• Usability: Hinders effective communication and identification.
• Security: Impairs law enforcement, anti-abuse efforts, and timely cybersecurity notifications.
• Operations: Disrupts domain transfers, dispute resolution, and security analysis due to incorrect metadata (e.g., create/update dates, registrar info).

• It does not stop bad actors from continuing abusive domain use.
• Harm prevention is still possible using other tools, but accurate data improves effectiveness. 

• Law enforcement, cybersecurity firms, reputation service providers, researchers, brand protection teams, and operators of critical infrastructure (OS vendors, CAs, web/email/social platforms).
• These groups rely heavily on registration data for investigations and system protections.

• Current Challenge: Lack of clear definitions, measurable standards, and inconsistent accuracy.
• Consequences: Weakened DNS security, delayed investigations, and ineffective abuse mitigation.
• Objective: Improve data accuracy to strengthen trust and security.
• Proposal:

• • Define "accuracy" clearly.
  • Justify accuracy efforts through measurable benefits.
  • Address the potential commercial impacts.
  • Evaluate the implications of the EU's NIS2 directive on ICANN policies.

• The document reflects the consensus of the SSAC, with full transparency on contributors, disclosures, and any recusals.

• SSAC supports the document’s goal to clarify RIR recognition, obligations, and derecognition procedures.
• The document is a significant improvement over the current ICP-2 policy.

• Inconsistent Detail Levels: The document alternates between high-level principles and detailed operational guidance, which may cause ambiguity.
• Recommendation: Clearly separate high-level principles from operational details, and consider placing implementation specifics in supplementary documents.

• Concern: 25% threshold for submitting derecognition proposals could be exploited for disruptive or repetitive submissions.
• Recommendation: Introduce safeguards such as cooldown periods and preliminary assessments.

• Concern: Vague terms like “sufficient” may allow non-functional data sharing formats.
• Recommendation: Define clearer standards for continuity and data sharing expectations.

• Concern: Requiring a smooth transfer from a derecognized RIR may be unrealistic in contentious situations.
• Recommendation: Incorporate support structures similar to ICANN’s EBERO model to ensure continuity and data escrow during transitions.

• The document includes disclosures of interest, acknowledgements, and identifies any member withdrawals, ensuring transparency and consensus within SSAC.

• The Domain Name System (DNS) translates human-readable domain names (e.g., example.com) into IP addresses that computers use to communicate.
• DNS blocking is a technique to restrict access to online content by interfering with DNS queries. This can involve:

• • Pretending a domain doesn't exist.
  • Providing false IP addresses.

• Often implemented because it's technically simple and low-cost.
• Commonly used by governments and organizations for:

• • Public safety (e.g., blocking illegal content).
  • Censorship or regulation of online resources.

• By altering the behaviour of recursive resolvers (DNS servers that respond to user queries).
• DNS blocking modifies the translation of a domain name into an IP address, effectively preventing access via DNS.

• Blocking only works if users rely on the DNS infrastructure where the block is applied.
• It can be bypassed through:

• • Alternative DNS resolvers.
  • VPNs or other routing methods.

• Important: DNS blocking does not remove the content—only access through DNS is affected.

• Collateral damage: Can impact unrelated services or domains.
• Cross-border effects: May unintentionally affect users outside the blocking jurisdiction.
• User confusion: May appear as a technical error, leading to risky behavior.
• Legal ambiguity: Laws vary; determining whether DNS blocking is lawful or constitutes censorship depends on local context.

Recommendation 1: Any entity implementing DNS blocking should fully understand its technical and policy implications.

• Clear Objectives: Ensure DNS blocking aligns with intended goals.
• Defined Policy: Maintain transparent, reviewed processes for deciding what to block.
• Minimize Damage: Use methods that avoid overblocking or harming unrelated users.
• Respect Boundaries: Do not affect users or networks outside your administrative control.

Recommendation 3: Recursive DNS server operators should use Extended DNS Error (EDE) codes to inform users when DNS blocking is active and aid troubleshooting.

• It will be published this week.

• DNSSEC Operational Considerations Work Party
• Open-Source Software Work Party
• Responsible Integration of External Technologies into the DNS