Hi Dave, I'm shocked about you paper: http://tinyurl.com/icann-supports-censorship What the hell is the reason behind drafting such a collection of (at least) misleading forms? Your wording in the preface is completely irrelevant: It will be ignored. The only thing pushed into the brains of law enforcement and politics is the simple message: "ICANN is willing to support all your needs. Fill those forms. No further questions asked." For technical people the paper might be not directly wrong, but it is a political nightmare. By fulfilling your technically motivated desire to automate repeating tasks, you did implement the wrong solution. ICANN has the obligation to protect the Internet by maintaining stable and secure provisioning of basic ressources. This is the main task ICANN has to fulfill due by various contracts, especially the §3 of the Articles of Incorporation as well as §3(b) of the Affirmation of Commitments. Your paper draws the wrong solution, because it ignores this basic principle and opens the road to rank indiviual interests higher than the public interest in a single common Internet. Given the political implications, your paper is a direct violation of §5(b) and §5(c) of the Articles of Incorporation as well as §4 of the Affirmation of Commitments. Please let me quote from the legal document mentioned last: To ensure that its decisions are in the public interest, and not just the interests of a particular set of stakeholders, ICANN commits to perform and publish analyses of the positive and negative effects of its decisions on the public, including any financial impact on the public, and the positive or negative impact (if any) on the systemic security, stability and resiliency of the DNS. Your paper causes a strong impact to the creditability of ICANN. Sadly, Lutz
On seeing Lutz's alarm, I took the time to read the entire paper. And I too am troubled by what I see and the implications arising from it. The paper acknowledges extra-judicial and extra-regulatory domain takedowns; "*who is making the legal or regulatory action or issuing a request*". It even allows that takedowns may be effected against domains not domiciled in the United States where the alleged misdeed is a perfectly legal activity. [*See Page 12, Paragraph 2 under 'Additional Considerations'.*] We acknowledge the checklist, as presented is purposefully declared as "*information to submit with a legal or regulatory action*". We are unanimous. Absent appropriate legal and/or regulatory due process, we reject domain takedown actions as inimical to the global public interest. Star chamber actions should never be accommodated by any part of ICANN. And in this context - and in all likelihood, unintended - this paper is a 'how to' manual for such activities. ICANN should never be seen to accommodate these behaviours. Because it undermines the positive message it is seeking to project about its internationalization. - Carlton Samuels ============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* ============================= On Tue, Mar 13, 2012 at 6:40 AM, Lutz Donnerhacke <lutz@iks-jena.de> wrote:
Hi Dave,
I'm shocked about you paper: http://tinyurl.com/icann-supports-censorship What the hell is the reason behind drafting such a collection of (at least) misleading forms?
Your wording in the preface is completely irrelevant: It will be ignored. The only thing pushed into the brains of law enforcement and politics is the simple message: "ICANN is willing to support all your needs. Fill those forms. No further questions asked."
For technical people the paper might be not directly wrong, but it is a political nightmare. By fulfilling your technically motivated desire to automate repeating tasks, you did implement the wrong solution.
ICANN has the obligation to protect the Internet by maintaining stable and secure provisioning of basic ressources. This is the main task ICANN has to fulfill due by various contracts, especially the §3 of the Articles of Incorporation as well as §3(b) of the Affirmation of Commitments.
Your paper draws the wrong solution, because it ignores this basic principle and opens the road to rank indiviual interests higher than the public interest in a single common Internet.
Given the political implications, your paper is a direct violation of §5(b) and §5(c) of the Articles of Incorporation as well as §4 of the Affirmation of Commitments.
Please let me quote from the legal document mentioned last: To ensure that its decisions are in the public interest, and not just the interests of a particular set of stakeholders, ICANN commits to perform and publish analyses of the positive and negative effects of its decisions on the public, including any financial impact on the public, and the positive or negative impact (if any) on the systemic security, stability and resiliency of the DNS.
Your paper causes a strong impact to the creditability of ICANN.
Sadly, Lutz _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Consider the type of activities described at http://www.antiphishing.org/ You receive a fake email from your bank containing a link to malware on a hosted domain. If you are the real bank, what actions can you take to protect the users that have received this email?
Educate them? On Mar 13, 2012, at 8:08 PM, Franck Martin wrote:
Consider the type of activities described at http://www.antiphishing.org/
You receive a fake email from your bank containing a link to malware on a hosted domain.
If you are the real bank, what actions can you take to protect the users that have received this email?
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
I find it ironical that somephishing emails have an anti-phish warning in to not respond to emails ... and succeeds. Education only goes so far. On 3/14/2012 6:28 AM, Antony Van Couvering wrote:
Educate them?
On Mar 13, 2012, at 8:08 PM, Franck Martin wrote:
Consider the type of activities described at http://www.antiphishing.org/
You receive a fake email from your bank containing a link to malware on a hosted domain.
If you are the real bank, what actions can you take to protect the users that have received this email?
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
I think this ICANN paper oversteps the mark significantly. Encouraging extra judicial, extra jurisdictional executive actions is highly destabilising as it interferes with local multi-stakeholder processes. ICANN is not in existence to replace localism with global control but to co-ordinate between local controls in regards the technical management of some of the Internet's unique resources. Yes there is a problem with DNS being a significant vector for bad actors as well as good ones. No the solution to deal with bad actors is not this. Christian On 14 Mar 2012, at 07:36, Derek Smythe wrote:
I find it ironical that somephishing emails have an anti-phish warning in to not respond to emails ... and succeeds.
