<<<
Chronological Index
>>> <<<
Thread Index
>>>
[dssa] Reminder: Draft confidentiality guidelines
- To: dssa@xxxxxxxxx
- Subject: [dssa] Reminder: Draft confidentiality guidelines
- From: "Mike O'Connor" <mike@xxxxxxxxxx>
- Date: Mon, 16 Jan 2012 16:38:32 -0600
<html><head><base href="x-msg://122/"></head><body style="word-wrap:
break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;
">hi all,<div><br></div><div>we, your Ops gang, decided on today's call to put
a deadline on comments about our draft Confidential-Information guidelines.
we're hoping to receive your comments by close of business (your time)
this Friday, 20-January. that will give us a chance to review them on our
call a week from today and push out a revised draft to you for consensus-review
early next week.</div><div><br></div><div>so far, Katrina is the only person
who's sent comments. she sent them to me and i got her permission to
forward her comments to the list.</div><div><br></div><div>we discussed her
comments on the Ops call today and realized that our draft guidelines doesn't
do enough to explain why we think the "vouching" thing is a good idea. so
let me sketch out a few points here and we'll work on a revised draft to make
this idea clearer.</div><div><br></div><blockquote
class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none;
padding: 0px;"><div>probably the most important issue we're trying to address
with these rules is to build a web of trust and accountability around any
information that is shared. </div><div><br></div><div>we want to make
sure that the people sharing highly sensitive information are assured that
their information will not find its way out of the sub-group without their
permission.</div><div><br></div><div>one way to do that is to automatically
trust everybody in the DSSA and only block people if there's an objection
(Katrina's proposal) the other is to initially not trust anybody in the DSSA
and only allow them into the subgroup if they are endorsed by two others (the
current version of the draft).</div><div><br></div><div>at this point, the
co-chairs are still more comfortable with the vouch-in rather than the
object-out model because it seems to us to be more secure, and our overriding
goal is to ensure no breaches.</div><div><br></div><div>so why do co-chairs go
first? our answer is that we need to start somewhere in order to "seed"
the group with an initial set of members, and a basic set of trust
relationships. this also means that we, the co-chairs, are the foundation
on which all the rest of the trust fabric is built. that's something that
i was initially a bit uncomfortable with. but we have to start somewhere
and the co-chairs seem to be the best/logical place to
start.</div><div><br></div><div>but that *also* means that we co-chairs bear
the ultimate accountability for the security of the information, since all the
rest of the "vouch" structure is built on our original vouches. again,
that initially made me uncomfortable but i've concluded that i'm comfortable
taking that responsibility. after all, that's why you pay me the big
money. :-)</div><div><br></div><div>that in turn means that while i know
many of you, i'm only willing to "vouch" for a subset of the group -- those
people with whom i've done enough work, over enough time, to have concluded
that i'm able to vouch for them. this turns out to be a fairly small
group of people -- which makes sense when you think about it. that
doesn't mean that i don't think badly of the rest of you, it's just that i
don't have enough experience with most of you to to be accountable for your
actions. this is not "friending you on Facebook", this is putting myself
on the line to share the blame if you reveal extremely sensitive
information.</div><div><br></div><div>so what about a person on the DSSA who
doesn't know anybody else and thus can't collect the needed two "vouches" in
order to participate the subgroup? i think there are two answers to this.
