[At-Large] [ALAC-Internal] Fwd: [APAC-Discuss] Internet Governance Webinar Conversation Opportunity With ICANN Senior Executives

julie.hammer at bigpond.com julie.hammer at bigpond.com
Thu Nov 7 00:25:15 UTC 2013 

Dear Sala,

To add to Olivier's remarks, I think the report you may be thinking of is the Westlake consultant's report for the Board DNS Risk Management Framework Working Group.  This report recommended using ISO rather than NIST (as recommended in the DSSA Report).  The SSAC has made no comment on the Westlake report. 

Cheers,  Julie

---- Olivier MJ Crepin-Leblond <ocl at gih.com> wrote: 
> Dear Sala,
> 
> On 06/11/2013 23:57, Salanieta Tamanikaiwaimaro wrote:
> > 2)Will there be greater diversity and inclusion within SSAC? At the moment, the SSAC decides who it lets into its fold. The SSAC had recently criticised the Risk Management Framework suggesting the use of ISO instead of a standard by the NIST. In light of deliberate compromised vulnerabilities introduced coloring the perception of NIST*, and despite appearances of internationalization at the core of structure, there remains concerns that the SSAC is inevitably part of US National Cyber Security Strategic Frameworks and there is conflict between ICANN's role as a global steward versus its traditional legal obligations.
> >
> > P.S This was why I voted against the ALAC Statement supporting calls for implementation of NIST standard instead of the ISO standard. 
> >
> > * See: http://spectrum.ieee.org/telecom/security/can-you-trust-nist
> 
> I'm afraid there is some confusion here.
> 
> 1. The DSSA report was not an SSAC report, it was the work of a
> cross-community working group called the DNS Stability and Security
> Analysis (DSSA) WG.
> 2. NIST employs in excess of 3000 people in dozens of different
> scientific fields. For information about NIST, I suggest
> http://www.nist.gov/
> Cryptography is just one of the many areas of research that NIST
> performs. You cannot condemn an organisation on all of its research
> because it is linked to the United States government and because its
> crypto work might have backdoors.
> 3. Using the closed ISO standard for risk analysis instead of the open
> NIST standard will prevent our community from having access to the risk
> analysis tools which ICANN will use. I do not consider this to be a good
> outcome, quite the contrary.
> 
> Kind regards,
> 
> Olivier
> _______________________________________________
> ALAC-Internal mailing list
> ALAC-Internal at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/alac-internal
> 
> ALAC Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
> 
> At-Large Website: http://atlarge.icann.org

More information about the At-Large mailing list