Education only goes so far.
On 3/14/2012 6:28 AM, Antony Van Couvering wrote:
Educate them?
On Mar 13, 2012, at 8:08 PM, Franck Martin wrote:
Consider the type of activities described at http://www.antiphishing.org/
You receive a fake email from your bank containing a link to malware on a hosted domain.
If you are the real bank, what actions can you take to protect the users that have received this email?
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 3/14/2012 1:08 PM, Christian de Larrinaga wrote:
I think this ICANN paper oversteps the mark significantly. Encouraging extra judicial, extra jurisdictional executive actions is highly destabilising as it interferes with local multi-stakeholder processes.
ICANN is not in existence to replace localism with global control but to co-ordinate between local controls in regards the technical management of some of the Internet's unique resources.
Yes there is a problem with DNS being a significant vector for bad actors as well as good ones. No the solution to deal with bad actors is not this.
Christian
Or maybe not. Was the mark not overstepped long before that leads us to these steps, nothing more than a chance at damage control? Is the problem not junk in, junk out, devaluing the total system? Maybe we should take a step back and examine the whole process from domain registration, looking for potential abuse issues, right through to domain usage including abuse, and then we can have this chat. Expecting strict policies and procedures for take-downs is a bit too late for anonymous (due to fake whois details) unaccountable $10 domains used for nefarious activities. Also while we are at it; free unverified privacy protection to hide fake whois details in many instances. You cannot expect a quality finished product without the appropriate feedback and corrective action to the start of the process. Incidentally, quite a good piece of detective work: http://www.legitscript.com/download/LegitScript_Report_on_Internet-bs_%28Lar... Derek
Well said Derek. My take is that ICANN inability of dealing intelligently with abuse, is leading us to problems like SOPA. This paper or on how to request take down, is a good step in the right direction. Now if we could have some global stats on these take downs. Most of the problem gets unoticed, because you would have to query every single registrar. Also the tunnel vision of people here is interesting. I said that just to start a flame war ;) ----- Original Message ----- From: "Derek Smythe" <derek@aa419.org> To: at-large@atlarge-lists.icann.org Sent: Wednesday, 14 March, 2012 11:35:19 AM Subject: Re: [At-Large] Guidance for Domain Name Orders On 3/14/2012 1:08 PM, Christian de Larrinaga wrote:
I think this ICANN paper oversteps the mark significantly. Encouraging extra judicial, extra jurisdictional executive actions is highly destabilising as it interferes with local multi-stakeholder processes.
ICANN is not in existence to replace localism with global control but to co-ordinate between local controls in regards the technical management of some of the Internet's unique resources.
Yes there is a problem with DNS being a significant vector for bad actors as well as good ones. No the solution to deal with bad actors is not this.
Christian
Or maybe not. Was the mark not overstepped long before that leads us to these steps, nothing more than a chance at damage control? Is the problem not junk in, junk out, devaluing the total system? Maybe we should take a step back and examine the whole process from domain registration, looking for potential abuse issues, right through to domain usage including abuse, and then we can have this chat. Expecting strict policies and procedures for take-downs is a bit too late for anonymous (due to fake whois details) unaccountable $10 domains used for nefarious activities. Also while we are at it; free unverified privacy protection to hide fake whois details in many instances. You cannot expect a quality finished product without the appropriate feedback and corrective action to the start of the process. Incidentally, quite a good piece of detective work: http://www.legitscript.com/download/LegitScript_Report_on_Internet-bs_%28Lar... Derek _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large At-Large Official Site: http://atlarge.icann.org
I don't think the way to deal with overreaching by government authorities (SOPA) is to propose even more government overreaching on a voluntary basis. Global seizure of domain names by the US (or any other) government is a bad idea, whether they fill in some forms from ICANN or not. On Mar 14, 2012, at 11:59 AM, Franck Martin wrote:
Well said Derek.
My take is that ICANN inability of dealing intelligently with abuse, is leading us to problems like SOPA. This paper or on how to request take down, is a good step in the right direction.
Now if we could have some global stats on these take downs. Most of the problem gets unoticed, because you would have to query every single registrar.
Also the tunnel vision of people here is interesting. I said that just to start a flame war ;)
----- Original Message ----- From: "Derek Smythe" <derek@aa419.org> To: at-large@atlarge-lists.icann.org Sent: Wednesday, 14 March, 2012 11:35:19 AM Subject: Re: [At-Large] Guidance for Domain Name Orders
On 3/14/2012 1:08 PM, Christian de Larrinaga wrote:
I think this ICANN paper oversteps the mark significantly. Encouraging extra judicial, extra jurisdictional executive actions is highly destabilising as it interferes with local multi-stakeholder processes.
ICANN is not in existence to replace localism with global control but to co-ordinate between local controls in regards the technical management of some of the Internet's unique resources.
Yes there is a problem with DNS being a significant vector for bad actors as well as good ones. No the solution to deal with bad actors is not this.
