Re: Notes of meeting of the Multistakeholder Forum

From: S Moonesamy <sm+mu_at_elandsys.com>
Date: Wed, 22 Apr 2015 04:23:25 -0700

Hi Benoit,
At 04:08 22-04-2015, Benoit Gentil wrote:
>The .MU ccTLD as it is actually has no obligation to escrow the data
>to ICANN. There is no contract between ICANN and the .MU Registry
>forcing them to do so. There is also no alternative to recover data
>in the event of a complete .MU failure. A backup plan would need to
>be setup first before going into the redelegation process with IANA.

I'll comment about the security aspects for now.

I sent the following email to the Permanent Secretary of the Ministry
of Technology, Communication and Innovation on 23 March:

   I would like to bring the following to your attention as it may be
of interest
   to the Republic of Mauritius.

   The .mu Country Code Top Level Domain (ccTLD) is a single point of
failure. I
   performed an analysis to determine the security risk to .mu. It
was not possible
   to assess the risk given the lack of visibility in the .mu
ccTLD. The security risk
   is rated as unknown. The estimated cost of the impact of a .mu failure is
   Rs 41,000,000.

   To avoid any appearance of impropriety I'll disclose that I am serving as a
   Cryptographic Officer for the DNS Root Zone and I am the Chair of the
   .mu Select Committee.

There is a belief that there is an escrow of the .mu data at
ICANN. I doubt that there has been any analysis to verify whether
there are any grounds for such a belief. Is there an acceptable
level of risk for organizations that own, operate, or maintain .mu
domain names? I argued for implementing the technical set-up for .mu
as soon as possible as there isn't any backup plan if something goes wrong.

Regards,
S. Moonesamy
Received on Wed Apr 22 2015 - 11:23:54 PST