[At-Large] [ALAC-Internal] Fwd: [APAC-Discuss] Internet Governance Webinar Conversation Opportunity With ICANN Senior Executives
Olivier MJ Crepin-Leblond
ocl at gih.com
Thu Nov 7 00:06:00 UTC 2013
On 06/11/2013 23:57, Salanieta Tamanikaiwaimaro wrote:
> 2)Will there be greater diversity and inclusion within SSAC? At the moment, the SSAC decides who it lets into its fold. The SSAC had recently criticised the Risk Management Framework suggesting the use of ISO instead of a standard by the NIST. In light of deliberate compromised vulnerabilities introduced coloring the perception of NIST*, and despite appearances of internationalization at the core of structure, there remains concerns that the SSAC is inevitably part of US National Cyber Security Strategic Frameworks and there is conflict between ICANN's role as a global steward versus its traditional legal obligations.
> P.S This was why I voted against the ALAC Statement supporting calls for implementation of NIST standard instead of the ISO standard.
> * See: http://spectrum.ieee.org/telecom/security/can-you-trust-nist
I'm afraid there is some confusion here.
1. The DSSA report was not an SSAC report, it was the work of a
cross-community working group called the DNS Stability and Security
Analysis (DSSA) WG.
2. NIST employs in excess of 3000 people in dozens of different
scientific fields. For information about NIST, I suggest
Cryptography is just one of the many areas of research that NIST
performs. You cannot condemn an organisation on all of its research
because it is linked to the United States government and because its
crypto work might have backdoors.
3. Using the closed ISO standard for risk analysis instead of the open
NIST standard will prevent our community from having access to the risk
analysis tools which ICANN will use. I do not consider this to be a good
outcome, quite the contrary.
More information about the At-Large