00:25:13 Gopal Tadepalli: Greetings. - Dr. T V Gopal, Professor, Department of Computer Science and Engineering, College of Engineering, Guindy Campus, Anna University , Chennai, INDIA.
00:25:23 Heidi Ullrich - ICANN Org: Welcome, all
00:26:02 Michelle DeSmyter - ICANN Org: https://icann.zoom.us/j/765717566?pwd=UTJCdWRSZVdJNEhOYW02OVBqQVQ1Zz09
00:26:08 Herb Waye: Greetings from the Office of the Ombuds, bonjour et buenos dias.
00:26:21 Michelle DeSmyter - ICANN Org: To follow along with the RTT: https://www.streamtext.net/player?event=ICANN [streamtext.net]
00:26:23 Cheryl Langdon-Orr: g'day @Herb
00:26:24 Christopher Wilkinson: @JZ I consider that reported apologies are sincere (like me last week). Insincere apologies perhaps just don’t turn up.
00:26:32 Roberto: Bit of panic as I am using a new device…
00:27:17 Holly Raiche: Courage, Roberto!
00:27:40 Heidi Ullrich - ICANN Org: AIs - https://community.icann.org/pages/viewpage.action?pageId=184997399
00:27:55 Allan Magezi: Adopted
00:28:04 Roberto: Thx @holly
00:29:43 Michelle DeSmyter - ICANN Org: To follow along with the RTT: https://www.streamtext.net/player?event=ICANN [streamtext.net]
00:30:34 Jonathan Zuck: Can Daniel speak to it?
00:31:00 DANIEL K. NANGHAKA: I will be speaking on the latest updates what transpired in the last TPR call
00:31:24 Jonathan Zuck: Thanks
00:32:49 Olivier MJ Crepin-Leblond: thank you. You can provide your update during the workgroup and mall team updates
00:33:38 Michelle DeSmyter - ICANN Org: To follow along with the RTT: https://www.streamtext.net/player?event=ICANN [streamtext.net]
00:35:06 Sivasubramanian M: Does ICANN have a list of known names that are known to be vulnerable to be abused that a Registrar could be careful about?
00:35:21 John McCormac - HosterStats.com: They need to be supported by data.
00:35:31 Jonathan Zuck: Yes!
00:36:02 Sivasubramanian M: ... sort of "Avoid registering these names, or be cautious before registering these names"?
00:37:21 Sivasubramanian M: It can't be a perfect list, but could be considerably helpful in preventing the registration / renewal of, or taking down names that have an abuse signature in the name itself
00:37:44 John McCormac - HosterStats.com: CENTR eviscerated the EU report.
00:38:21 Jonathan Zuck: In a fairly self-interested way, unfortunately, but some of their criticisms were valid.
00:38:34 Bill Jouris: Would require a major change of mindset on the part of the Contracted Parties. At the moment, they want to minimize anything like a variant, which maximizes the opportunity to register names which are readily confusable.
00:38:39 Jonathan Zuck: No padding!
00:38:53 Michelle DeSmyter - ICANN Org: Hand up by Hadia
00:38:59 Holly Raiche: @ John - Why the hatchet job on the report?
00:39:47 Jonathan Zuck: @Holly, CENTR mostly resents cdTLDs being lumped in with gTLDs
00:40:11 John McCormac - HosterStats.com: @Holly Poor methodology, poor definitions, lack of understanding of the business and worst of all lack of understanding of the legal frameworks available in the EU to deal with various issues. The report lumped ccTLD and gTLD DA together while they are really very different in nature.
00:40:53 Holly Raiche: @ On the CENTR website?
00:41:19 John McCormac - HosterStats.com: @Holly Yep. I think I posed the CENTR responses on the mailing list.
00:41:55 Michelle DeSmyter - ICANN Org: To follow along with the RTT: https://www.streamtext.net/player?event=ICANN [streamtext.net]
00:42:25 John McCormac - HosterStats.com: https://centr.org/news/news/comment-dns-abuse-study.html
00:43:06 Holly Raiche: Should we beat up on Compliance again?
00:44:27 John McCormac - HosterStats.com: We need to have a clearer idea of what we want Compliance to do and what are the limits of the DA definition.
00:45:02 Holly Raiche: Should we start with the CCT recommendations?
00:45:49 John McCormac - HosterStats.com: As a starting point, perhaps. But DA is a moving target. It changes.
00:46:39 John McCormac - HosterStats.com: The CCT had no idea about how the new gTLD market would evolve and how DA would become a major problem with some gTLDs.
