Interesting insight: On the BC list, Mikey O'Connor (a member of the HSTLD group) writes:
there is definitely **not** consensus today within the HSTLD group at this time on the answer. another question which remains open is "what is the scope of authority of, and participation in, the program?" certainly registries, that's a given. but what about registrars? what about registrants? what are the implications of widening the scope to include all three of those groups? is it practical? is it possible?
if you think verifying the capabilities of registry security people is hard, imagine what it's going to be like to verify/certify that the security teams of every registrar and **every registrant** can manage security to a level that assures end users. which gets to another fundamental unanswered question --"who is the ultimate customer of the HSTLD program and what is it going to provide them?" again, that question hasn't been answered yet by the advisory group and it's far from consensus on that topic."
No comments:
Post a Comment