Christian
Or maybe not. Was the mark not overstepped long before that leads us to these steps, nothing more than a chance at damage control? Is the problem not junk in, junk out, devaluing the total system? Maybe we should take a step back and examine the whole process from domain registration, looking for potential abuse issues, right through to domain usage including abuse, and then we can have this chat.
Expecting strict policies and procedures for take-downs is a bit too late for anonymous (due to fake whois details) unaccountable $10 domains used for nefarious activities. Also while we are at it; free unverified privacy protection to hide fake whois details in many instances.
You cannot expect a quality finished product without the appropriate feedback and corrective action to the start of the process.
Incidentally, quite a good piece of detective work: http://www.legitscript.com/download/LegitScript_Report_on_Internet-bs_%28Lar...
Derek
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Saying the solution to the pathetic record of the DNS industry for innovation and integrity over the last twenty years is to support extra jurisdictional, extra judicial executive actions without due process and accountability for users or registrants is a very odd position to take. This note by ICANN "security" people is in reality passing the buck on the failure for innovation in the namespace during ICANNs tenure in such a way as create an even bigger problem for the world. There are solutions that could manage needs of both bona fide registrants and users. But goodness me it would take some market innovation. Now why would a supply chain that makes vast profit out of providing the lowest common denominator commodity service actually make any extra effort? Why would they open up their business cartel and limited monopolies to outside innovators? How is it that the stability of the DNS has become directly proportional to the registration fee? After all the DNS Industry is making very fat and luscious profits as things are. Why innovate? Who are you competing with ? What are the drivers to add the sorts of services that are useful to users and registrants The answer is not to turn the FBI into the iFBI . It is to turn this lumbering mass of blubber into something really responsive to user needs. It is perhaps worth reminding ourselves that support for ICANN was established because those building network orientated services understood that the Internet space was not up to scratch. The most important thing for the Internet going forward is that it is itself a platform for innovation for users but also of the Internet itself. This drive for innovation lies behind the support for a private sector ICANN rather than the fear of incumbent favouring, lumbering slothful cartel tainted ITU. (the widely held view of networking data people). Now I am sorry but the record at ICANN for innovation since then is not encouraging. The policy debates are mercantilist not innovative. The entire gTLD process is orientated around carving up the cake. It is as if the multi-stakeholders gathering around ICANN really believe that innovation depends on the slice you get. The point of ICANN is to defend and promote innovation at the edges. That is why it was started as a user focused organisation. What we see in reality is none of that. We see DNSSEC and IDNs. A start but both starts coming from the centre not really the edge. Incidentally that you can read on this list people seriously unpicking the interests of "users" from "registrants" is I think very telling. What happened to the notion of a domain for every user domain? Christian On 14 Mar 2012, at 18:35, Derek Smythe wrote:
On 3/14/2012 1:08 PM, Christian de Larrinaga wrote:
I think this ICANN paper oversteps the mark significantly. Encouraging extra judicial, extra jurisdictional executive actions is highly destabilising as it interferes with local multi-stakeholder processes.
ICANN is not in existence to replace localism with global control but to co-ordinate between local controls in regards the technical management of some of the Internet's unique resources.
Yes there is a problem with DNS being a significant vector for bad actors as well as good ones. No the solution to deal with bad actors is not this.
Christian
Or maybe not. Was the mark not overstepped long before that leads us to these steps, nothing more than a chance at damage control? Is the problem not junk in, junk out, devaluing the total system? Maybe we should take a step back and examine the whole process from domain registration, looking for potential abuse issues, right through to domain usage including abuse, and then we can have this chat.
Expecting strict policies and procedures for take-downs is a bit too late for anonymous (due to fake whois details) unaccountable $10 domains used for nefarious activities. Also while we are at it; free unverified privacy protection to hide fake whois details in many instances.
You cannot expect a quality finished product without the appropriate feedback and corrective action to the start of the process.
Incidentally, quite a good piece of detective work: http://www.legitscript.com/download/LegitScript_Report_on_Internet-bs_%28Lar...
Derek
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
You critic a lot, but what do you propose practically? Interestingly you are not providing any hint of solution to the problem I posed. Toute connaissance est une réponse à une question. On Mar 15, 2012, at 3:00 AM, Christian de Larrinaga <cdel@firsthand.net> wrote:
Saying the solution to the pathetic record of the DNS industry for innovation and integrity over the last twenty years is to support extra jurisdictional, extra judicial executive actions without due process and accountability for users or registrants is a very odd position to take.
This note by ICANN "security" people is in reality passing the buck on the failure for innovation in the namespace during ICANNs tenure in such a way as create an even bigger problem for the world.
There are solutions that could manage needs of both bona fide registrants and users. But goodness me it would take some market innovation. Now why would a supply chain that makes vast profit out of providing the lowest common denominator commodity service actually make any extra effort? Why would they open up their business cartel and limited monopolies to outside innovators?
How is it that the stability of the DNS has become directly proportional to the registration fee?
After all the DNS Industry is making very fat and luscious profits as things are. Why innovate? Who are you competing with ? What are the drivers to add the sorts of services that are useful to users and registrants
The answer is not to turn the FBI into the iFBI . It is to turn this lumbering mass of blubber into something really responsive to user needs.
