Hi All, I'd like to address the point about RA Spec 11 3(b) which I had "bookmarked" in the 1 Aug 2022 googledoc <https://docs.google.com/document/d/1dDXKtna8jtn7y2TO0mr1P7Fg3Pdj_v4B/edit?pl...> at p.12 and which was discussed at this call. As pointed out by Marika and others, RA Spec 11 3(b ) says,
b. *Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets.* Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks. Registry Operator will maintain these reports for the term of the Agreement unless a shorter period is required by law or approved by ICANN, and will provide them to ICANN upon request.
(emphasis mine) What I had intended to refer to (but ended up mis-speaking at the call) was the sentence marked in bold. And the reason why I said I wasn't sure if I had placed my bookmark in the right place on the googledoc is because looking back, it seems like there might be a gap in our discussions but would be happy to receive feedback on the same. Looking at the 12 May 2022 googledoc <https://docs.google.com/document/d/1z_HXNge225XEBEfG1FMFOa4-y9N6npK-/edit?pl...>, item 13 on p. 12, the issue noted by Mark, reads, JULY 20TH MEETING WILL COVER THIS IN DEPTH Issue: the current provisions might not be enough to allow for optimal
mitigation of abuse, the contractual language might be improved. From Compliance’s perspective, they are doing what they can based on their interpretation of what the contracts say. Potential route ->
*The CPs should look for themselves at what needs to be tightened (ask politely?).Example: Spec 11 3b.Basket: Suggestions for negotiations.*
(again, emphasis mine) Then in reviewing our 20 Jul call, I think we moved to a new 19 Jul googledoc <https://docs.google.com/document/d/1pxI9sZDS2DDRXKb3nw4rViZZkwHTp1UHJwrhxCOi...> where item 3 at p. 9, there is a note which reads,
Seems like letter content.
Which led me to think that we would be looking to include in the letter to CPs something about what they thought could/needs to be tightened in respect of the obligation to periodically conduct a technical analysis. In other words, could there potentially be a uniform (min) standard by which the technical analysis is to meet? Something along those lines. If that "standard" already exists, then how is it being explained to the community and by whom (Contractual Compliance?) because that isn't clear, and that goes to the ALAC comment of,
A third area for consideration is where there are already contractual conditions (*Registry* and Registrar) *that should address certain types of abuse (such as those referenced in the Base Registry Agreement Specification 11, section 3b) but do not seem to truly allow effective compliance actions*.
(again, emphasis mine) If not, then how might we address this further, please? Many thanks, Justine On Thu, 25 Aug 2022 at 05:22, Devan Reed <devan.reed@icann.org> wrote:
Dear all,
Please find the links to the audio recording, zoom recording (audio, visual and rough transcript) and chat below for the *GNSO Council Small Team call - Next steps regarding DNS Abuse *held on Wednesday, 24 August 2022 at 20:00 UTC.
*Audio Recording*: https://icann.zoom.us/rec/play/0ysvTtX2ZyMpBRHNBmAPmA6Aarif-rJbxE3MpHOBRpHIf...
*Zoom Recording (includes visual, rough transcript & chat:* https://icann.zoom.us/rec/play/ENyMMqfZIx0awiAj0MjDrUc7uUJkH4q_6_rkb8suH2ofd...
Zoom chat archive (found in zoom recording/ chat tab)
Thank you!
Kind Regards,
Devan _______________________________________________ gnso-dnsabuse-smallteam mailing list gnso-dnsabuse-smallteam@icann.org https://mm.icann.org/mailman/listinfo/gnso-dnsabuse-smallteam
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.