[Top-Posting]

Thanks David, of course, as you know, this was not an attack on you. I
appreciate you clarifying to me a bitmore on what ICANN does, does not
and is not supposed to do.

I will contact you off-list for further consultation. Many thanks again
for all your help!

So, who *is* able to help affect change?

        Gadi.

On Mon, 2 Apr 2007, David Conrad wrote:
> Gadi,
> 
> > So you are the guys asleep at the guard post? :)
> 
> Something ICANN is frequently accused of.
> 
> > 1. Allowing registrars to terminate domains based on abuse, rather  
> > than
> > just fake contact details.
> 
> Seems like a reasonable idea to me, but wouldn't that be a  
> contractual term between the registrar and registrant?
> 
> > 2. Following these incidents as they happen so that YOU, in charge,  
> > can
> > make these suggestion?
> 
> Sorry, who is in charge?
> 
> > 3. For true emergencies threatening the survivability of the system,
> > shoudln't we be able to black-list a domain in the core?
> 
> I don't understand this one.  What's "the core" in this context?
> 
> > 4. Black lists for providers are not perfect, but perhaps they  
> > could help
> > protect users significantly?
> 
> Perhaps they could.  Not sure what ICANN would have to do with this  
> though (unless you're suggesting ICANN runs a blacklist? If so, I  
> suspect ICANN's legal counsel would have ... concerns).
> 
> > 5. Enforcing that registrars act in say, not a whitehat fashion, but a
> > not blackhat fashion?
> 
> Sorry, what does this mean?
> 
> > 6. Yours here?
> 
> Sorry, haven't really looked into this space, so I don't yet have  
> suggestions.
> 
> > 1. Rather than terminate on fake details - verify details before a  
> > domain
> > is registered. Not just the credit card, either.
> 
> Isn't this a business practice of the registrars?  I gather you're  
> suggesting ICANN take a much more aggressive role with registrars?
> 
> > 2. Domains are a commodity, ICANN should know, what of putting them  
> > under
> > a wider license on abuse and termination or suspension?
> 
> My observations are that the relationship between ICANN and the  
> registry/registrar folks is much less dictatorial than you appear to  
> assume.
> 
> > The whole system is almost completely unregulated, and this is  
> > money you
> > take care of that we speak of here.
> 
> There are many who argue quite forcefully that ICANN is not a regulator.
> 
> > You have a long way to go before claiming to take care of the
> > Internet.
> 
> I don't think ICANN has ever claimed this.
> 
> > Please take that route if you believe you can. The Internet
> > needs your help.
> 
> You seem to believe ICANN has a much greater role in Internet  
> management than it has.  ICANN can't even make changes to a name  
> server in the root zone without US government approval.
> 
> > How about some funding for research projects? Getting involved and  
> > perhaps
> > funding Incident response on a global scale?
> 
> I can suggest this, although having a concrete proposal would  
> probably carry more weight.
> 
> > Why does this have to be in the hands of volunteers, such as myself  
> > and
> > hundreds of others?
> >
> > Why does Internet security have to be in the hands of those with "good
> > will" rather than those who are supposed to take care of it?
> 
> I suspect because the Internet is decentralized.
> 
> > How about adding security to the main agenda along-side with  
> > the .xxx TLD?
> 
> It is, although there are lots of aspects to security so undoubtedly,  
> it can't be all things to all people.  ICANN has an advisory  
> committee specifically targeted at "security and stability" that has  
> some folks who frequently participate on this list (http:// 
> www.icann.org/committees/security/).
> 
> > I have no problem with ICANN, but there is a long way to go before  
> > you can
> > claim to protect the Internet, infrastructure, users, or what's in the
> > middle.
> 
> I don't think ICANN claims this.
> 
> > I'd encourage ICANN to take that road, much like I would encourage
> > any person or organization that wants to help.
> >
> > You were not here before when we needed you, so organizations like
> > FIRST, the ISOTF and many good-will based groups were created. You are
> > here now, how do we proceed?
> 
> I don't think anyone expected ICANN to take on the role of Internet  
> security czar.  I suspect if ICANN tried to assert this sort of role,  
> the USG (among other governments) would take strong exception.   
> ICANN's role (as I understand it) is coordinative, not directive.   
> Any attempt to go beyond this will result in ICANN getting slapped down.
> 
> > What is ICANNs next step? I will support it, so will others. It's not
> > about politics as much as it is about who DOES. Maybe you just need to
> > work with the community rather than claim to run it when you don't  
> > really
> > do anything in security quite yet.
> 
> I don't think ICANN has ever claimed to run "the community".
> 
> > Well, if a domain was registered last month, last week, or 2 hours  
> > ago,
> > and is used to send spam, host a phishing site or changes name servers
> > that support phishing sites ALONE (nothing legit) in the thousands, or
> > support the sending of billions of email messages burdening messaging
> > across the board, I'd call it bad.
> 
> As would I.
> 
> > Who "one" is, now that is something to work out. We need help  
> > setting the
> > system in place with guidelines and policies so that the one or  
> > other can
> > start reporting and getting results.
> >
> > Is ICANN willing to help?
> 
> To be perfectly clear, I don't speak for ICANN, I just run IANA.  I'm  
> happy to forward suggestions to folks in ICANN who don't participate  
> in NANOG or other forums, but don't expect this to have significantly  
> more impact than you participating directly in the various ICANN forums.
> 
> Rgds,
> -drc
> 
> 

Reply via email to