ICANNs role [was: Re: On-going ...]

Douglas Otis dotis at mail-abuse.org
Tue Apr 3 03:34:44 UTC 2007



On Apr 2, 2007, at 7:02 PM, Gadi Evron wrote:

> On Mon, 2 Apr 2007, David Conrad wrote:
>> On Apr 1, 2007, at 8:45 AM, Gadi Evron wrote:
>>
>> The one concrete suggestion I've seen is to induce a delay in zone  
>> creation and publish a list of newly created names within the zone.
>> The problem with this is that is sort of assumes:
>
> What are your thoughts on basic suggestions such as:
> 1. Allowing registrars to terminate domains based on abuse, rather  
> than just fake contact details.

This requires a separate agency tasked to respond to reports of  
crime.  Registrars have a conflict of interest (they want to be  
profitable).  Even answering the phone to deal with this type of  
problem costs more than a registration is worth.  Hence, it is easier  
to establish domain tasting which essentially drops this entire  
problem into someone else's lap.

> 2. Following these incidents as they happen so that YOU, in charge,  
> can make these suggestion?

Often enforcement policies begins with a complaint.  But who is  
taking the role of enforcement?

> 3. For true emergencies threatening the survivability of the  
> system, shoudln't we be able to black-list a domain in the core?

It would be nice if there were an agency that had a mechanism in  
place for routinely yanking domains that pose a public threat.  Who  
would you trust in that role?  Unfortunately, the US has lost their  
credibility as loudly echoed on this list.

> 4. Black lists for providers are not perfect, but perhaps they  
> could help protect users significantly?

Black-hole or block-lists is where protection can be introduced,  
political push back will thwart centralized enforcement.  To support  
this mode of operation, a preview mode of operation would be highly  
beneficial.  Currently bad actors will keep such efforts in a futile  
feckless reactive mode.

> 5. Enforcing that registrars act in say, not a whitehat fashion,  
> but a not blackhat fashion?

Of course a bad registrar might warrant greater scrutiny.  At what  
point would all their customers need to find a different registrar?

> 6. Yours here?

Perhaps only banks should be allowed to act as registrars?  At least  
they know how to check physical IDs.

-Doug




More information about the NANOG mailing list