Bill, Marc was referring to CORE membership, not gTLD MoU. While, yes, we
all care and even have a stake, the structural model for the gTLD MoU is
that CORE and the registrars worry about operations. POC and the PAB do not.
Well, "worry" is probably the wrong word. CORE has the responsibility.
Personally I think that it's just fine for the rest of us to worry some and
offer useful suggestions, as long as we don't think that we have a "vote".
I should, however, note that in fact POC has more than a vote with respect
to security. The nature of the text (probably CORE MoU) is to require the
POC to approve the CORE security details. And in fact, POC has been highly
plugged in to the CORE activity, so this isn't a problem.
What's happened by virtue of the theft, I think, is that our model of
threats has just changed rather dramatically. Security is a continuum and
we make choices based on the threats -- I'm not telling YOU this, but
merely reminding the other readers. I must admit that a threat this bold
just didn't seem likely to me. Statistically, I'm sure it ISN'T that
likely. But of course, the CORE machines are particularly attractive,
aren't they?
I've had contact with Best's operation and know that it is an extremely
popular co-location facility, so CORE's choosing them seemed entirely
reasonable to me. That said, I've wondered whether the Best arrangement
was adequate. We've now seen that it certainly isn't adequate for
preventing an attack by a competent and focused force. We'll see how
things turn out on the post hoc pursuit of the thief.
d/
----------------------------------------------------------------------
Dave Crocker +1 408 246 8253 / (f) +1 408 249 6205
Brandenburg Consulting dcrocker@brandenburg.com
675 Spruce Dr., Sunnyvale, CA 94086 USA www.brandenburg.com