the first is that this is something that falls on your shoulders to solve
rather than mine. you can gain the trust trust of other members by
working with them on other, less-sensitive, types of work so that they can form
their opinion about whether they're comfortable standing behind you. i
know, this sounds harsh and "clubby" but we may be engaged in very sensitive
work here and i feel that i have to lay that out.</div><div><br></div><div>but
the second answer is that maybe there is an alternative path to the two needed
vouches. we talked this morning about the possibility that a person could
extend the web of trust through non-DSSA members who *in turn* are known to
members of the subgroup. the examples we used on our call were people
like Vint Cerf and Paul Vixie but they could really be any person who are
willing to participate in the trust/accountability chain of vouches. they
would have to understand the responsibility they're taking on -- again, this
isn't Facebook-friends type stuff. but that would be a way to get the job
done.</div><div><br></div></blockquote>as you can see -- Katrina's comment was
a GREAT one. it triggered a really interesting/thoughtful conversation on
the Ops list and (i hope) will do the same on the larger list. thanks
Katrina! i've attached her note below.<div><br></div><div>so let's hear
from the rest of you. we'd like to put this to bed, but we'd also like it
to be really really good, because it may be a model that other working groups
can look at when they're dealing with sensitive information. so it's fine
to hammer on it until it's right. again, we'd like to get your comments
in by the end of the week if it's
possible.</div><div><br></div><div>thanks,</div><div><br></div><div>mikey</div><div><br></div><div><br><div><div><br><div>Begin
forwarded message:</div><br class="Apple-interchange-newline"><blockquote
type="cite"><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px;
margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium;
color:rgba(0, 0, 0, 1);"><b>From: </b></span><span
style="font-family:'Helvetica'; font-size:medium;">"Katrina Sataki" <<a
href="mailto:katrina@xxxxxx";>katrina@xxxxxx</a>><br></span></div><div
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left:
0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(0, 0,
0, 1);"><b>Date: </b></span><span style="font-family:'Helvetica';
font-size:medium;">January 12, 2012 7:54:06 AM CST<br></span></div><div
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left:
0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(0, 0,
0, 1);"><b>To: </b></span><span style="font-family:'Helvetica';
font-size:medium;">"'Mike O'Connor'" <<a
href="mailto:mike@xxxxxxxxxx";>mike@xxxxxxxxxx</a>><br></span></div><div
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left:
0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(0, 0,
0, 1);"><b>Subject: </b></span><span style="font-family:'Helvetica';
font-size:medium;"><b>Draft confidentiality
guidelines</b><br></span></div><br><span class="Apple-style-span"
style="border-collapse: separate; font-family: Helvetica; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing: normal; line-height:
normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform:
none; white-space: normal; widows: 2; word-spacing: 0px;
-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px;
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; font-size: medium; "><div lang="LV" link="blue"
vlink="purple"><div class="WordSection1" style="page: WordSection1; "><div
style="margin-top: 0cm; margin-right: 0cm; margin-left: 0cm; margin-bottom:
0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;
"><o:p> </o:p></div><div style="margin-top: 0cm; margin-right: 0cm;
margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 11pt; font-family:
Calibri, sans-serif; ">Hi, Mikey,<o:p></o:p></div><div style="margin-top: 0cm;
margin-right: 0cm; margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; "><o:p> </o:p></div><div
style="margin-top: 0cm; margin-right: 0cm; margin-left: 0cm; margin-bottom:
0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; ">Thank you and
your Co-Chairs very much for the document! It is perfectly
clear.<o:p></o:p></div><div style="margin-top: 0cm; margin-right: 0cm;
margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 11pt; font-family:
Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0cm;
margin-right: 0cm; margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; ">However, the nasty ‘lawyerly’ side of me
has some comments/questions:<o:p></o:p></div><div style="margin-top: 0cm;
margin-right: 0cm; margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; "><o:p> </o:p></div><div