00:46:57 Hadia Elminiawi (ALAC-Participant): @Alan but it would provide guidance to the community
00:47:06 Laurin Benedikt Weissinger: SSR2 did, and proposed similar stuff.
00:48:56 Laurin Benedikt Weissinger: We have lists of names / terms that are “hot" but that is insufficient, unfortunately. E.g. auto creation, etc. It is not always about foolign humans.
00:48:57 John McCormac - HosterStats.com: It really is a problematic approach Siva as some new gTLDs have a first year non-renewal rate of over 90%. That means that of a zone from a day last year, 90% of it are no longer present in today's zone.
00:48:59 Greg Shatan: @John, I can't speak to CCT specifically (JZ can), but it was a pretty well-known concern early on that some types of new gTLDs could become magnets and havens for abusive activity.
00:49:56 Laurin Benedikt Weissinger: Yes, and again, SSR2 saw that happen and reacted to it.
00:50:06 John McCormac - HosterStats.com: @Greg It was the economics that drove the abuse. The sales figures weren't there for the NGTs so discounting was the obvious move. That's when things started to wrong quickly.
00:50:25 Sivasubramanian M: names taken down for reasons of abuse...
00:50:36 Sivasubramanian M: and that would be a start.
00:51:17 Sivasubramanian M: Such a list may not only be a list of abusive names taken down, but names identified by other ways
00:51:52 Laurin Benedikt Weissinger: There are tons of things that would be a start, multiple controls that would reduce / mitigate. Unfortunately, we do not see them used much. CCT and SSR2 proposed ideas, little was taken up.
00:52:13 Sivasubramanian M: names + keywords that usually form part of names
00:52:39 Michelle DeSmyter - ICANN Org: To follow along with the RTT: https://www.streamtext.net/player?event=ICANN [streamtext.net]
00:53:02 Holly Raiche: @ Laurin - worth going back to see what might still be worthy of implementation?
00:53:40 Laurin Benedikt Weissinger: Holly, I do not think much has changed to be completely honest with you but I agree revisiting this wouldn't hurt.
00:53:48 Sivasubramanian M: example names that have a high probability of being abusive names: freeloans, freedrugs...
00:53:51 John McCormac - HosterStats.com: @Laurin It would be interesting to revisit the CCT findings but the problem of DA keeps changing.
00:54:00 Greg Shatan: @John, I would say that for some new gTLDs it wasn't that big a pivot, and the high levels of abuse were there from day 1.
00:54:31 Laurin Benedikt Weissinger: Siva, it would be a measure that would mitigate some abuse, yes. It has been proposed before.
00:54:34 John McCormac - HosterStats.com: @Greg Not from the Web Usage surveys.
00:55:29 Sivasubramanian M: @Laurin, please tell us when it was proposed and what happened to such a proposal...
00:55:41 John McCormac - HosterStats.com: @Greg There's a cascade of DA from the launch of the NGTs with other NGTs jumping on the bandwagon,
00:55:48 Laurin Benedikt Weissinger: Greg, I was part of SSR2 -- we looked at the same problem as CCT. I also do research on this and talk to others who do. While abuse does change, the key issues, imho, have not.
00:56:00 Jeffrey Neuman: Its on the slide
00:56:05 Jeffrey Neuman: DNS Abuse Institute
00:56:54 Greg Shatan: @Laurin, I agree 100%. The idea that it's too much of a moving target is a smokescreen.
00:56:57 Jeffrey Neuman: I do not believe that is a fair characterization of the DNSAI
00:57:53 Sivasubramanian M: @CW please write it in french on the chat. ( the phrase you mentioned to denote a bureaucratic problem)
00:57:58 Laurin Benedikt Weissinger: Greg, 100%. It is changing but we know there hasn't been action on a lot of proposals. It isn't the case that there were attempts, and they failed.
00:58:02 John McCormac - HosterStats.com: DNSAI are the good guys. The EU report is not reliable.
00:59:51 Jonathan Zuck: Well, the unilateral change of contracts is pretty rare
01:00:17 Laurin Benedikt Weissinger: Yes, change. Non-renewal if certain conditions are met -- different beast.
01:00:25 John McCormac - HosterStats.com: +1 Gopal.
01:00:29 Laurin Benedikt Weissinger: (or not met)
01:00:54 Jonathan Zuck: That said, this is a time of particular leverage, despite Jeff Neuman referring to it as blackmail. Sigh.
