LISTSERV - NCSG-DISCUSS Archives

Hi,

I would just like to clarify the intent of my comments, and the outcome I am seeking.

My comments are only in relation to record retention. I am of the view that ICANN has a responsibility to retain all emails sent through the various listservs in an appropriate electronic system which:

- Preserves their original content, context, and structure;

- Can associate the messages with their sender;

- Are protected against unauthorised alteration, deletion, or use; and

- Can be located, retrieved, presented, and interpreted for the retention period that the community has set.


ICANN’s email archives are a phenomenal resource, full of problems identified and solved, drafts written, revised and later published, issues debated diligently. As a matter of principle I am not comfortable with these records being altered, no matter how minor the edit may be. I am even less comfortable with these archives having their hyperlinks replaced with URLs that may in the future – however likely or unlikely – become broken.

ProofPoint exists today and for now the new URLs are redirecting to the correct place. For many organisations with non-vital records or records which need to be retained for exceedingly short periods of time, this solution is probably very appropriate. If it was just the link in, say, the ICANN newsletter that was masked, I would not care. But we are talking about records that we want to safeguard and retain for a long period of time. Conversations between staff and community, for instance, on the current At-Large Review which could see this advisory committee take on policy making functions. We have no guarantees that ProofPoint will be around in five or ten or 100 years time. We need these records retained, unaltered, for future retrieval and study.

As it is, many of the email archives from pre-2007 are missing their attachments. This media decay is not acceptable and I would like ICANN to take steps to ensure its email records, moving forward, do not suffer from technology obsolescence.

My remarks are not in regards to the value of ProofPoint in securing and controlling inbound and outbound email. I am not qualified to make an assessment on whether or not ICANN should be using ProofPoint for security, though I do appreciate there is a need for ICANN as an organisation to protect its assets from threats and nuisances. But in my opinion, ICANN also has an obligation to preserve all of the community's public records so that they can be identified and retrieved in their original form in the future.

Best wishes,



Ayden Férdeline
[linkedin.com/in/ferdeline](http://www.linkedin.com/in/ferdeline)



-------- Original Message --------
Subject: Re: External links & archives
Local Time: 15 February 2017 9:14 PM
UTC Time: 15 February 2017 21:14
From: [log in to unmask]
To: [log in to unmask]



good news for us non-geeks! Thanks James.


SP


On 2017-02-15 14:26, James Gannon wrote:


Being very honest, this is not a question we should be spending time on in my opinion, Proofpoint is used by millions of users and thousands of companies and governments, we wont change anything on their side and ICANNS use of it is a good thing for security.





-James






From: NCSG-Discuss [mailto:[log in to unmask]] On Behalf Of Stephanie Perrin
Sent: Wednesday, February 15, 2017 5:51 PM
To: [log in to unmask]
Subject: Re: External links & archives





Great. and if Proof point gets bought and killed, my next question is then what?


Stephanie Perrin





On 2017-02-15 12:23, Ayden Férdeline wrote:





Greetings, all-

I have received a message from ICANN staff regarding the lifespan of access to masked hyperlinks. I have copied and pasted their response verbatim:








hi - i heard back from the security team - Great question!There is a long answer and a short answer.In short, the links will always work as long as Proofpoint is still a company J.The long answer is once the URL is re-written it will always be re-written. For example, if you forward an email to another company that does not own proofpoint but that email you sent has a proofpoint re-written link, they can still open it. It will always re-direct to the proofpoint servers and then to the final destination. If for some reason you leave proofpoint, those links will still work just so long as Proofpoint is still a company.Hope this answers your question!







Best wishes,









Ayden Férdeline



[linkedin.com/in/ferdeline](http://www.linkedin.com/in/ferdeline)












-------- Original Message --------



Subject: External links & archives



Local Time: 2 February 2017 12:43 PM



UTC Time: 2 February 2017 12:43



From: [log in to unmask]



To: [log in to unmask] [<[log in to unmask]>](mailto:[log in to unmask])







I really dislike this masking of hyperlinks when we receive an email from ICANN staff now. When I read email archives, I can't see the real URL to ascertain at a glance what I am really clicking on, and must trust it will take me to the ICANN website. I rarely click on every hyperlink in an email, as I can see from the URL whether it is an announcement, a PDF, taking me to the wiki, or somewhere else. Now I am often left to click all the links to try to find the relevant material. This is a but a small inconvenience, and not my biggest concern. What I worry about is how we archive these links. In five or ten years time, will "urldefense.proofpoint.com" plus the string of 200 or so random characters still redirect to the linked content? We don't need these third party redirects, it does not make us any safer, and it feels very much us vs. them. Is it possible that we can get some meaningful assurances from ICANN staff that these masked links will redirect to the correct URLs in perpetuity? Thanks









Ayden Férdeline



[linkedin.com/in/ferdeline](http://www.linkedin.com/in/ferdeline)