On Mon, 2 Apr 2007, David Conrad wrote:
On Apr 1, 2007, at 8:45 AM, Gadi Evron wrote:
On Sun, 1 Apr 2007, David Conrad wrote:
On Mar 31, 2007, at 8:44 PM, Gadi Evron wrote: I'm not clear what "this realm" actually is. Abuse and Security (non infrastructure).
Well, ICANN is supposed to look after the "security and stability" of the Internet, which is sufficiently vague and ambiguous to cover pretty much anything. I was actually looking for something a bit more concrete.
So you are the guys asleep at the guard post? :)
The one concrete suggestion I've seen is to induce a delay in zone creation and publish a list of newly created names within the zone. The problem with this is that is sort of assumes:
What are your thoughts on basic suggestions such as: 1. Allowing registrars to terminate domains based on abuse, rather than just fake contact details. 2. Following these incidents as they happen so that YOU, in charge, can make these suggestion? 3. For true emergencies threatening the survivability of the system, shoudln't we be able to black-list a domain in the core? 4. Black lists for providers are not perfect, but perhaps they could help protect users significantly? 5. Enforcing that registrars act in say, not a whitehat fashion, but a not blackhat fashion? 6. Yours here? I can go to extremes in my suggestions, non are new: 1. Rather than terminate on fake details - verify details before a domain is registered. Not just the credit card, either. 2. Domains are a commodity, ICANN should know, what of putting them under a wider license on abuse and termination or suspension? The whole system is almost completely unregulated, and this is money you take care of that we speak of here. You have a long way to go before claiming to take care of the Internet. Please take that route if you believe you can. The Internet needs your help. How about some funding for research projects? Getting involved and perhaps funding Incident response on a global scale? Why does this have to be in the hands of volunteers, such as myself and hundreds of others? Why does Internet security have to be in the hands of those with "good will" rather than those who are supposed to take care of it? How about adding security to the main agenda along-side with the .xxx TLD? I have no problem with ICANN, but there is a long way to go before you can claim to protect the Internet, infrastructure, users, or what's in the middle. I'd encourage ICANN to take that road, much like I would encourage any person or organization that wants to help. You were not here before when we needed you, so organizations like FIRST, the ISOTF and many good-will based groups were created. You are here now, how do we proceed? What is ICANNs next step? I will support it, so will others. It's not about politics as much as it is about who DOES. Maybe you just need to work with the community rather than claim to run it when you don't really do anything in security quite yet.
a) the registries all work on similar timescales b) that timescale is on the order of a day c) ICANN has a mechanism to induce the registries to make changes to those timescales d) making changes along these lines would be what end users actually want.
Of these options:
- (a) isn't true (by observation) - (b) is currently true for com/net, but I don't expect that to last -- I've heard there is a lot of competitive pressure on the registries to be faster in doing zone modifications - (c) I don't think is true now for even those TLDs ICANN has a contractual relationship with and is highly unlikely to ever be true for the vast majority of TLDs - (d) probably isn't true, given lots of people complain about how long it takes to get zone changes done now and I believe registries are working to reduce the amount of time significantly due to customer demand.
Even if a delay were imposed, I'm not sure I see how this would actually help as I would assume it would require folks to actually look at the list of newly created domains and discriminate between the ones that were created for good and the ones created for ill. How would one do this?
Well, if a domain was registered last month, last week, or 2 hours ago, and is used to send spam, host a phishing site or changes name servers that support phishing sites ALONE (nothing legit) in the thousands, or support the sending of billions of email messages burdening messaging across the board, I'd call it bad. Who "one" is, now that is something to work out. We need help setting the system in place with guidelines and policies so that the one or other can start reporting and getting results. Is ICANN willing to help?
-drc
Gadi.
P.S. I should point out that IANA has only glancing interaction with the registry/registrar world, so I'm working from a large amount of ignorance here. Fortunately, being ignorant rarely stops me... :-)