NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender:
NCSG-Discuss <[log in to unmask]>
X-To:
"Carlos A. Afonso" <[log in to unmask]>
Date:
Wed, 18 Apr 2012 17:01:49 +0200
Reply-To:
"klaus.stoll" <[log in to unmask]>
Message-ID:
<1A3A12761F804791B7DA86BBA0EBF88F@KlausPC>
Subject:
From:
"klaus.stoll" <[log in to unmask]>
Content-Transfer-Encoding:
7bit
In-Reply-To:
Content-Type:
text/plain; format=flowed; charset="iso-8859-1"; reply-type=original
MIME-Version:
1.0
Parts/Attachments:
text/plain (107 lines)
Dear Friends

Unfortunately all of the below is true. Many questions but little answers. 
It seems to me the time has come to start a comprehensive re-thinking and 
re-planning process. If things go on as they are the damage will increase 
and increase. ICANN is not perfect, ICANN has a lot of problems, ICANN at 
times is a madhouse of interests and egos, BUT ICANN is the best system for 
Internet Governance we have, we should be proud for the way it worked so 
well so far, everything else is even worse. Now it seems that ICANN is under 
real pressure we need to work twice as hard to protect ICANN and at he same 
time think twice as hard about possible solutions. Now is the time for 
self-confidence and innovation, everything else is counter productive. 
Thinking back over the years we need to look where things started to get 
seriously wrong and correct the basic mistakes made. Any suggestions where 
it all went wrong?

Does anybody know where the reset button is on that one?

Yours

Klaus

-----Original Message----- 
From: Carlos A. Afonso
Sent: Tuesday, April 17, 2012 2:18 PM
To: [log in to unmask]
Subject: Fwd: [governance] ICANNLeaks - Loosing Trust to Maintain the 
Secrecy

Imram pretty much summarizes the extension of the incredible blunder,
especially in its liability aspects.

At a minimum ICANN will need to hire independent specialist auditors to
do a full check on the damage and on who has been affected (although I
do not believe in the tale that just a few have been affected). But
these auditors would be chosen by staff, so the blunder might rise to
new levels. Could the applicants participate in this choice?

This is going to escalate, the question now is how far it will go.

What should NCSG do about it? I frankly do not know what to propose
right now. The IOC/RC process, the refusal by the NTIA to renew the IANA
contract, and now this incredible TAS blunder, all in a few months... it
seems ICANN is trying hard to burn itself out.

I wonder who are the "four candidates" for the post of Beck Rodstrom
(sic on purpose :)), the brave individuals who wish to come to ICANN and
try and clean up this mess?

frt rgds

--c.a.

-------- Original Message --------
Subject: [governance] ICANNLeaks - Loosing Trust to Maintain the Secrecy
Date: Tue, 17 Apr 2012 04:29:17 -0700 (PDT)
From: Imran Ahmed Shah <[log in to unmask]>
Reply-To: [log in to unmask],Imran Ahmed Shah <[log in to unmask]>
To: [log in to unmask] <[log in to unmask]>
CC: Imran @IGFPak.org <[log in to unmask]>

Dear
All,
Security, Stability and Resiliency of the Internet layers was the prime
responsibility of the ICANN, but the organization
couldn't protect/ secure its latest online application submission system
of new
gTLDs (TAS). Would it be fair to say the best practices were not followed to
design the system which was built to keep the information secure,
confidential
and protected. This
application supported the collection of 850+ applications and over $150m
funds.

ICANN
has been informed about this the glitch on 19th but ICANN did not taken it
seriously, decision making took about 23 days.
ICANN took its TAS Application
offline on 12th April which was the last date when it has to be closed
automatically. ICANN has its plan to reopen this TAS system to the
public that
mean Expansion the 90days window by extension of closing
date.
"We have learned of a possible glitch in the TLD application system
software that has allowed a limited number of users to view some other
users' file names and user names in certain scenarios."

Technically it was necessary to use the secure method
and variables should not be displayed in the URL. According to the
policy the
information of the applicants will not be disclosed however, the
applicant name
and the applied for string has to publically announced at a later stage.
Many of them may have lost their
secrecy& confidentiality. It is next to impossible to discover that who is
the beneficiary and who is the looser? However, it will raise the conflicts
and bidding values.
In
short ICANN has lost its trust for maintaining the confidentiality,
Integrity and Information Security. ICANN has to re-define its policy or
call public comments that how to deal with this scenario.

Thanks

Imran Ahmed Shah
. 

ATOM RSS1 RSS2