[cabfpub] ICANN Request for Internal Server Names

Ben Wilson ben at digicert.com
Thu May 23 22:12:56 UTC 2013



As a follow up to an email I sent to the management list last Friday, today
I had another call with Francisco Arias of ICANN.  He is copied on this
email.  We discussed the following potential arrangements:


1.            ICANN is finalizing its own arrangements to aggregate internal
server name data for further study.  This is a follow-on to the SSAC's
Advisory - Internal Name Certificates (SAC-057).  ICANN asked whether the
CA/B Forum preferred to conduct the data collection and report
independently, but I said that among CA/B Forum members, in that regard,
ICANN would be considered the more neutral third party to collect and
confidentially analyze the data.


2.            ICANN would like to contact each CA, either directly, or
through various public means, such as this list, to obtain data.  (I
mentioned potential use of contact lists maintained by Mozilla and Microsoft
or by me to you directly.)  ICANN needs all data on internal names contained
in certificates, and the data set would at least include the organization
name and registered domain name.   The group conducting the study for ICANN
will likely want to contact some of the enterprises using internal names to
learn more about particular use cases.  If you know of any good ones in
particular, it may be good to share that information with them.  Expect to
receive follow-up communications in this regard.


3.            If you need ICANN to sign a mutual confidentiality agreement
before sharing this data with them, they have reviewed the attached
CAB/Forum-recommended mutual NDA, which includes the following additional
provision:   "This confidentiality and use restriction is not intended to
preclude publication or presentation of aggregate benchmark data for
research and analytical purposes, provided that no identifying information
of individual certification authorities or web browser vendors will be
associated with the benchmark data."


4.            ICANN representatives would like to address members of the
CAB/Forum about this data request, and answer any remaining questions,
during our next telephone call on Thur. May 30.  They are scheduled to speak
from 1605-1620, UTC. 


5.            ICANN has preliminarily agreed to the CA/B Forum IPR Policy
and IPR Agreement.  They would like to sign an LOI/MOU liaison agreement
with the CA/Browser Forum as soon as possible and become a non-voting
interested party, similar to the agreement that CA/B Forum has with ETSI.  I
am using the ETSI agreement as a model to create a draft LOI/MOU with ICANN.
I will circulate the agreement for member review, and ICANN has indicated
that its lawyers will need to edit and approve it as well, and then it will
be finalized for signature.  


Action on your part requires that you start planning your response to
ICANN's data request now so that the data can be delivered and aggregated
for review by ICANN as soon as possible.  If you want to start a one-on-one
dialog with ICANN immediately on this matter, I have blind-copied Francisco.
His email address is Francisco{dot}Arias{at}icann{dot}org.





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130523/bf1d50dd/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NDA - ICANN Request.doc
Type: application/msword
Size: 39424 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130523/bf1d50dd/attachment-0002.doc>

More information about the Public mailing list