01:00:58 Jeffrey Neuman: Alan - That is not true
01:01:22 Jeffrey Neuman: Regulation by Contract do establish private regulators
01:02:08 Jeffrey Neuman: ICANN is not a government regulator, but they are absolutely a private regulator
01:02:17 John McCormac - HosterStats.com: Think that there is another DNS abuse org but can't remember the name of it at the moment.
01:02:54 Christopher Wilkinson: @siva: Noyer le poisson. > drown the fish
01:03:06 Sivasubramanian M: Thank you @CW
01:03:20 Laurin Benedikt Weissinger: Agreed on the political economy of the DNSAI, doesn't mean they are untrustworthy but needs to be considered.
01:05:01 Greg Shatan: OK, they are a "think tank."
01:05:38 Holly Raiche: Agree Greg
01:05:53 Jonathan Zuck: +1 Jeff. It’s not clear cut. They DO have a broader mandate
01:05:57 Jeffrey Neuman: They are more than a think tank
01:05:59 Laurin Benedikt Weissinger: Re Jeff’s comments: Well, trust is built over time, by evidence. So, let us see how things go.
01:06:03 Jeffrey Neuman: They have developed actual tools
01:06:29 Jonathan Zuck: They have developed tools and had tools donated as well. Could become a clearinghouse
01:06:32 Jeffrey Neuman: @Laurin - absolutely. Lets give them a chance to build that trust with a clean slate
01:06:53 Sivasubramanian M: @CW such an intersting expression that I got distracted from the meeting and did an Internet search.. This is what I found: https://forum.wordreference.com/threads/noyer-le-poisson.121476/
01:06:54 Jeffrey Neuman: @JZ - yes.
01:06:58 Jonathan Zuck: And I remind everyone that Maureen is on their advisory board
01:07:07 John McCormac - HosterStats.com: DNSAI have actually done something rather than just talk about it. For that, they deserve credit.
01:07:53 Laurin Benedikt Weissinger: There are indications that some doubt is warranted and there are indications that they are bona fide actors. I do not want to go either way on this yet. If they continue to act in good faith and in the public interest (ALAC!), great!
01:07:58 Jeffrey Neuman: +1 John. And for the record I have no affiliation or association with the DNSAI. I know no one asked, but just wanted to make that clear
01:08:12 John McCormac - HosterStats.com: Without a clear definition of DNS Abuse, it is like a bunch of people in a dark room trying to describe an elephant.
01:08:42 Bill Jouris: The efforts to define DNS Abuse remind me, in some ways, of a comment (many years ago and on a topic unrelated to the Internet):
01:08:42 Jonathan Zuck: Maliciously registered is agreed on, for sure
01:08:47 Laurin Benedikt Weissinger: John, agreed -- to some extent. There is an argument to be made however to focus on some clear cut stuff while discussing the greater issue.
01:08:56 Bill Jouris: "I can't define it, byt I know it when I se it."
01:09:11 Greg Shatan: Potter Stewart?
01:09:13 Laurin Benedikt Weissinger: Reduce harm now while working on a more general approach.
01:09:14 Jeffrey Neuman: @John - Definitions are only needed in contracts. When we are looking at actions that may be taken outside of the contractual environment, then definitions are not so important.
01:09:21 Jonathan Zuck: Words, we uttered as well
01:09:23 Holly Raiche: Agree with Laurin on that
01:09:28 Bill Jouris: @Greg, not sure which one it was. But it does sound like him
01:09:44 Jeffrey Neuman: What is important is coming up with ways to address the harm. And addressing it does not always mean taking it down.
01:09:46 John McCormac - HosterStats.com: @Jeff Definitons are also need when you have to fix a problem otherwise you won't know if there is a problem or if you've fixed it. :)
01:10:07 Jonathan Zuck: +1 Alan, that sounds too granular
01:10:16 Jeffrey Neuman: It means escalation paths, assignment of appropriate responsibilities, are what we should work on.
01:10:54 Laurin Benedikt Weissinger: Some types of abuse could be defined for example.
01:10:57 John McCormac - HosterStats.com: @Jeff A manual on how to deal with DA (from a registrar or reseller POV) would be very useful.
