NOTES | DNS Abuse Workshop | 18 November 2021 (12:00 UTC) 1. Welcome By ccNSO Chair Alejandra Reynoso 2. Introduction Alejandra explains the purpose of today’s workshop and what the next steps will be. Slides can be found here: https://community.icann.org/x/FAe7Cg The ccNSO has organized various sessions on Domain Name System (DNS) abuse in recent ICANN Public Meetings. Country code top-level domain (ccTLD) managers and others shared their experiences with respect to mitigating DNS abuse, focusing on what ccTLDs do nationally and regionally. During ICANN72, the conversation shifted to focus on exploring the potential role of the ccNSO itself. Both ccTLDs and other stakeholders suggested activities the ccNSO could undertake to complement existing work being done by the community. Alejandra shows a slide deck with some graphics that include the poll results from the ICANN72 session, noting that not only ccTLDs provided their input. During today’s session, the ccNSO Council and ccTLD community will focus again on the statements. The ccNSO Council will now develop a plan which will be presented to the ccTLD community in early 2022. The goal is to launch the ccNSO activities aimed at mitigating DNS abuse by ICANN73. Peter (CENTR): commented on the ICANN72 session. Is the list of suggestions exhaustive? Suggests to follow a CENTR Board discussion, research of the different options. We believe they will guide us through a more effective approach. Avoid us to be sent on a wild-goose-chase, driven by non ccTLDs. Asks time to explore the possibility for a ccNSO-led study, that could develop in the next couple of months, that could be based on voluntary ccTLD content, starting with existing DNS Abuse feeds. Alejandra confirms this is not an exhaustive list. The proposal of having a study could indeed develop from the discussion today. She also explains how today’s workshop will be conducted (breakout sessions). 3. Reporting back from the breakout sessions Jamboard used during the workshop: https://jamboard.google.com/d/1GLUyZAOeMrChSo40EAwqh3cZMYswSuh9pHS4f_qMGmU/e... * Cluster 1 – Information Sharing – Best practices – (Staff Bart) * Nick, David [cid:image001.png@01D7DC89.53070C00] Report by Nick. Statement 1 & 2 would be straightforward Adjust the mission of the TLD-OPS Group. Set up a notification mailing list Statement 3 & 5 : all agreed with the “do not” statements. Not ignore the definition, but also do not spend too much time in coming up with a new definition. Most controversial statement: caution with the voluntary CoC, diversity in ccTLD world. Ccnso quasi regulatory approach. Contrast between “voluntary”, and “code of conduct”. Audits, what are the consequences of the breach? Very high effort. Scale of work? Tatiana: in addition to level of impact and effort, talk about level of risk. Very high risk when you talk about a Code of Conduct. Solve the problem of enforcement. Not in the current ccNSO model. Focus on coordination and best practice sharing. High risk for ccNSO and ccTLD community. Polling Fully agree (green card): 70 % Partially agree (yellow card): 26 % Don't agree (red card): 0 % No opinion (no show of card): 4 % Maarten: Difficult for a lawyer to say ‘fully agree’. * Cluster 2 – ccTLD outreach and promotion (Staff Joke) * Pablo, Jordan Pablo reports back [cid:image002.png@01D7DC89.53070C00] Statement 1: To encourage ccTLDs to participate in DAAR, has a medium impact and low level of effort. The impact of participating is medium, since the level of data participants receive is not so relevant. Statement 2: Rephrase the suggestion: the ccNSO to neutrally assess the various initiatives Statement 3 & 4: not considered valuable Statement 5: must do. But first we need to have the right data. We should have own studies that relate to ccTLDs, and not rely on third parties. High effort, unless it is done externally. In that case the ccnso should mainly focus on the scope David: question regarding DAAR. Perhaps have an informative session at ICANN73 by ICANN Polling Fully agree (green card): 54 % Partially agree (yellow card): 42 % Don't agree (red card): 4 % No opinion (no show of card): 0 % Frederico: DAAR interface is not suited for many ccTLDs AFAIK the only interface available was to provide regular "zone files" copies to the system. This was done through CZDS. * Cluster 3 – External, non-ccTLD outreach and promotion (Staff Claudia) * Tatiana, Alejandra Tatiana reports back. Did not address all elements. “one size does not fit all”. Important to communicate that ccTLDs address DNS Abuse differently. expectation management. What is needed to achieve the result? E.g. create a DB of who can be contacted, from the ccTLD managers. See how ccnso’s deal with DNS Abuse. Share practices, summarise, cluster initiatives. High impact on ccTLD managers and ccNSO. Also share info with other parts of icann. Many parts of the community do not realise the differences between ccTLDs and gTLDs. Easy to invite outsiders. Make it more visible to others. Polling Fully agree (green card): 52 % Partially agree (yellow card): 32 % Don't agree (red card): 0 % No opinion (no show of card): 16 % Nick: small number of TLDs that typically do not participate in these meetings, and there the problem is concentrated. We already do all of these things. Extent to which the ccNSO calls out fellow community members who do not do enough and negatively impact the reputation. Regina (.eu): I can imagine that the points would benefit from being more concrete so that a full agreement is possible - once the statements are more concrete and the what is needed to do as well Tatiana: Nick, isn’t it a topic for law enforcement in addition to peer pressure? Nick: out of scope for ccNSO Peter: better understanding of the landscape. Restricted remit of the ccNSO. Be careful, this is not about pointing fingers. But have the conversations where they can have an effect on the true nature of the issue Alejandra: question for Peter. Did we address your concern from the beginning of the session? Peter: excellent exercise, overdue probably. Good to open up the discussion for external participants. But now that we had the sessions at ICANN72, we see many useful ideas. We need to make sure to understand the scope of the problem correctly. Overall impression that ccTLDs are doing better than the average in the icann community. Law enforcement’s anger, and BC anger not targeted at ccTLDs. ccTLDs could share their best practices. But the extreme suggestions were diplomatically rejected during the workshop today. The study he envisages does not take a lot of time. A lot of data is already available. E.g. in ICANN studies, in APWG. thorough research could be done by March next year, based on current data sets. The heavy lifting would not be done by ccNSO councilors or members, but a perfect opportunity to use the funds ccTLDs provide to icann, for the past decades. Lucien: Very important to share information and experiences / best practices. Fighting DNS Abuse should be handled at the RO level. Nick: Good discussion - I think we are in violent agreement! 4. Wrap-up The ccNSO Council will now develop a plan which will be presented to the ccTLD community in early 2022. The goal is to launch the ccNSO activities aimed at mitigating DNS abuse by ICANN73. This is not the last time we discuss this. Thank you all Joke Braeken ccNSO Policy Advisor joke.braeken@icann.org
