Security, Stability & Resiliency of the DNS Review - Comment

["Michele Neylon :: Blacknight" <michele@xxxxxxxxxxxxx>]

As Ireland's only ICANN accredited registrar and largest hosting provider we 
take the security and stability of the DNS very seriously, as we have an 
obvious vested interest.

With respect to this report I would like to firstly thank the review team for 
their hard work. I know how taxing it can be to get involved in ICANN work 
groups and that it invariably involves lots of calls, emails and meetings.

With respect to the recommendations themselves.

1 - that makes perfect sense. A lot of issues arise around definitions of scope 
when speaking about ICANN and other organisations. Having a clear definition 
should do a lot to solve this
2 - ibid
3 - Makes sense. 
4 - I'm not sure what is meant by "engagement"
5 - Agreed. it would also be helpful for the rest of us to get a clearer 
picture of what they actually do. They're shrouded in mystery
9 - have any specific certs been identified? Speaking of "best practice" is 
fine to a point, but having actual concrete terms is less ambiguous
11 - Coupling "DNS abuse" and "consumer confusion" together is quite dangerous 
in some respects. I'm not sure that you can measure both in the same way ie. 
DNS abuse is relatively quantifiable, while "consumer confusion" is incredibly 
vague
12 - very vague. Contracts etc., with whom exactly? 
13 - Ok, but in order for that to happen SSAC et al would need to work better 
with the supporting organisations
14 - ICANN has issues with outreach. I'm not sure if they're in a position to 
improve this in an area as complex as SSR
15 - Agreed, but I assume this would be done in a fashion that would not expose 
threats?
16 - 22 - Agreed. The ICANN budget (in its entirety) grows every year. It is 
important that we (stakeholders) can see that funding is going to the right 
places and that we can see how funds are spent.
24 - Why does this only refer to "long-term risks"? I don't understand that. I 
would have expected a recommendation to address the CSO role in general. Is 
that even defined anywhere at the moment?
25 - again I'd ask about why the insistence is on "long-term" risks only. While 
I can appreciate that advance planning etc., would focus on the "big picture" 
etc., etc., I would expect a risk profile to be comprehensive and deal with ALL 
risks


Regards

Michele



Mr Michele Neylon
Blacknight Solutions ♞
Hosting & Colocation, Brand Protection
ICANN Accredited Registrar
http://www.blacknight.com/
http://blog.blacknight.com/
http://blacknight.biz
http://mneylon.tel
Intl. +353 (0) 59  9183072
US: 213-233-1612 
Locall: 1850 929 929
Direct Dial: +353 (0)59 9183090
Facebook: http://fb.me/blacknight
Twitter: http://twitter.com/mneylon
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,Ireland  Company No.: 370845