style="margin-top: 0cm; margin-right: 0cm; margin-left: 36pt; margin-bottom:
0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; text-indent:
-18pt; "><span>1)<span style="font: normal normal normal 7pt/normal 'Times New
Roman'; "> <span
class="Apple-converted-space"> </span></span></span>In the document
several terms are used to describe the same thing „sub-working groups of the
DSSA-WG”, „sub-working groups” and even „sub-groups” (the last one in the
picture and use cases). Personally I would prefer the shortest version –
sub-groups. It is quite clear that they a) are gonna work and b) are part of
DSSA-WG.<o:p></o:p></div><div style="margin-top: 0cm; margin-right: 0cm;
margin-left: 36pt; margin-bottom: 0.0001pt; font-size: 11pt; font-family:
Calibri, sans-serif; text-indent: -18pt; "><span>2)<span style="font: normal
normal normal 7pt/normal 'Times New Roman';
"> <span
class="Apple-converted-space"> </span></span></span>In the picture it also
says DSSA, not DSSA-WG as it is in the rest of the
document.<o:p></o:p></div><div style="margin-top: 0cm; margin-right: 0cm;
margin-left: 36pt; margin-bottom: 0.0001pt; font-size: 11pt; font-family:
Calibri, sans-serif; text-indent: -18pt; "><span>3)<span style="font: normal
normal normal 7pt/normal 'Times New Roman';
"> <span
class="Apple-converted-space"> </span></span></span>page 2 - "Written
information provided DSSA-WG members shall be considered" - 'to' is missing? Or
'by'? Or I misunderstood the sentence?<o:p></o:p></div><div style="margin-top:
0cm; margin-right: 0cm; margin-left: 36pt; margin-bottom: 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif; text-indent: -18pt; "><span>4)<span
style="font: normal normal normal 7pt/normal 'Times New Roman';
"> <span
class="Apple-converted-space"> </span></span></span>Does it really matter
what steps DNS-OARC procedures follow if DSSA-WG is not going to use some of
them? I find it confusing: there it is - the full list - and then – oh, we’re
not gonna follow it („...more like guidelines anyway...” (c) Pirates of
Carribean). I think it would be better to list only those procedures DSSA-WG
WILL follow and put a reference to DNS-OARC if necessary (e.g., as a footnote
with explanations).<o:p></o:p></div><div style="margin-top: 0cm; margin-right:
0cm; margin-left: 36pt; margin-bottom: 0.0001pt; font-size: 11pt; font-family:
Calibri, sans-serif; text-indent: -18pt; "><span>5)<span style="font: normal
normal normal 7pt/normal 'Times New Roman';
"> <span
class="Apple-converted-space"> </span></span></span>Is the vouching
process necessary? I mean, if Co-Chairs select members they vouch for them,
don't you think? Maybe it is better to publish the list and then invite
other WG members to object to any particular member being included into the
sub-group. They could do it by sending a private e-mail, for example. And the
Co-Chairs can evaluate if the objection is reasonable. Anyway, if there is
anything wrong with any member of the DSSA then probably they should not be the
part of the group. It is not a pay-and-become-a-member group as in the case of
DNS-OARC.<o:p></o:p></div><div style="margin-top: 0cm; margin-right: 0cm;
margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 11pt; font-family:
Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0cm;
margin-right: 0cm; margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; ">At this point the nice technical persons
wins and I stop with great appreciation of the work Co-Chairs did! Thank
you!<o:p></o:p></div><div style="margin-top: 0cm; margin-right: 0cm;
margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 11pt; font-family:
Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0cm;
margin-right: 0cm; margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; ">Kind regards,<o:p></o:p></div><div
style="margin-top: 0cm; margin-right: 0cm; margin-left: 0cm; margin-bottom:
0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;
"><o:p> </o:p></div><div style="margin-top: 0cm; margin-right: 0cm;
margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 11pt; font-family:
Calibri, sans-serif; ">]{atrina<o:p></o:p></div><div style="margin-top: 0cm;
margin-right: 0cm; margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; "><o:p> </o:p></div><div
style="margin-top: 0cm; margin-right: 0cm; margin-left: 0cm; margin-bottom:
0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;
"><o:p> </o:p></div><div style="margin-top: 0cm; margin-right: 0cm;
margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 11pt; font-family:
Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0cm;
margin-right: 0cm; margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; "><span style="font-size: 10pt; font-family:
Arial, sans-serif; color: black; "><o:p> </o:p></span></div><div
