Page History
...
*Anticipated completed date to be provided once reasonable date is determined by appropriate subject-matter expert
Item # | Category | Source of Request | Date of Request | Action Item Request | Action Owner | Anticipated Completion Date* | Progress Notes |
---|---|---|---|---|---|---|---|
456 | General | 111 | 27 May 2020 | KC to help find resources related to NCAP and share these with Naveed. | ICANN org | 3 June 2020 | |
455 | General | 111 | 27 May 2020 | Staff to provide information about the implementation of the CCT recommendations that have been accepted by the Board. | ICANN org | 10 June 2020 | |
454 | General | 111 | 27 May 2020 | Staff to provide information on how the implementation shepherd concept is working in practice. | ICANN org | 10 June 2020 | |
453 | General | 111 | 27 May 2020 | Staff to post the update blog to icann.org. | ICANN org | 1 June 2020 | |
452 | General | 110 | 20 May 2020 | Review team members to continue to work in subgroups and update the bar chart as work progresses. | ICANN org | 3 June 2020 | |
451 | General | 110 | 20 May 2020 | Staff to update the work plan based on the review team’s new completion date. | ICANN org | 27 May 2020 | |
450 | General | 13 May 2020 | Q: It would be great if we could get updates on SSAC recommendations in SAC101v2, SAC097, and the 4 suggestions in :
| ICANN org | TBD | ||
449 | General | 11 May 2020 | Q: It was announced earlier this year that Verisign will give ICANN $20 million over five years, beginning next year, “to support ICANN's initiatives to preserve and enhance the security, stability, and resiliency of the DNS.” Why (were there SSR vulnerabilities identified by Verisign and/or ICANN for which funding was needed)? Would you please provide the SSR2 with details on what specific activities ICANN will be using these funds for, next year and in subsequent years, (beyond the general categories mentioned in Goran’s March 27 announcement). What criteria and process is ICANN using to determine how to spend this SSR money? Goran stated that he “recognizes the request for accountability and transparency regarding how the funds are used and is committed to full transparency to provide the ICANN community the appropriate level of detail when available”-- please provide SSR2 more details on this, including how the funds and expenditures will be reflected and tracked in ICANN’s annual budget and operating plan. | ICANN org | TBD | ||
448 | General | 5 May 2020 | Q: ICANN reportedly will be adding supplemental questions and criteria on DNS abuse to the registrar accreditation application (sounds promising). Please provide SSR2 with information about this including: the final or draft supplemental text; how ICANN will assess the answers; whether and how the answers will factor into ICANN’s decision to approve or deny an application; how ICANN will track and hold an approved registrar accountable for the registrar’s statements in the application regarding how the applicant intends to address DNS abuse as a registrar; and whether ICANN has plans to add similar supplemental DNS abuse questions and criteria to registrar contract renewals (why, why not). | ICANN org | TBD | ||
447 | General | 5 May 2020 | 3) The blog states (the obvious) that ICANN isn’t a regulator of Internet content, but it doesn’t address ICANN’s public interest remit. Multiple entities have asked ICANN to better govern the manner in which domain names are registered, and now especially, everyone is asking ICANN to hold contracted parties to greater accountability to prevent domains from being registered by malicious actors, especially for pandemic-related fraud and abuse. This requires greater scrutiny during the registration process. > What actions are ICANN taking that address this? > In addition to high volumes of fraudulent domain names containing pandemic-related strings with which criminals try to fool Internet users, random looking or otherwise auto-generated names that are easy to register in volume and are being used by the hundreds to perpetuate pandemic-related phishing attacks. What actions are ICANN taking that addresses this? > Recommended actions contained in SSR2’s draft report could help mitigate pandemic-related domain name abuse. Is the ICANN Board and staff reconsidering any of these actions? > Recommendations from others over the last few years also would help mitigate pandemic-related domain name abuse – especially the substantially increased phishing attacks that harm users. Is the ICANN Board and staff reconsidering any of these actions? Including: > - will ICANN move to ensure domain name registrant data is validated? Or at least implement cross-field validation? > - will ICANN put in place an Acceptable Use Policy that applies specifically to parties that register large numbers of domains, that requires registrants to apply for (and be validated for) bulk registration services? Further, will ICANN put in place an obligation to distinguish domain names registered by legal entities from those registered by > natural persons, classify parties that use bulk registration services as legal entities, and require unredacted access to the registration data of legal entities? > - will ICANN maintain and publish a current list of validated bulk registrants (who are from above defined as not natural persons)? > - will ICANN disallow registration transactions that involve large numbers of random-looking algorithmic domain names? > - will ICANN disallow, for a period of one year, the re-registration of any bulk-registered domain name that has been used in a criminal cyberattack? | ICANN org | TBD | ||
446 | General | 5 May 2020 | 2) What distinguishes ICANN's participation in the face of the pandemic from how they've participated in the past? > The blog says: “ICANN Compliance uses data collected in audits (described in more detail below) to assess whether registries and registrars are adhering to their DNS security threat obligations.” > What will Compliance do that it has not done until now? > Is Compliance making audit data associated with US-based registrars available to States Attorney Generals and the US Attorney General? | ICANN org | TBD | ||
445 | General | 5 May 2020 | 1) The blog says: " the domain names and the data collected by the system will be shared with parties > What specific actions is ICANN expecting registries and registrars to take? > For example, is ICANN encouraging suspension of name resolution or of the registration, or the registrant account? > Will ICANN ask registrars and registries to report on the efficacy of these actions? If so, when and on what cadence? > ICANN should publicly report per registrar & registry action: > How many names has it identified as suspicious/malicious? > What’s the number of domain names that each registry/registrar has taken action against? And what action was taken? > When can we expect ICANN public reporting and on what cadence? | ICANN org | TBD | ||
442 | General | 107 | 8 Apr 2020 | KC to share proposed text that she believes should be included in the report with regard to prioritization, as articulated on the call. | KC | 15 Apr 2020 |
COMPLETED ACTIONS/REQUESTS
...