It is perhaps worth reminding ourselves that support for ICANN was established because those building network orientated services understood that the Internet space was not up to scratch. The most important thing for the Internet going forward is that it is itself a platform for innovation for users but also of the Internet itself.
This drive for innovation lies behind the support for a private sector ICANN rather than the fear of incumbent favouring, lumbering slothful cartel tainted ITU. (the widely held view of networking data people).
Now I am sorry but the record at ICANN for innovation since then is not encouraging. The policy debates are mercantilist not innovative. The entire gTLD process is orientated around carving up the cake. It is as if the multi-stakeholders gathering around ICANN really believe that innovation depends on the slice you get.
The point of ICANN is to defend and promote innovation at the edges. That is why it was started as a user focused organisation. What we see in reality is none of that. We see DNSSEC and IDNs. A start but both starts coming from the centre not really the edge.
Incidentally that you can read on this list people seriously unpicking the interests of "users" from "registrants" is I think very telling. What happened to the notion of a domain for every user domain?
Christian
On 14 Mar 2012, at 18:35, Derek Smythe wrote:
On 3/14/2012 1:08 PM, Christian de Larrinaga wrote:
I think this ICANN paper oversteps the mark significantly. Encouraging extra judicial, extra jurisdictional executive actions is highly destabilising as it interferes with local multi-stakeholder processes.
ICANN is not in existence to replace localism with global control but to co-ordinate between local controls in regards the technical management of some of the Internet's unique resources.
Yes there is a problem with DNS being a significant vector for bad actors as well as good ones. No the solution to deal with bad actors is not this.
Christian
Or maybe not. Was the mark not overstepped long before that leads us to these steps, nothing more than a chance at damage control? Is the problem not junk in, junk out, devaluing the total system? Maybe we should take a step back and examine the whole process from domain registration, looking for potential abuse issues, right through to domain usage including abuse, and then we can have this chat.
Expecting strict policies and procedures for take-downs is a bit too late for anonymous (due to fake whois details) unaccountable $10 domains used for nefarious activities. Also while we are at it; free unverified privacy protection to hide fake whois details in many instances.
You cannot expect a quality finished product without the appropriate feedback and corrective action to the start of the process.
Incidentally, quite a good piece of detective work: http://www.legitscript.com/download/LegitScript_Report_on_Internet-bs_%28Lar...
Derek
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Franck I didn't true. It is a valid point. That would take a thorough brief and more time. No it really means *doing* something new about this and the way ICANN world is now that needs to happen outside that box. I'm nearly fed up enough though ... However the iFBI initiative won't and can't solve the phish 24hour or 48 hour window either. They are peddling locks for stable doors which they created and tacitly maintain. Christian de Larrinaga On 15 Mar 2012, at 14:26, Franck Martin <franck.martin@gmail.com> wrote:
You critic a lot, but what do you propose practically?
Interestingly you are not providing any hint of solution to the problem I posed.
Toute connaissance est une réponse à une question.
On Mar 15, 2012, at 3:00 AM, Christian de Larrinaga <cdel@firsthand.net> wrote:
Saying the solution to the pathetic record of the DNS industry for innovation and integrity over the last twenty years is to support extra jurisdictional, extra judicial executive actions without due process and accountability for users or registrants is a very odd position to take.
This note by ICANN "security" people is in reality passing the buck on the failure for innovation in the namespace during ICANNs tenure in such a way as create an even bigger problem for the world.
There are solutions that could manage needs of both bona fide registrants and users. But goodness me it would take some market innovation. Now why would a supply chain that makes vast profit out of providing the lowest common denominator commodity service actually make any extra effort? Why would they open up their business cartel and limited monopolies to outside innovators?
How is it that the stability of the DNS has become directly proportional to the registration fee?
After all the DNS Industry is making very fat and luscious profits as things are. Why innovate? Who are you competing with ? What are the drivers to add the sorts of services that are useful to users and registrants
The answer is not to turn the FBI into the iFBI . It is to turn this lumbering mass of blubber into something really responsive to user needs.
It is perhaps worth reminding ourselves that support for ICANN was established because those building network orientated services understood that the Internet space was not up to scratch. The most important thing for the Internet going forward is that it is itself a platform for innovation for users but also of the Internet itself.
This drive for innovation lies behind the support for a private sector ICANN rather than the fear of incumbent favouring, lumbering slothful cartel tainted ITU. (the widely held view of networking data people).
Now I am sorry but the record at ICANN for innovation since then is not encouraging. The policy debates are mercantilist not innovative. The entire gTLD process is orientated around carving up the cake. It is as if the multi-stakeholders gathering around ICANN really believe that innovation depends on the slice you get.
The point of ICANN is to defend and promote innovation at the edges. That is why it was started as a user focused organisation. What we see in reality is none of that. We see DNSSEC and IDNs. A start but both starts coming from the centre not really the edge.
Incidentally that you can read on this list people seriously unpicking the interests of "users" from "registrants" is I think very telling. What happened to the notion of a domain for every user domain?
Christian
On 14 Mar 2012, at 18:35, Derek Smythe wrote:
On 3/14/2012 1:08 PM, Christian de Larrinaga wrote:
I think this ICANN paper oversteps the mark significantly. Encouraging extra judicial, extra jurisdictional executive actions is highly destabilising as it interferes with local multi-stakeholder processes.
