[95742] in North American Network Operators' Group
Re: ICANNs role [was: Re: On-going ...]
daemon@ATHENA.MIT.EDU (Gadi Evron)
Tue Apr 3 00:27:01 2007
Date: Mon, 2 Apr 2007 23:01:59 -0500 (CDT)
From: Gadi Evron <ge@linuxbox.org>
To: David Conrad <drc@virtualized.org>
Cc: nanog@merit.edu
In-Reply-To: <157ABA9D-7263-4F17-A952-B62C628980B9@virtualized.org>
Errors-To: owner-nanog@merit.edu
[Top-Posting]
Thanks David, of course, as you know, this was not an attack on you. I
appreciate you clarifying to me a bitmore on what ICANN does, does not
and is not supposed to do.
I will contact you off-list for further consultation. Many thanks again
for all your help!
So, who *is* able to help affect change?
Gadi.
On Mon, 2 Apr 2007, David Conrad wrote:
> Gadi,
>
> > So you are the guys asleep at the guard post? :)
>
> Something ICANN is frequently accused of.
>
> > 1. Allowing registrars to terminate domains based on abuse, rather
> > than
> > just fake contact details.
>
> Seems like a reasonable idea to me, but wouldn't that be a
> contractual term between the registrar and registrant?
>
> > 2. Following these incidents as they happen so that YOU, in charge,
> > can
> > make these suggestion?
>
> Sorry, who is in charge?
>
> > 3. For true emergencies threatening the survivability of the system,
> > shoudln't we be able to black-list a domain in the core?
>
> I don't understand this one. What's "the core" in this context?
>
> > 4. Black lists for providers are not perfect, but perhaps they
> > could help
> > protect users significantly?
>
> Perhaps they could. Not sure what ICANN would have to do with this
> though (unless you're suggesting ICANN runs a blacklist? If so, I
> suspect ICANN's legal counsel would have ... concerns).
>
> > 5. Enforcing that registrars act in say, not a whitehat fashion, but a
> > not blackhat fashion?
>
> Sorry, what does this mean?
>
> > 6. Yours here?
>
> Sorry, haven't really looked into this space, so I don't yet have
> suggestions.
>
> > 1. Rather than terminate on fake details - verify details before a
> > domain
> > is registered. Not just the credit card, either.
>
> Isn't this a business practice of the registrars? I gather you're
> suggesting ICANN take a much more aggressive role with registrars?
>
> > 2. Domains are a commodity, ICANN should know, what of putting them
> > under
> > a wider license on abuse and termination or suspension?
>
> My observations are that the relationship between ICANN and the
> registry/registrar folks is much less dictatorial than you appear to
> assume.
>
> > The whole system is almost completely unregulated, and this is
> > money you
> > take care of that we speak of here.
>
> There are many who argue quite forcefully that ICANN is not a regulator.
>
> > You have a long way to go before claiming to take care of the
> > Internet.
>
> I don't think ICANN has ever claimed this.
>
> > Please take that route if you believe you can. The Internet
> > needs your help.
>
> You seem to believe ICANN has a much greater role in Internet
> management than it has. ICANN can't even make changes to a name
> server in the root zone without US government approval.
>
> > How about some funding for research projects? Getting involved and
> > perhaps
> > funding Incident response on a global scale?
>
> I can suggest this, although having a concrete proposal would
> probably carry more weight.
>
> > Why does this have to be in the hands of volunteers, such as myself
> > and
> > hundreds of others?
> >
> > Why does Internet security have to be in the hands of those with "good
> > will" rather than those who are supposed to take care of it?
>
> I suspect because the Internet is decentralized.
>
> > How about adding security to the main agenda along-side with
> > the .xxx TLD?
>
> It is, although there are lots of aspects to security so undoubtedly,
> it can't be all things to all people. ICANN has an advisory
> committee specifically targeted at "security and stability" that has
> some folks who frequently participate on this list (http://
> www.icann.org/committees/security/).
>
> > I have no problem with ICANN, but there is a long way to go before
> > you can
> > claim to protect the Internet, infrastructure, users, or what's in the
> > middle.
>
> I don't think ICANN claims this.
>
> > I'd encourage ICANN to take that road, much like I would encourage
> > any person or organization that wants to help.
> >
> > You were not here before when we needed you, so organizations like
> > FIRST, the ISOTF and many good-will based groups were created. You are
> > here now, how do we proceed?
>
> I don't think anyone expected ICANN to take on the role of Internet
> security czar. I suspect if ICANN tried to assert this sort of role,
> the USG (among other governments) would take strong exception.
> ICANN's role (as I understand it) is coordinative, not directive.
> Any attempt to go beyond this will result in ICANN getting slapped down.
>
> > What is ICANNs next step? I will support it, so will others. It's not
> > about politics as much as it is about who DOES. Maybe you just need to
> > work with the community rather than claim to run it when you don't
> > really
> > do anything in security quite yet.
>
> I don't think ICANN has ever claimed to run "the community".
>
> > Well, if a domain was registered last month, last week, or 2 hours
> > ago,
> > and is used to send spam, host a phishing site or changes name servers
> > that support phishing sites ALONE (nothing legit) in the thousands, or
> > support the sending of billions of email messages burdening messaging
> > across the board, I'd call it bad.
>
> As would I.
>
> > Who "one" is, now that is something to work out. We need help
> > setting the
> > system in place with guidelines and policies so that the one or
> > other can
> > start reporting and getting results.
> >
> > Is ICANN willing to help?
>
> To be perfectly clear, I don't speak for ICANN, I just run IANA. I'm
> happy to forward suggestions to folks in ICANN who don't participate
> in NANOG or other forums, but don't expect this to have significantly
> more impact than you participating directly in the various ICANN forums.
>
> Rgds,
> -drc
>
>