Page History

Overview

This The APAC Space web conference to discuss DNS Abuse was held on 13 February 2020. 17 remote participants from various backgrounds including registries and registrars, end-users, and civil societies attended the web conference.

In summary, Donna Austin (Chair, Registries Stakeholder Group) and Raymond Zylstra (Neustar) gave the registries’ perspective of defining DNS Abuse according to the Registry Agreement (RA) Specification 11(3)(b), and the steps that registries take to mitigate DNS security threats. Holly Raiche (At-Large Advisory Committee member) spoke on the ALAC’s perspective of DNS Abuse and the ALAC recommendations to the Board on this matter. Satish Babu facilitated the community discussion as the APAC Space Community Facilitator.

During AOB, Joyce Chen (ICANN) informed community members that the next APAC Space will take place during the ICANN67 Community Forum in Cancún, Mexico.

Links to the meeting recording and presentation slides can be found at the APAC Space Community Wiki page here: https://apacspace.asia/.

Details of the session are as follows:

Opening Remarks

For background, the APAC Space web conference followed from the community discussions that took place during the Plenary on DNS Abuse in ICANN66 Montreal. In his opening remarks, Jia-Rong Low (ICANN) said that ICANN Org does not have a view on the topic of DNS Abuse and sought guidance from the community based on their discussions. Hence, the web conference served to inform APAC community members about the ongoing discussions and to relate the issues back to the APAC region.

Perspectives on DNS Abuse

Registries Stakeholder Group (RySG)

Donna stated that there was no agreed definition of DNS Abuse within the ICANN community. However, the ICANN community agreed that DNS Abuse was an important topic for the community to discuss. The RySG preferred to use the term “security threats” to refer to threats within the RA scope. To find out more about RySG’s perspective on DNS Abuse, read the RySG Open Letter to the Community.

According to the RA Specification 11(3)(b), registry operators are required to do technical analysis to identify potential security threats such as pharming, phishing, malware, and botnets. They are also required to maintain records of the identified threats and actions that were taken.

In response to advice from the Governmental Advisory Committee (GAC), a voluntary Framework for Registry Operator to Respond to Security Threats was developed by Registries and the Public Safety Working Group (PSWG).

Raymond explained that registries had limited options to take action. This was because any action taken by the registry operator will affect the domain name as a whole, i.e., taking action would mean removing the entire domain name from the Domain Name System (DNS). Additionally, certain actions such as transferring a domain may require a court order. As registrars had a direct relationship with the registrants, registrars were usually the first line of action in the instance of abuse.

Donna highlighted that a group of registries and registrars cooperated to create and sign a Framework to Address DNS Abuse. The framework acts as a best practice guide for contracted parties.

At-Large Advisory Committee

Holly highlighted that the European Union General Data Protection Regulation (EU GDPR) has had an impact on what data is collected and made available in the WHOIS. This was a concern for stakeholders tackling DNS Abuse, such as law enforcement.

Of note, the ALAC Consolidated Policy Working Group meets weekly to discuss issues such as DNS Abuse. A result of those discussions was the ALAC Advice to ICANN Board on DNS Abuse which outlined ALAC’s concerns and recommendations to the Board. Some of the key concerns raised were:

• DNS Abuse remains a key factor eroding confidence in the Internet.
• Bulk registrations are a problem as they are largely undertaken by bad actors.
• There should be no further round of new gTLDs without a thorough reform to mitigate DNS Abuse.
• Rather than keep the status quo, ICANN had a role to play to take action on these issues, identifying the operators with high concentrations of abuse against whom onward action ought to be contemplated.

Holly also raised the recommendations to address DNS Abuse that were made in the Competition, Consumer Trust, Consumer Choice (CCT) Review under ‘Chapter 9 – Safeguards’. Of note were three recommendations:

1. To provide incentives for registries to adopt proactive anti-abuse measures.
2. The use of initiatives such as Domain Abuse Activity Reporting (DAAR) to identify systemic abuse and bad actors.
3. More comprehensive reporting by ICANN Contractual Compliance.

Community Discussion

Discussion highlights are as follows:

...

session focused on a readout of ICANN67, the first-ever remote-only ICANN Meeting. Seven community leaders shared their takeaways on key areas, perspectives, and feedback from ICANN67. The subsequent community discussion centered mostly on the remote participation experience held in Cancún time, which turned out to be more positive than initially expected.