ICANN is not in existence to replace localism with global control but to co-ordinate between local controls in regards the technical management of some of the Internet's unique resources.
Yes there is a problem with DNS being a significant vector for bad actors as well as good ones. No the solution to deal with bad actors is not this.
Christian
Or maybe not. Was the mark not overstepped long before that leads us to these steps, nothing more than a chance at damage control? Is the problem not junk in, junk out, devaluing the total system? Maybe we should take a step back and examine the whole process from domain registration, looking for potential abuse issues, right through to domain usage including abuse, and then we can have this chat.
Expecting strict policies and procedures for take-downs is a bit too late for anonymous (due to fake whois details) unaccountable $10 domains used for nefarious activities. Also while we are at it; free unverified privacy protection to hide fake whois details in many instances.
You cannot expect a quality finished product without the appropriate feedback and corrective action to the start of the process.
Incidentally, quite a good piece of detective work: http://www.legitscript.com/download/LegitScript_Report_on_Internet-bs_%28Lar...
Derek
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Man, seems you have no guidance to offer... I'll disregard your emails from now on, they are not interesting. ----- Original Message ----- From: "cdel.firsthand.net" <cdel@firsthand.net> To: "At-Large Worldwide" <at-large@atlarge-lists.icann.org> Cc: "At-Large Worldwide" <at-large@atlarge-lists.icann.org> Sent: Thursday, 15 March, 2012 9:07:59 AM Subject: Re: [At-Large] Guidance for Domain Name Orders Franck I didn't true. It is a valid point. That would take a thorough brief and more time. No it really means *doing* something new about this and the way ICANN world is now that needs to happen outside that box. I'm nearly fed up enough though ... However the iFBI initiative won't and can't solve the phish 24hour or 48 hour window either. They are peddling locks for stable doors which they created and tacitly maintain. Christian de Larrinaga On 15 Mar 2012, at 14:26, Franck Martin <franck.martin@gmail.com> wrote:
You critic a lot, but what do you propose practically?
Interestingly you are not providing any hint of solution to the problem I posed.
Toute connaissance est une réponse à une question.
On Mar 15, 2012, at 3:00 AM, Christian de Larrinaga <cdel@firsthand.net> wrote:
Saying the solution to the pathetic record of the DNS industry for innovation and integrity over the last twenty years is to support extra jurisdictional, extra judicial executive actions without due process and accountability for users or registrants is a very odd position to take.
This note by ICANN "security" people is in reality passing the buck on the failure for innovation in the namespace during ICANNs tenure in such a way as create an even bigger problem for the world.
There are solutions that could manage needs of both bona fide registrants and users. But goodness me it would take some market innovation. Now why would a supply chain that makes vast profit out of providing the lowest common denominator commodity service actually make any extra effort? Why would they open up their business cartel and limited monopolies to outside innovators?
How is it that the stability of the DNS has become directly proportional to the registration fee?
After all the DNS Industry is making very fat and luscious profits as things are. Why innovate? Who are you competing with ? What are the drivers to add the sorts of services that are useful to users and registrants
The answer is not to turn the FBI into the iFBI . It is to turn this lumbering mass of blubber into something really responsive to user needs.
It is perhaps worth reminding ourselves that support for ICANN was established because those building network orientated services understood that the Internet space was not up to scratch. The most important thing for the Internet going forward is that it is itself a platform for innovation for users but also of the Internet itself.
This drive for innovation lies behind the support for a private sector ICANN rather than the fear of incumbent favouring, lumbering slothful cartel tainted ITU. (the widely held view of networking data people).
Now I am sorry but the record at ICANN for innovation since then is not encouraging. The policy debates are mercantilist not innovative. The entire gTLD process is orientated around carving up the cake. It is as if the multi-stakeholders gathering around ICANN really believe that innovation depends on the slice you get.
The point of ICANN is to defend and promote innovation at the edges. That is why it was started as a user focused organisation. What we see in reality is none of that. We see DNSSEC and IDNs. A start but both starts coming from the centre not really the edge.
Incidentally that you can read on this list people seriously unpicking the interests of "users" from "registrants" is I think very telling. What happened to the notion of a domain for every user domain?
Christian
On 14 Mar 2012, at 18:35, Derek Smythe wrote:
On 3/14/2012 1:08 PM, Christian de Larrinaga wrote:
I think this ICANN paper oversteps the mark significantly. Encouraging extra judicial, extra jurisdictional executive actions is highly destabilising as it interferes with local multi-stakeholder processes.
ICANN is not in existence to replace localism with global control but to co-ordinate between local controls in regards the technical management of some of the Internet's unique resources.
Yes there is a problem with DNS being a significant vector for bad actors as well as good ones. No the solution to deal with bad actors is not this.
Christian
Or maybe not. Was the mark not overstepped long before that leads us to these steps, nothing more than a chance at damage control? Is the problem not junk in, junk out, devaluing the total system? Maybe we should take a step back and examine the whole process from domain registration, looking for potential abuse issues, right through to domain usage including abuse, and then we can have this chat.
Expecting strict policies and procedures for take-downs is a bit too late for anonymous (due to fake whois details) unaccountable $10 domains used for nefarious activities. Also while we are at it; free unverified privacy protection to hide fake whois details in many instances.
