Hi James,

I appreciate that there might not be a formal policy on the retention of community records, but until such time as we have one (and I think one should be adopted), I would hope that ICANN would err on the side of caution and retain all of the messages in the archives indefinitely. They are our institutional memory, and given ICANN's procedure of recording meetings and providing transcriptions of said meetings, it seems in line with the community's accepted principles of transparency and openness to presume that publicly archived mailing list conversations will be available to be read long into the future. I think a conversation that needs to be had - not now, but eventually - is how the archive mechanism could be improved, say, with a centralised search facility, or the ability to restrict the access to certain messages to certain authorised persons (not simply restricting access to an entire list, as is the case at the moment) where the contents are of a particularly sensitive nature.

As for ProofPoint, I know it is not masking all links in the email archives, but it is masking them the moment an ICANN staffer responds to a thread, which in my opinion is highly problematic. Sadly I have noticed in the Adobe Connect rooms of working groups that ICANN staff are now pasting ProofPoint-masked URLs into the chat boxes too, so their archives are affected, and the wiki also increasingly contains these links. 

Best wishes,

Ayden Férdeline
linkedin.com/in/ferdeline


-------- Original Message --------
Subject: Re: External links & archives
Local Time: 16 February 2017 6:08 AM
UTC Time: 16 February 2017 06:08
From: [log in to unmask]
To: [log in to unmask]


So I’m confused now, proof point is not masking all URLS on mailing lists, only those sent by external actors to ICANN staff.

 

Also while the below may be your expectation on retention, it is certainly not codified anywhere and not reflected anywhere in an SLA or agreement with ICANN.

 

From: NCSG-Discuss [mailto:[log in to unmask]] On Behalf Of Ayden Férdeline
Sent: Thursday, February 16, 2017 1:36 AM
To: [log in to unmask]
Subject: Re: External links & archives

 


Hi,

I would just like to clarify the intent of my comments, and the outcome I am seeking.

My comments are only in relation to record retention. I am of the view that ICANN has a responsibility to retain all emails sent through the various listservs in an appropriate electronic system which:


ICANN’s email archives are a phenomenal resource, full of problems identified and solved, drafts written, revised and later published, issues debated diligently. As a matter of principle I am not comfortable with these records being altered, no matter how minor the edit may be. I am even less comfortable with these archives having their hyperlinks replaced with URLs that may in the future – however likely or unlikely – become broken.

 

ProofPoint exists today and for now the new URLs are redirecting to the correct place. For many organisations with non-vital records or records which need to be retained for exceedingly short periods of time, this solution is probably very appropriate. If it was just the link in, say, the ICANN newsletter that was masked, I would not care. But we are talking about records that we want to safeguard and retain for a long period of time. Conversations between staff and community, for instance, on the current At-Large Review which could see this advisory committee take on policy making functions. We have no guarantees that ProofPoint will be around in five or ten or 100 years time. We need these records retained, unaltered, for future retrieval and study.

 

As it is, many of the email archives from pre-2007 are missing their attachments. This media decay is not acceptable and I would like ICANN to take steps to ensure its email records, moving forward, do not suffer from technology obsolescence.  

 


My remarks are not in regards to the value of ProofPoint in securing and controlling inbound and outbound email. I am not qualified to make an assessment on whether or not ICANN should be using ProofPoint for security, though I do appreciate there is a need for ICANN as an organisation to protect its assets from threats and nuisances. But in my opinion, ICANN also has an obligation to preserve all of the community's public records so that they can be identified and retrieved in their original form in the future.

Best wishes,


 

Ayden Férdeline

linkedin.com/in/ferdeline

 

 

-------- Original Message --------

Subject: Re: External links & archives

Local Time: 15 February 2017 9:14 PM

UTC Time: 15 February 2017 21:14

From: [log in to unmask]

To: [log in to unmask]

 

 

good news for us non-geeks!  Thanks James.

SP

 

On 2017-02-15 14:26, James Gannon wrote:

Being very honest, this is not a question we should be spending time on in my opinion, Proofpoint is used by millions of users and thousands of companies and governments, we wont change anything on their side and ICANNS use of it is a good thing for security.

 

-James

 

From: NCSG-Discuss [mailto:[log in to unmask]] On Behalf Of Stephanie Perrin
Sent: Wednesday, February 15, 2017 5:51 PM
To: [log in to unmask]
Subject: Re: External links & archives

 

Great.  and if Proof point gets bought and killed, my next question is then what?

Stephanie Perrin

 

On 2017-02-15 12:23, Ayden Férdeline wrote:

Greetings, all-

 

I have received a message from ICANN staff regarding the lifespan of access to masked hyperlinks. I have copied and pasted their response verbatim: 

 

hi - i heard back from the security team - Great question!There is a long answer and a short answer.In short, the links will always work as long as Proofpoint is still a company J.The long answer is once the URL is re-written it will always be re-written. For example, if you forward an email to another company that does not own proofpoint but that email you sent has a proofpoint re-written link, they can still open it. It will always re-direct to the proofpoint servers and then to the final destination. If for some reason you leave proofpoint, those links will still work just so long as Proofpoint is still a company.Hope this answers your question!

 

Best wishes,

 

 

 

-------- Original Message --------

Subject: External links & archives

Local Time: 2 February 2017 12:43 PM

UTC Time: 2 February 2017 12:43

 

I really dislike this masking of hyperlinks when we receive an email from ICANN staff now. When I read email archives, I can't see the real URL to ascertain at a glance what I am really clicking on, and must trust it will take me to the ICANN website. I rarely click on every hyperlink in an email, as I can see from the URL whether it is an announcement, a PDF, taking me to the wiki, or somewhere else. Now I am often left to click all the links to try to find the relevant material. This is a but a small inconvenience, and not my biggest concern. What I worry about is how we archive these links. In five or ten years time, will "urldefense.proofpoint.com" plus the string of 200 or so random characters still redirect to the linked content? We don't need these third party redirects, it does not make us any safer, and it feels very much us vs. them. Is it possible that we can get some meaningful assurances from ICANN staff that these masked links will redirect to the correct URLs in perpetuity? Thanks