Comments on Question 35
Question 35 appears from "out of the blue". It has no prior existence in any prior DAG, and represents an amazing display of narrow, albeit destructive, advocacy work by some party with more access to ICANN than others. It is reasonable to attempt to quantify some technical aspects of the applicant's narrative concerning their (or their senior "partner's") registry capabilities. This is dealt with questions 23 through 44. This public comment reprises a note I sent to the HSTLD-AG mailing list on December 22nd, following comments made during an HSTLD-AG conference call the same day. Comments on the language of question 35: 1. Security is not a defined term, therefore the applicants, and the evaluators, cannot predict evaluation outcomes. 2. The specific controls, HSTLD's current work product in particular, or ISO 27001, are not yet known to have any causal relationship with registry operational art, and the scope of registry operational artany candidate control could, in theory, affect, is not yet known to be materially significant to the secure operation of a registry. 3. "Full Interplay of Business and Technical requirements" is not a quantitative property, and it is doubtful that it is a quantitative property.4. Does "on hand or committed" include mutual assistance agreements or cooperative agreements with OARC or CAIDA or CERTs or similar centers of excellence? The "fails requirement" term could be changed to "does not attempt the (still partially defined) feature set" See the language of question 44, for features that are optional at time of launch. At a minimum, the "criteria" associated with, and the scoring value of "2", should be removed from the DAG. All reference to the HSTLD be removed from the DAG, as the HSTLD-AG has consensus that its work product not be referenced, let alone incorporated, into the DAG. The "fail" language should be changed to reflect some criteria "not attempted" rather than "failure", and the feature set be optional at the time of launch (and so possible at a later point in time). In a personal capacity, Eric Brunner-Williams |