style="margin-top: 0cm; margin-right: 0cm; margin-left: 0cm; margin-bottom:
0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><b><span
style="font-size: 10pt; font-family: Arial, sans-serif; ">-- Katrina
Sataki,<span class="Apple-converted-space"> </span></span></b><span
style="font-size: 10pt; font-family: Arial, sans-serif;
">CEO<o:p></o:p></span></div><div style="margin-top: 0cm; margin-right: 0cm;
margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 11pt; font-family:
Calibri, sans-serif; "><span style="font-size: 10pt; font-family: Arial,
sans-serif; color: black; "><o:p> </o:p></span></div><div
style="margin-top: 0cm; margin-right: 0cm; margin-left: 0cm; margin-bottom:
0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span
style="font-size: 10pt; font-family: Arial, sans-serif; color: black; "><img
width="187" height="75" id="Picture_x0020_1" alt="emlogo" apple-width="yes"
apple-height="yes"
src="cid:image003.jpg@01CCD142.6A266690"><o:p></o:p></span></div><div
style="margin-top: 0cm; margin-right: 0cm; margin-left: 0cm; margin-bottom:
0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span
style="font-size: 10pt; font-family: Arial, sans-serif; color: black;
"><o:p> </o:p></span></div><div style="margin-top: 0cm; margin-right: 0cm;
margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 11pt; font-family:
Calibri, sans-serif; "><b><span style="font-size: 10pt; font-family: Arial,
sans-serif; color: gray; ">NIC.LV</span></b><span style="font-size: 10pt;
font-family: Arial, sans-serif; color: gray; "><span
class="Apple-converted-space"> </span><b>– The Registry of ccTLD
.lv</b><o:p></o:p></span></div><div style="margin-top: 0cm; margin-right: 0cm;
margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 11pt; font-family:
Calibri, sans-serif; "><span style="font-size: 10pt; font-family: Arial,
sans-serif; color: gray; ">Institute of Mathematics and Computer
Science,<o:p></o:p></span></div><div style="margin-top: 0cm; margin-right: 0cm;
margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 11pt; font-family:
Calibri, sans-serif; "><span style="font-size: 10pt; font-family: Arial,
sans-serif; color: gray; ">University of Latvia<o:p></o:p></span></div><div
style="margin-top: 0cm; margin-right: 0cm; margin-left: 0cm; margin-bottom:
0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span
style="font-size: 10pt; font-family: Arial, sans-serif; color: gray; ">Raina
bulvaris 29, Riga LV-1459<o:p></o:p></span></div><div style="margin-top: 0cm;
margin-right: 0cm; margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; "><span style="font-size: 10pt; font-family:
Arial, sans-serif; color: gray; ">Tel: +371 67085858 | Fax: +371 67225072 |
Mobile: +371 29249666<o:p></o:p></span></div><div style="margin-top: 0cm;
margin-right: 0cm; margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; "><span style="font-size: 10pt; font-family:
Arial, sans-serif; color: gray; ">E-mail:<span
class="Apple-converted-space"> </span><a href="mailto:katrina@xxxxxx";
style="color: blue; text-decoration: underline; ">katrina@xxxxxx</a><span
class="Apple-converted-space"> </span>| Skype: kat..s | Web:<span
class="Apple-converted-space"> </span><a href="http://www.nic.lv";
style="color: blue; text-decoration: underline; "><span style="color: gray;
">www.nic.lv</span></a><o:p></o:p></span></div><div style="margin-top: 0cm;
margin-right: 0cm; margin-left: 0cm; margin-bottom: 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;
"><o:p> </o:p></div></div></div></span></blockquote></div><br><div>
<span class="Apple-style-span" style="border-collapse: separate; color: rgb(0,
0, 0); font-family: Helvetica; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2;
text-align: auto; text-indent: 0px; text-transform: none; white-space: normal;
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px;
-webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none;
-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size:
medium; "><div><div style="font-size: 12px; ">- - - - - - - - -</div><div
style="font-size: 12px; ">phone <span class="Apple-tab-span"
style="white-space: pre; "> </span>651-647-6109 </div><div
style="font-size: 12px; ">fax <span class="Apple-tab-span"
style="white-space: pre; "> </span>866-280-2356 </div><div
style="font-size: 12px; ">web <span class="Apple-tab-span"
style="white-space: pre; "> </span><a
href="http://www.haven2.com";>http://www.haven2.com</a></div><div
style="font-size: 12px; ">handle<span class="Apple-tab-span"
style="white-space: pre; "> </span>OConnorStP (ID for public places like
Twitter, Facebook, Google, etc.)</div></div></span>
</div>
<br></div></div></body></html>
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|