You cannot expect a quality finished product without the appropriate feedback and corrective action to the start of the process.
Incidentally, quite a good piece of detective work: http://www.legitscript.com/download/LegitScript_Report_on_Internet-bs_%28Lar...
Derek
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large At-Large Official Site: http://atlarge.icann.org
May I please remind standards of courtesy on this list, for everyone. Private email are often better than public correspondence. Thanks for your understanding, Olivier On 15/03/2012 10:16, Franck Martin wrote :
Man, seems you have no guidance to offer... I'll disregard your emails from now on, they are not interesting.
----- Original Message ----- From: "cdel.firsthand.net" <cdel@firsthand.net> To: "At-Large Worldwide" <at-large@atlarge-lists.icann.org> Cc: "At-Large Worldwide" <at-large@atlarge-lists.icann.org> Sent: Thursday, 15 March, 2012 9:07:59 AM Subject: Re: [At-Large] Guidance for Domain Name Orders
Franck
I didn't true. It is a valid point. That would take a thorough brief and more time. No it really means *doing* something new about this and the way ICANN world is now that needs to happen outside that box. I'm nearly fed up enough though ...
However the iFBI initiative won't and can't solve the phish 24hour or 48 hour window either.
They are peddling locks for stable doors which they created and tacitly maintain.
Christian de Larrinaga
On 15 Mar 2012, at 14:26, Franck Martin <franck.martin@gmail.com> wrote:
You critic a lot, but what do you propose practically?
Interestingly you are not providing any hint of solution to the problem I posed.
Toute connaissance est une réponse à une question.
On Mar 15, 2012, at 3:00 AM, Christian de Larrinaga <cdel@firsthand.net> wrote:
Saying the solution to the pathetic record of the DNS industry for innovation and integrity over the last twenty years is to support extra jurisdictional, extra judicial executive actions without due process and accountability for users or registrants is a very odd position to take.
This note by ICANN "security" people is in reality passing the buck on the failure for innovation in the namespace during ICANNs tenure in such a way as create an even bigger problem for the world.
There are solutions that could manage needs of both bona fide registrants and users. But goodness me it would take some market innovation. Now why would a supply chain that makes vast profit out of providing the lowest common denominator commodity service actually make any extra effort? Why would they open up their business cartel and limited monopolies to outside innovators?
How is it that the stability of the DNS has become directly proportional to the registration fee?
After all the DNS Industry is making very fat and luscious profits as things are. Why innovate? Who are you competing with ? What are the drivers to add the sorts of services that are useful to users and registrants
The answer is not to turn the FBI into the iFBI . It is to turn this lumbering mass of blubber into something really responsive to user needs.
It is perhaps worth reminding ourselves that support for ICANN was established because those building network orientated services understood that the Internet space was not up to scratch. The most important thing for the Internet going forward is that it is itself a platform for innovation for users but also of the Internet itself.
This drive for innovation lies behind the support for a private sector ICANN rather than the fear of incumbent favouring, lumbering slothful cartel tainted ITU. (the widely held view of networking data people).
Now I am sorry but the record at ICANN for innovation since then is not encouraging. The policy debates are mercantilist not innovative. The entire gTLD process is orientated around carving up the cake. It is as if the multi-stakeholders gathering around ICANN really believe that innovation depends on the slice you get.
The point of ICANN is to defend and promote innovation at the edges. That is why it was started as a user focused organisation. What we see in reality is none of that. We see DNSSEC and IDNs. A start but both starts coming from the centre not really the edge.
Incidentally that you can read on this list people seriously unpicking the interests of "users" from "registrants" is I think very telling. What happened to the notion of a domain for every user domain?
Christian
On 14 Mar 2012, at 18:35, Derek Smythe wrote:
On 3/14/2012 1:08 PM, Christian de Larrinaga wrote:
I think this ICANN paper oversteps the mark significantly. Encouraging extra judicial, extra jurisdictional executive actions is highly destabilising as it interferes with local multi-stakeholder processes. ICANN is not in existence to replace localism with global control but to co-ordinate between local controls in regards the technical management of some of the Internet's unique resources. Yes there is a problem with DNS being a significant vector for bad actors as well as good ones. No the solution to deal with bad actors is not this.
Christian Or maybe not. Was the mark not overstepped long before that leads us to these steps, nothing more than a chance at damage control? Is the problem not junk in, junk out, devaluing the total system? Maybe we should take a step back and examine the whole process from domain registration, looking for potential abuse issues, right through to domain usage including abuse, and then we can have this chat.
Expecting strict policies and procedures for take-downs is a bit too late for anonymous (due to fake whois details) unaccountable $10 domains used for nefarious activities. Also while we are at it; free unverified privacy protection to hide fake whois details in many instances.
You cannot expect a quality finished product without the appropriate feedback and corrective action to the start of the process.
Incidentally, quite a good piece of detective work: http://www.legitscript.com/download/LegitScript_Report_on_Internet-bs_%28Lar...
Derek
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
-- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html
Franck The "guidance" came from ICANN not me. The situation is so off beam as to need more bandwidth to describe a fix than is possible for me today. As I have real world meetings 8am to 8pm. Sorry to disappoint, Christian de Larrinaga On 15 Mar 2012, at 16:16, Franck Martin <franck.martin@gmail.com> wrote:
Man, seems you have no guidance to offer... I'll disregard your emails from now on, they are not interesting.
