<<<
Chronological Index
>>> <<<
Thread Index
>>>
High Security Top-Level Domain (HSTLD) - Draft Program Development Snapshot
- To: hstld-snapshot-15feb10@xxxxxxxxx
- Subject: High Security Top-Level Domain (HSTLD) - Draft Program Development Snapshot
- From: Paul Foody <paulfoody@xxxxxxxxx>
- Date: Fri, 9 Apr 2010 00:44:03 -0700
Dear Sirs
I thank you for the opportunity to comment on ICANN's Request for
comments on the High Security Top-Level Domain (HSTLD) - Draft Program
Development Snapshot as posted on 22 February 2010.
As a domain registrant and internet user, the certainty that
information, important or not, is being transferred, securely when
necessary, to and from my machine and whichever other machine I am
attempting to contact is absolutely critical to the functionality and
usability of the internet. Accordingly, any attempt by any party
genuinely interested in increasing that certainty has to be applauded
especially since the goals of the paper appear reasonable and the
practices and safeguards being suggested do not appear even as onerous
as the sort of standards required to qualify for recognition by the
International Organisation for Standardisation (which maintains ISO
9000 & 9001). (Furthermore, whilst there was much resistance when ISO
9001 was introduced into the Commercial Property Market back in the
early 90's, the policies and procedures companies were required to
follow in order to qualify for the designation are frequently cited as
having improved the quality of work being produced and or the
efficiency with which the various organisations produce it.)
I am concerned however that the goals being addressed ("Principle 1 :
The Registry maintains effective controls to provide reasonable
assurance that the security, availability and confidentiality of
systems and information assets supporting critical registry IT and
business operations are maintained.."; Principle 2 : The Registry
maintains effective controls to provide reasonable assurance that the
processing of core Registry functions are authorised, accurate,
complete and performed in a timely manner.."; Principle 3 : The
Registry shall ensure it's registrars are behaving as they should;
Principle 4 Registrants "are expected to maintain current and accurate
information, and to commit to refrain from activities designed to
confuse or mislead the internet-using public." ) are of such
fundamental importance to the secure operation of the internet that to
permit any registry refusing even to consider such changes where such
changes advance those lofty aims, to continue operating as a registry
would not be in the public interest.
Accordingly, I believe the HSTLD Review Team should focus on improving
the minimum standards of all TLDs, especially existing TLD's such as
DotCom, to as far as possible completely eradicate these problems
since to demand improved procedures for new TLDs, which cannot have
been affected by the problems motivating this study in the first
place, would in effect be an abandonment of those existing TLDs, which
hardly does anything for the stability of the internet.
I am also a little concerned that this report appears only to consider
the security of the end-destination site and does not appear to
address any of the compromises that could occur in the journey from
origin machine to destination. Whilst a desire for screening
processes for Registry employees is entirely understandable, it is
unlikely any such employee could cause the sort of problems that a
rogue ISP could, yet there does not appear to be any consideration of
the role of the ISP in this paper.
Finally on a personal note, having had concerns a while ago that my
email and web hosting accounts had been compromised only for my email
account host (Yahoo) and my web host (NetSol), to refuse to
communicate in writing except by email I would like to make a
suggestion. Could ICANN please encourage registries (and other
businesses such as Yahoo, Priceline, Expedia etc) to provide physical
contact addresses so that customers writing to those addresses can be
provided with written responses, on company letter headed paper,
albeit perhaps for a small charge, to confirm, since email is not the
most secure of communications, as far as possible, that whatever email
correspondence might have been received is genuine and authorised .
Once again I thank you for the opportunity to make these comments and
submit a suggestion.
Yours sincerely
Paul Foody
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|