During AOB, Jia-Rong Low (ICANN) also introduced the APAC Regional Plan FY21-25 for which the ICANN APAC regional office will organize further consultation sessions with the regional community. It was agreed for the next APAC Space session to cover this topic in April.

Details of Session

SubPro PDP: Cheryl Langdon-Orr (SubPro PDP Working Group Co-Chair)

After working at length since 2015 on the Policy Development Process (PDP) for Subsequent Procedures (SubPro) from the initial 2012 new gTLD round, the SubPro PDP Working Group (WG) was now focusing on its draft final recommendations. At ICANN67, the WG focused on four topics, out of its original 40 or so, that had open questions remaining:

1) Closed Generics – gTLDs made of a generic or commonly used word (e.g. .book etc.) that do not allow second-level registrations by any other registrant except the registry itself. The question was whether such gTLDs should exist, and, if so, how they would serve a public interest goal.

2) Public Interest Commitments (PICs) – contractual mechanisms for registries to implement GAC advice, namely Mandatory PICs and Voluntary PICs. The latter saw a proposed change in nomenclature during ICANN67 to “Registry Voluntary Commitments”.

3) GAC Early Warning and GAC Advice – ways that the GAC raises policy concerns it foresees with particular gTLD applications. The WG reviewed the GAC’s roles in these areas and how they applied to the PDP.

4) Applicant Support Program and Underserved Regions – a community-led initiative by GNSO and At-Large to make new gTLD applications more accessible to underserved regions (e.g. reduced application fees). Cheryl said this was something the APAC community should be passionate about.

There was insufficient time at ICANN67 for the WG to touch on a fifth topic – Community Based Applications, which are community-based new gTLDs to be used by community groups. However, the WG had spent much time on it before.

Cheryl added that at ICANN67, the WG also worked with the GAC on the above five topics given the GAC’s high interest.

Cheryl shared that the WG targeted to publish its draft Final Report for Public Comment targeted around July 2020, and strongly encouraged the APAC community to submit comments then.

EPDP Phase 2: Rafik Dammak (GNSO Council Vice Chair and Liaison to EPDP Team)

For background, the Temporary Specification for gTLD Registration Data set out temporary requirements for registries and registrars to continue complying with existing ICANN contractual requirements in light of the European Union’s General Data Protection Regulation (GDPR). The team for Phase 1 of the Expedited Policy Development Process on the Temporary Specification for gTLD Registration Data (EPDP Phase 1) had focused work on whether to improve or replace the Temporary Specification. Phase 2 was then split into Priority 1 and Priority 2 topics, where the former focused on a proposed System for Standardized Access/Disclosure to non-public gTLD registration data, also known as the SSAD model. Priority 2 topics were “loose” topics that had been deferred from Phase 1. The priority numbering was not meant to indicate any difference in importance, just a manner of organising work areas relative to the team’s work timeline.

The EPDP Phase 2 team had reduced its sessions to just two at ICANN67, focusing on Priority 2 topics, which included:

1) Revised Purpose 2 – the Board did not adopt Purpose #2 of the EPDP Phase 1 team’s recommendations, which reads, “Contributing to the maintenance of the security, stability, and resiliency of the Domain Name System in accordance with ICANN’s mission through enabling responses to lawful data disclosure requests.”

2) Uniform anonymized email address and city field redaction – agreement was reached on the draft recommendation text for both the feasibility of unique contacts to have a uniform anonymized email address and city field redaction in gTLD registration data.

3) Automation use cases – this examined what circumstances (i.e. use cases) under which requests for disclosure of non-public gTLD registration data could be automated. The team also asked its legal committee to seek external legal counsel for guidance on automation, especially for risk and liability.

4) WHOIS accuracy – the GNSO Council indicated that WHOIS accuracy should be decoupled from EPDP Phase 2 due to its importance and complexity. The Council would continue to scope on how to proceed in handling it.

Since ICANN67, the WG published an addendum to its Phase 2 Initial Report for Public Comment containing the team’s preliminary recommendations on Priority 2 items (the Public Comment window ends on 5 May). Due to COVID-19, this exercise doubled as an additional opportunity for those who were unable to submit comments earlier on the Initial Report addressing the SSAD model while allowing the EPDP team to still adhere to its current work timeline.