----- Original Message ----- From: "cdel.firsthand.net" <cdel@firsthand.net> To: "At-Large Worldwide" <at-large@atlarge-lists.icann.org> Cc: "At-Large Worldwide" <at-large@atlarge-lists.icann.org> Sent: Thursday, 15 March, 2012 9:07:59 AM Subject: Re: [At-Large] Guidance for Domain Name Orders
Franck
I didn't true. It is a valid point. That would take a thorough brief and more time. No it really means *doing* something new about this and the way ICANN world is now that needs to happen outside that box. I'm nearly fed up enough though ...
However the iFBI initiative won't and can't solve the phish 24hour or 48 hour window either.
They are peddling locks for stable doors which they created and tacitly maintain.
Christian de Larrinaga
On 15 Mar 2012, at 14:26, Franck Martin <franck.martin@gmail.com> wrote:
You critic a lot, but what do you propose practically?
Interestingly you are not providing any hint of solution to the problem I posed.
Toute connaissance est une réponse à une question.
On Mar 15, 2012, at 3:00 AM, Christian de Larrinaga <cdel@firsthand.net> wrote:
Saying the solution to the pathetic record of the DNS industry for innovation and integrity over the last twenty years is to support extra jurisdictional, extra judicial executive actions without due process and accountability for users or registrants is a very odd position to take.
This note by ICANN "security" people is in reality passing the buck on the failure for innovation in the namespace during ICANNs tenure in such a way as create an even bigger problem for the world.
There are solutions that could manage needs of both bona fide registrants and users. But goodness me it would take some market innovation. Now why would a supply chain that makes vast profit out of providing the lowest common denominator commodity service actually make any extra effort? Why would they open up their business cartel and limited monopolies to outside innovators?
How is it that the stability of the DNS has become directly proportional to the registration fee?
After all the DNS Industry is making very fat and luscious profits as things are. Why innovate? Who are you competing with ? What are the drivers to add the sorts of services that are useful to users and registrants
The answer is not to turn the FBI into the iFBI . It is to turn this lumbering mass of blubber into something really responsive to user needs.
It is perhaps worth reminding ourselves that support for ICANN was established because those building network orientated services understood that the Internet space was not up to scratch. The most important thing for the Internet going forward is that it is itself a platform for innovation for users but also of the Internet itself.
This drive for innovation lies behind the support for a private sector ICANN rather than the fear of incumbent favouring, lumbering slothful cartel tainted ITU. (the widely held view of networking data people).
Now I am sorry but the record at ICANN for innovation since then is not encouraging. The policy debates are mercantilist not innovative. The entire gTLD process is orientated around carving up the cake. It is as if the multi-stakeholders gathering around ICANN really believe that innovation depends on the slice you get.
The point of ICANN is to defend and promote innovation at the edges. That is why it was started as a user focused organisation. What we see in reality is none of that. We see DNSSEC and IDNs. A start but both starts coming from the centre not really the edge.
Incidentally that you can read on this list people seriously unpicking the interests of "users" from "registrants" is I think very telling. What happened to the notion of a domain for every user domain?
Christian
On 14 Mar 2012, at 18:35, Derek Smythe wrote:
On 3/14/2012 1:08 PM, Christian de Larrinaga wrote:
I think this ICANN paper oversteps the mark significantly. Encouraging extra judicial, extra jurisdictional executive actions is highly destabilising as it interferes with local multi-stakeholder processes.
ICANN is not in existence to replace localism with global control but to co-ordinate between local controls in regards the technical management of some of the Internet's unique resources.
Yes there is a problem with DNS being a significant vector for bad actors as well as good ones. No the solution to deal with bad actors is not this.
Christian
Or maybe not. Was the mark not overstepped long before that leads us to these steps, nothing more than a chance at damage control? Is the problem not junk in, junk out, devaluing the total system? Maybe we should take a step back and examine the whole process from domain registration, looking for potential abuse issues, right through to domain usage including abuse, and then we can have this chat.
Expecting strict policies and procedures for take-downs is a bit too late for anonymous (due to fake whois details) unaccountable $10 domains used for nefarious activities. Also while we are at it; free unverified privacy protection to hide fake whois details in many instances.
You cannot expect a quality finished product without the appropriate feedback and corrective action to the start of the process.
Incidentally, quite a good piece of detective work: http://www.legitscript.com/download/LegitScript_Report_on_Internet-bs_%28Lar...
Derek
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Educate them?
BTDT. It doesn't work. Data is easy to find. To flip it around, how is ICANN's public interest mission consistent with enabling obvious, egregious, financial fraud? Do you believe that the rights of registrants are always more important than the rights of the people who those registrants defraud? R's, John
On Mar 13, 2012, at 8:08 PM, Franck Martin wrote:
Consider the type of activities described at http://www.antiphishing.org/
You receive a fake email from your bank containing a link to malware on a hosted domain.
If you are the real bank, what actions can you take to protect the users that have received this email?
On 03/14/2012 05:10 PM, John R. Levine wrote:
...Do you believe that the rights of registrants are always more important than the rights of the people who those registrants defraud?