01:11:21 Jonathan Zuck: Yes
01:11:47 Jonathan Zuck: CART should be helpful but not open to individuals at this time
01:11:56 Jeffrey Neuman: @Alan - agreed. No pizzazz, but certainly a necessity
01:12:25 Jeffrey Neuman: @Alan - lol
01:12:33 Gopal Tadepalli: DNSAI released a new tool NetBeacon recently. - Dr. T V Gopal, Anna University, Chennai, INDIA
01:12:34 Holly Raiche: Thanks Alan
01:12:50 Jonathan Zuck: Yes, net beacon is the new name for cart
01:13:04 John McCormac - HosterStats.com: Somehow, I wonder if it was ICANN trying to do it, the first we'd see of it would be in 2095 and the launch of the third round of new gTLDs. :)
01:13:08 Jeffrey Neuman: Thanks @Gopal. The name of it escaped me until you posted it just now
01:14:11 John McCormac - HosterStats.com: Getting organisations like DNSAI to deal with some of the problems will get things moving quicker than just having ICANN try to solve the problem on its own.
01:15:04 Sivasubramanian M: microPDPs is a good idea if by microPDP it is meant that the topic is narrow and focused, and the process is swift, like 2-4 weeks. Also, some abuse prevention initiatives such as compiling a helpful list may not require a PDP or a formal consultation process, it would require one Regitrar or an independant organization to reach out to the Registrars and Registrars to help
01:15:32 Holly Raiche: A lock is NOT required??
01:16:17 John McCormac - HosterStats.com: @Siva Might take more than 2-4 weeks though. By micro-PDPs it might mean highly focused PDPs rather than trying to do a lot of things in one PDP.
01:20:27 Gopal Tadepalli: FYKI: A proactive system for Palo Alto Networks DNS Security to identify malicious domains at the time of registration based on their registration records is operational. New malicious domains usually carry active attacks shortly after registration and are listed in public deny lists later. 30 days later around 1% are still into active attack. The Lock-in Period cannot be less than 60 days as a "Thumb Rule" - Dr. T V Gopal, Anna University, Chennai, INDIA
01:20:34 Sivasubramanian M: Can't we have registration / transfer related history logs for every domain? This is a tall order, including data related to change of registrant, registrar, change of address, which will seamlessly append even if there is a change of Registrar?
01:21:07 John McCormac - HosterStats.com: @Siva It is a lot of data.
01:21:36 Sivasubramanian M: @John. could be focused + Swift.
01:22:16 John McCormac - HosterStats.com: @Siva It is a lot of data but GDPR has caused massive problems with building that kind of database at present.
01:22:54 John McCormac - HosterStats.com: @Siva It would require compliance from all registrars on an ongoing basis and a system run by ICANN or a contractor to handle the db and the access.
01:23:32 Sivasubramanian M: @John. Not really. Consider all the meta details that are collected when you visit a website through a browser as a user, one website, someone collects plenty of data and stores it forever.
01:24:15 Sivasubramanian M: @john yes it requires a computer.
01:24:46 John McCormac - HosterStats.com: @Siva It is not that simple. Most domain names have no website and are undeveloped. This would require the new/deleted/transfer data for each zone and the WHOIS data for each of those transactions.
01:25:05 Sivasubramanian M: @John Understand, but not as complicated as it seems either
01:25:59 John McCormac - HosterStats.com: @Siva The difference is that I have done this kind of work. It is not as simple as it seems and there has to be redundancy built into the system and it needs registrar cooperation.
01:26:30 Allan Magezi: Agree @ Alan with that reaction
01:26:37 JUDITH' hellerstein: Yes. It happened to a small business i knew and she could have been helped by this as her domain was hijacked
01:26:52 JUDITH' hellerstein: And she could not get it back
01:27:49 John McCormac - HosterStats.com: @Olivier There is a rather unfortunatel case of the African Union being unable to get au.africa even though it is an IGO.
01:27:54 Sivasubramanian M: @John On the Internet, when you send an email with one sentence to someone somewhere, there is so much of background activity, a header is added, a route is determined, handshakes happen, there is an acknowledgement at the end, in this technical ecosystem, storin...
01:28:17 Sivasubramanian M: ... logging a few details isn't impossible
01:28:29 John McCormac - HosterStats.com: @Siva Yes but this is WHOIS data and registration data.
01:28:45 Sivasubramanian M: Yes John.
01:29:02 Yrjo Lansipuro: @Alan +1
01:29:05 John McCormac - HosterStats.com: @Siva Even thoug WHOIS was a protocol the responses from various WHOIS servers were not standard and had to be parsed.
01:29:13 Sivasubramanian M: I am trying to convey an argument, it is not that I am exactly equating packet transfer process with whois
01:30:09 Sivasubramanian M: @John It must be harmonized well to make it unnecssary to parse (this is on whois)
01:30:25 John McCormac - HosterStats.com: @Siva Yes but I track domain names every day (don't use WHOIS data though). Building such a system is a lot more complex than it first appears because it rapidly accumulates a lot of data.
