create FUD, and to attempt to justify exorbitant price increases to
consumers/registrants. A registry operator who can't handle its obligations
should instead be put at risk for replacement, via a competitive tender for
operation of that gTLD, and an audit of their operations.
Sincerely,
George Kirikos
http://www.leap.com/
<<<
Chronological Index
>>>
Thread Index
>>>
|