ICANNs role [was: Re: On-going ...]

• Previous message (by thread): summarising [was: Re: ICANNs role]
• Next message (by thread): ICANNs role [was: Re: On-going ...]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Gadi,

> So you are the guys asleep at the guard post? :)

Something ICANN is frequently accused of.

> 1. Allowing registrars to terminate domains based on abuse, rather  
> than
> just fake contact details.

Seems like a reasonable idea to me, but wouldn't that be a  
contractual term between the registrar and registrant?

> 2. Following these incidents as they happen so that YOU, in charge,  
> can
> make these suggestion?

Sorry, who is in charge?

> 3. For true emergencies threatening the survivability of the system,
> shoudln't we be able to black-list a domain in the core?

I don't understand this one.  What's "the core" in this context?

> 4. Black lists for providers are not perfect, but perhaps they  
> could help
> protect users significantly?

Perhaps they could.  Not sure what ICANN would have to do with this  
though (unless you're suggesting ICANN runs a blacklist? If so, I  
suspect ICANN's legal counsel would have ... concerns).

> 5. Enforcing that registrars act in say, not a whitehat fashion, but a
> not blackhat fashion?

Sorry, what does this mean?

> 6. Yours here?

Sorry, haven't really looked into this space, so I don't yet have  
suggestions.

> 1. Rather than terminate on fake details - verify details before a  
> domain
> is registered. Not just the credit card, either.

Isn't this a business practice of the registrars?  I gather you're  
suggesting ICANN take a much more aggressive role with registrars?

> 2. Domains are a commodity, ICANN should know, what of putting them  
> under
> a wider license on abuse and termination or suspension?

My observations are that the relationship between ICANN and the  
registry/registrar folks is much less dictatorial than you appear to  
assume.

> The whole system is almost completely unregulated, and this is  
> money you
> take care of that we speak of here.

There are many who argue quite forcefully that ICANN is not a regulator.

> You have a long way to go before claiming to take care of the
> Internet.

I don't think ICANN has ever claimed this.

> Please take that route if you believe you can. The Internet
> needs your help.

You seem to believe ICANN has a much greater role in Internet  
management than it has.  ICANN can't even make changes to a name  
server in the root zone without US government approval.

> How about some funding for research projects? Getting involved and  
> perhaps
> funding Incident response on a global scale?

I can suggest this, although having a concrete proposal would  
probably carry more weight.

> Why does this have to be in the hands of volunteers, such as myself  
> and
> hundreds of others?
>
> Why does Internet security have to be in the hands of those with "good
> will" rather than those who are supposed to take care of it?

I suspect because the Internet is decentralized.

> How about adding security to the main agenda along-side with  
> the .xxx TLD?

It is, although there are lots of aspects to security so undoubtedly,  
it can't be all things to all people.  ICANN has an advisory  
committee specifically targeted at "security and stability" that has  
some folks who frequently participate on this list (http:// 
www.icann.org/committees/security/).

> I have no problem with ICANN, but there is a long way to go before  
> you can
> claim to protect the Internet, infrastructure, users, or what's in the
> middle.

I don't think ICANN claims this.

> I'd encourage ICANN to take that road, much like I would encourage
> any person or organization that wants to help.
>
> You were not here before when we needed you, so organizations like
> FIRST, the ISOTF and many good-will based groups were created. You are
> here now, how do we proceed?

I don't think anyone expected ICANN to take on the role of Internet  
security czar.  I suspect if ICANN tried to assert this sort of role,  
the USG (among other governments) would take strong exception.   
ICANN's role (as I understand it) is coordinative, not directive.   
Any attempt to go beyond this will result in ICANN getting slapped down.

> What is ICANNs next step? I will support it, so will others. It's not
> about politics as much as it is about who DOES. Maybe you just need to
> work with the community rather than claim to run it when you don't  
> really
> do anything in security quite yet.

I don't think ICANN has ever claimed to run "the community".

> Well, if a domain was registered last month, last week, or 2 hours  
> ago,
> and is used to send spam, host a phishing site or changes name servers
> that support phishing sites ALONE (nothing legit) in the thousands, or
> support the sending of billions of email messages burdening messaging
> across the board, I'd call it bad.

As would I.

> Who "one" is, now that is something to work out. We need help  
> setting the
> system in place with guidelines and policies so that the one or  
> other can
> start reporting and getting results.
>
> Is ICANN willing to help?

To be perfectly clear, I don't speak for ICANN, I just run IANA.  I'm  
happy to forward suggestions to folks in ICANN who don't participate  
in NANOG or other forums, but don't expect this to have significantly  
more impact than you participating directly in the various ICANN forums.

Rgds,
-drc

• Previous message (by thread): summarising [was: Re: ICANNs role]
• Next message (by thread): ICANNs role [was: Re: On-going ...]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]