01:30:27 Jeffrey Neuman: I can give an update on the IGO
01:30:29 Jeffrey Neuman: if you want
01:30:52 Jeffrey Neuman: And YrJo is on here too
01:31:14 John McCormac - HosterStats.com: @Siva RDAP will do this. The hard part will be getting registrars to comply with it and provide timely access and updates.
01:32:11 John McCormac - HosterStats.com: @Siva And GDPR has made the whole process magnitudes more complex because you may have one record with full data and a subsequent record with sparse data.
01:32:15 Sivasubramanian M: @John DNS runs on processes such as API calls, which is a form of standard, makes the process interoperable. If DNS runs on harmonized and open processes in some technical areas, why not in whois, why not in matterns concering logging?
01:33:13 Sivasubramanian M: not that lookup APIs work flawlessly, not that these APIs are implemented in a harmonious manner, but that is another issue
01:33:13 John McCormac - HosterStats.com: @Siva RDAP is replacing WHOIS. GDPR has caused massive problems in terms of available data.
01:33:56 Yrjo Lansipuro: Thanks @Jeff
01:34:12 Sivasubramanian M: One Registrar says a name is available, another says it is taken, a third one says it is available at a premium, a fourth one says, we will waitlist it for you, pay now. Each possibly giving a different search result
01:34:58 Sivasubramanian M: @John, Be it RDAP or SSAD, why should it come into being by replacing whois?
01:34:58 John McCormac - HosterStats.com: @Siva the only thing that you may get from a cooperating registrar is the meta data but not the complete WHOIS/ownership record. It is the ownership details that are often needed with Domain Abuse.
01:35:12 Sivasubramanian M: whois can coexist, or can be a part of it
01:35:33 John McCormac - HosterStats.com: @Siva not if the registrars are turning off port 43 access. :)
01:37:04 John McCormac - HosterStats.com: @Siva Even in the past some registrars rate limited WHOIS queries or did not provide responses.
01:37:09 Sivasubramanian M: @John, lets say a Registrar collects ten data components, at least 5 of 10 could be in whois, two more can be LDAP accessible non-public data, all seven specified data componets in a shared system, and three other can be commercial
01:37:41 Cheryl Langdon-Orr: Thx @Greg...
01:38:15 John McCormac - HosterStats.com: @Siva There are around 2,500 registrars and about 700 retail registrars.
01:38:34 Sivasubramanian M: a Single, Common Registration Policy.
01:39:01 Sivasubramanian M: That is what I need as an Internet user.
01:39:25 John McCormac - HosterStats.com: @Siva It would be a good thing if it works and was properly implemented.
01:40:18 John McCormac - HosterStats.com: @Siva That's the gTLD registrars. There's around 15,000 other registrars (ccTLD).
01:40:20 Sivasubramanian M: There was a baseball movie that I did not see. Someone wanted to build a baseball stadium in a rural area, any market study or professional advice would have invalidated the idea...
01:40:37 John McCormac - HosterStats.com: @Siva Field of Dreams.
01:40:38 Sivasubramanian M: Then the dreamer's philosopy was "Build it, they will come".
01:40:59 Lutz Donnerhacke: Apologies … I'm on vacation next week
01:40:59 Sivasubramanian M: He built the stadium, it became crowded all year.
01:41:11 Michelle DeSmyter - ICANN Org: Next meeting: Wednesday, 20 April at 13:00 UTC
01:41:13 Cheryl Langdon-Orr: Bye for now then...
01:41:16 Herb Waye Ombuds: Stay safe and be kind.
01:41:46 Alfredo Calderon (ICANN74 Mentor): Stay well and safe. Bye to all!
01:42:00 Michelle DeSmyter - ICANN Org: Kind reminder to please answer the survey that pops up on your screen at the end of today's meeting - thank you so much!
01:42:08 JUDITH' hellerstein: Thanks olvier
01:42:16 John McCormac - HosterStats.com: Thanks and later all.
01:42:17 Avri Doria: bye, thanks
01:42:20 Sivasubramanian M: @John the above was on "properly recommending and implementing" it, probably a more effective sequence is to buy a computer, write code, and keep it open for Registrars
01:42:24 Sivasubramanian M: Thankyou
AT-LARGE GATEWAY
At-Large Regional Policy Engagement Program (ARPEP)
ALAC Liaisons and Representatives
At-Large Review Implementation Plan Development