The team targeted to finish its Final Report to submit to the GNSO Council by June 2020.

At-Large Policy Sessions: Holly Raiche (ALAC Member)

At-Large sessions at ICANN67 covered 3 key topics: (i) DNS abuse; (ii) DNS over HTTPS (DoH) and DNS over TLS (DoT); and (iii) One World One Internet? Cybersecurity and Geopolitics in a Multistakeholder Environment.

On (i) DNS abuse, Holly noted that there was currently no standard definition of it, and had proposed a simple one: DNS abuse is an attack on or criminal use of the DNS. This would cover various areas including distributed denial-of-service (DDoS) attacks, man-in-the-middle attacks, DNS cache poisoning, pharming, phishing, malware, spyware, ransomware, and IDN homographs (a kind of spoofing attack that exploits similar looking characters across different language scripts in Internationalized Domain Names or IDNs).

ALAC issued a call to action to tackle DNS abuse, highlighting a two-pronged approach: 1) outreach through the RALOs, ALSes and other networks on what should be done about DNS abuse; and 2) engaging in the ICANN policy process to advocate reforms by partnering other SOs and ACs (e.g. for no new gTLDs be allowed until abuse is addressed); and to implement recommendations of the Competition, Consumer Trust and Consumer Choice (CCT) Review Team.

On (ii) DoH and DoT, these are means to encrypt DNS query traffic to prevent hijack and misuse, which could provide increased privacy and assurance for users’ DNS traffic. However, there were accompanying policy concerns and issues raised such as the speed of DNS response, and circumvention of DNS filtering for security or government reasons (more in SSAC’s report, SAC 109). While ALAC did not manage to come to a conclusion on these discussions at ICANN67, it did acknowledge that these areas raised fundamental issues about privacy.

On the (iii) One World One Internet session, Holly gave a brief overview of the sharing by ICANN Board member Leon Sanchez, who spoke on the need to identify and address the challenges facing the Internet and build strategic alliances in the Internet ecosystem and beyond. Holly also noted Veni Markovski’s sharing of the work ICANN org was doing in participating and tracking cybersecurity-related discussions at the United Nations (UN).

Holly referenced NCUC Prof. Milton Mueller’s presentation on Alignment and Fragmentation in global Internet governance, where Prof. Mueller highlighted that the Internet was of global scope while government policies were of national scope, hence trying to fit Internet cybersecurity into issues of national security would not work due to a fundamental contradiction.

Holly also gave an overview of the 4th speaker Patrik Falstrom’s presentation, where Patrik shared the different definitions of Information Security, IT Security, as well as Cybersecurity. Patrik also highlighted that it was technically challenging to ‘control’ the different layers of security in the Internet as parties/stakeholders involved had different and limited responsibilities and control.

Registry Stakeholder Group (RySG) Perspectives: Donna Austin (RySG Chair)

Donna shared that the main agenda of RySG’s meeting was to discuss the revision of its Bylaws and Charters. These discussions, which began almost two years ago, were necessary given that RySG – as an organization that collected membership fees – was incorporated under Florida Law.

On the topic of DNS abuse, Donna shared that RySG had also discussed this during ICANN67. She clarified that there was an incorrect impression by the wider community that registries do not respond to DNS abuse. Donna noted that a challenge for registry operators was the wider community’s expectation for a one-size-fits-all solution that could result in zero DNS abuse, but this was unrealistic as registry operators have very different business models. Donna also noted the different definitions of DNS abuse, and shared that the RySG’s definition of DNS abuse was currently consistent with that of existing ICANN registry agreements in terms of the difference between DNS abuse and content abuse.

Donna shared that RySG wished to continue to contribute to these discussions. Donna also shared that RySG had met with the ICANN Board to discuss contractual issues in relation to the CCT’s recommendations.

GNSO Council & Registrar Stakeholder Group (RrSG) Perspectives: Pam Little (GNSO Council Vice Chair)

The GNSO Council held only one session at ICANN67, during which the Council focused on reviewing its projects list and discussed how to prioritize the PDPs. The Council also discussed how to improve its workflow, such as when to initiate a new PDP and how.