Until there is a trial or impartial investigation into the facts it is premature to say that X has defrauded Y. It bothers me when systems are constructed on presumptions of guilt. --karl--
Karl, you skillfully are not answering the question. Printed on recycled paper! On 14/03/2012, at 17:43, Karl Auerbach <karl@cavebear.com> wrote:
On 03/14/2012 05:10 PM, John R. Levine wrote:
...Do you believe that the rights of registrants are always more important than the rights of the people who those registrants defraud?
Until there is a trial or impartial investigation into the facts it is premature to say that X has defrauded Y.
It bothers me when systems are constructed on presumptions of guilt.
--karl--
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 03/14/2012 06:38 PM, Franck Martin wrote:
Karl, you skillfully are not answering the question.
I wasn't trying to answer the question you asked but rather to clarify the assumptions in the situation that John L. posited. For your question - it seems that first we need to recognize that fraudsters are pretty clever and that we probably can't get rid of 'em entirely - all we can do is mitigate. So what can banks to do protect their customers against fraudulent emails that invite those customers to do something damaging? My sense is that the overall problem is that we value convenience over security - we've made it very easy for use to be fooled because we have removed seemingly inconvenient steps where security checks could be applied. Sure there are counter measures - education of users, a more complete crypto key system and actual use of mutual identification and authentication (which might require the acceptance of some sort of governmental or quasi-governmental lord-agency-of-identity.) Transaction limits and insurance can help too. But whatever those measures - the notion that we should shoot the accused before we measure the facts supporting the accusation - well that is a system that not only is contrary to our established sense of justice and process but it is also a process that can be manipulated by those who want to gain through the false accusation of innocents. As for ICANN - I find ICANN too quickly jumping into the role of enforcer on behalf of law investigative bodies. By this I mean that ICANN is adopting policies in which inquiry and accusation result in execution of the accused without the burden of an actual fact finding trial or inquiry. Sure, such trials and inquiries are slow and can be expensive - but do we want to live on an internet without those trials and inquiries? We ought to always remember that the next to be unjustly accused may be ourselves. --karl--
| So what can banks to do protect their customers against fraudulent emails that invite those customers to do | something damaging? In this world, among the things they actually do is to contact registrars who turn off hundreds, sometimes thousands, of domains every day that are used purely for fraud. The accuracy rate is surprisingly good -- on the rare occasions when they screw up, it's a cause celebre. I can't tell you what happens in the world where Karl lives.
Oh, by the way once the email is sent you have about 12 hours to do something after that the miscreants have done enough gains and moved on. Toute connaissance est une réponse à une question. On Mar 14, 2012, at 7:09 PM, Karl Auerbach <karl@cavebear.com> wrote:
On 03/14/2012 06:38 PM, Franck Martin wrote:
Karl, you skillfully are not answering the question.
I wasn't trying to answer the question you asked but rather to clarify the assumptions in the situation that John L. posited.
For your question - it seems that first we need to recognize that fraudsters are pretty clever and that we probably can't get rid of 'em entirely - all we can do is mitigate.
So what can banks to do protect their customers against fraudulent emails that invite those customers to do something damaging?
My sense is that the overall problem is that we value convenience over security - we've made it very easy for use to be fooled because we have removed seemingly inconvenient steps where security checks could be applied.
Sure there are counter measures - education of users, a more complete crypto key system and actual use of mutual identification and authentication (which might require the acceptance of some sort of governmental or quasi-governmental lord-agency-of-identity.) Transaction limits and insurance can help too.
But whatever those measures - the notion that we should shoot the accused before we measure the facts supporting the accusation - well that is a system that not only is contrary to our established sense of justice and process but it is also a process that can be manipulated by those who want to gain through the false accusation of innocents.
As for ICANN - I find ICANN too quickly jumping into the role of enforcer on behalf of law investigative bodies. By this I mean that ICANN is adopting policies in which inquiry and accusation result in execution of the accused without the burden of an actual fact finding trial or inquiry.
Sure, such trials and inquiries are slow and can be expensive - but do we want to live on an internet without those trials and inquiries? We ought to always remember that the next to be unjustly accused may be ourselves.
--karl--
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Because data is easy to find doesn't mean that people can't be educated. If education doesn't work, what is the point of writing the books you write? I believe that a registrant is not a guilty person by default, and it is both wrong and inefficient to assume so. Antony On Mar 14, 2012, at 5:10 PM, John R. Levine wrote:
Educate them?
BTDT. It doesn't work. Data is easy to find.
To flip it around, how is ICANN's public interest mission consistent with enabling obvious, egregious, financial fraud? Do you believe that the rights of registrants are always more important than the rights of the people who those registrants defraud?
R's, John
On Mar 13, 2012, at 8:08 PM, Franck Martin wrote:
Consider the type of activities described at http://www.antiphishing.org/
You receive a fake email from your bank containing a link to malware on a hosted domain.
If you are the real bank, what actions can you take to protect the users that have received this email?
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
participants (12)
-
Antony Van Couvering -
Antony Van Couvering -
Carlton Samuels -
cdel.firsthand.net -
Christian de Larrinaga
-
Derek Smythe -
Franck Martin -
John Levine -
John R. Levine
-
Karl Auerbach -
Lutz Donnerhacke -
Olivier MJ Crepin-Leblond