As part of its agenda, the Council also looked into the EPDP Phase 1 recommendations, a number of which affected many of ICANN’s existing consensus policies. Such policies would need to be reviewed to see if they had to be changed, updated, or reconciled. This would add to the existing workload.

On RrSG, Pam shared that one of the topics discussed was also DNS abuse. RrSG was supportive of ongoing community discussions. The RrSG had produced a guide for anyone reporting abuse cases to registrars. Pam shared that in contrast to RySG, RrSG was advised by their legal counsel to incorporate in Germany.

APRALO Perspectives: Satish Babu (APRALO Chair)

Satish noted that ICANN67 was a largely successful meeting for At-Large, more so than it originally thought it might. The sessions on DNS abuse and cybersecurity were well received, and had helped the community demystify technologies such as DoH and DoT. Internally, the At-Large discussed areas like its At-Large Review Implementation.

Overall, Satish voiced that while the time zone had originally being a concern, the remote participation experience was positive, good for the carbon footprint, and some sessions saw even more attendees than in person. The choice of the session topics was also important to draw attendees. Looking ahead, Satish felt that ICANN68 would almost surely be held remotely as well, and hoped that with more time to plan there could be more interactivity. He noted that Holly hoped a cultural element could be incorporated into the program somehow.

ICANN67 Fellow Remote Participation Perspectives: Jaewon Son (ICANN67 Fellow)

Although the ICANN67 Fellows were initially surprised by ICANN’s relatively late decision to change the meeting format, Jaewon felt the Fellows were still able to follow the discussions and see the bottom-up multistakeholder model at work. The Fellows also appreciated that instead of ICANN67 being counted as one of the three times a person could participate in the Fellowship, this would be deferred to ICANN69 in Hamburg.

Jaewon shared that remote sessions made it easier than in-person ones to hop between multiple concurrent meetings and decide which to focus on. It was easier to participate in the public forums and the active chat rooms allowed more people to interact. Activities on social media like the hashtag competition helped meeting attendees to socialise. Observations of potential challenges included limited bandwidth, the need to get used to using Zoom, and how remote sessions could mean greater difficulties for the disabled and non-English speakers to participate.

Side note: Universal Acceptance Steering Group (UASG) Chair, Ajay Data, was to speak on Universal Acceptance (UA) and Email Address Internationalization (EAI) but was called away unexpectedly for a government meeting.

Open Discussion

Discussion facilitator Edmon Chung noted that the various Stakeholder Organizations (SOs) and Advisory Committee (ACs) were well-represented at this Readout. He noted that it would be better if the Government Advisory Committee (GAC) could be represented as well. Community member Gangesh Varma noted that the Readout did not touch on the proposed acquisition of .org. He also enquired on DNS abuse and the adoption of recommendations by the CCT Review Team in the SubPro PDP, to which Cheryl clarified that only the relevant parts of these would be considered with respect to future rounds of new gTLDs, and not apply retroactively.

Gangesh also felt that with a remote version of ICANN67, more people had the opportunity to attend because they otherwise might be unable to travel to it. Remote sessions also allowed attendees to join multiple meetings simultaneously.

ICANN Board member Akinori Maemura shared his view that the remote version of ICANN67 was successful despite a difficult planning process, and the experience of organising it would be put to full use should another ICANN Meeting need to be held remotely again.

Community member Aris Ignacio enquired on ICANN68 preparations, to which Jia-Rong shared that the ICANN Board would need to make a decision on whether ICANN68 would also be a virtual meeting. Jia-Rong shared some of the technical challenges faced by ICANN in deploying remote participation on such a large scale. While there were good lessons learnt which would apply to future remote ICANN meetings, there were also clear limitations. He thanked the community for their understanding and support in this regard.

APAC Regional Plan FY21-25: Jia-Rong Low

Jia-Rong highlighted that the aim of the Regional Plan was not to duplicate but to align the regional office’s activities to ICANN’s 5-year Strategic Plan. In upcoming consultations, the objective was for the regional community to provide feedback and input on what it wanted to prioritise or partner with the ICANN APAC regional office on in terms of measurable outcomes the community wanted to achieve. It was agreed that an APAC Space web conference be held in April to discuss the Regional Plan in detail

...

.