Motion to adopt Tasting Position Statement
Reposting to the correct list as per our rules (thanks Bob). All, as you may know the GNSO Council voted to initiate a PDP on domain name tasting last week in LA (our Councilors of course voted against it). As a result, we have been asked to submit a position statement. Since this issue has been discussed repeatedly among ourselves at various meetings, in two ICANN Workshops, and within the recent Ad Hoc WG, I believe the Registrar positions are clear. I have put together the following statement that I feel reflects our views. If it receives the necessary endorsements it will remain posted for a 14 day discussion period during which we can refine the views expressed to be sure they are reflected fully and accurately (for example, other bullets to add to View 2). Tim I move that we accept the following as the RC position statement and submit it to the GNSO Council as such: The Registrars Constituency (RC) has not reached Supermajority support for a particular position on Domain Name Tasting. Below are statements of the views/positions espoused by RC members. View 1. Many registrars believe that Tasting should be curbed if not eliminated altogether for one or more of the following reasons: a. Tasting is causing general confusion among registrants and potential registrants trying to register domain names. b. Tasting is eroding consumer confidence in the security and trustworthiness of domain name registration services and our industry in general. c. Tasting is causing an increase in support costs for Registrars. d. Tasting violates well-established codes of conduct and good practice intended to ensure security and stability by: i. disturbing the stability of a set of existing services that had been functioning satisfactorily, namely the competitive domain name registration services developed by Registrars; ii. disturbing other existing systems and value added services, for example those relying on Zone files, and various third party WHOIS services; iii. increasing costs that must be absorbed by others not participating in or benefiting from Tasting. e. Despite the long held tenet of "First do no harm," there has been no research, testing for potential disruption of existing services, public review, or comment prior to this high volume activity abruptly occurring in the DNS. In summary, high volume Tasting activity has undermined expectations about reliable behavior and in so doing has reduced trust in the security and stability of the system and has increased costs for registrars, registrants, and others not participating in the activity. View 2. Many registrars believe that Tasting should not be a matter of concern or action by the GNSO or ICANN for one or more of the following reasons: a. Tasting takes place due to market demand, and the market should be allowed to evolve as demand dictates. b. ICANN is not a regulatory body, and according to its own bylaws, coordinates policy development reasonably and appropriately related to technical functions of the DNS. ICANN should not be regulating market activity. Notwithstanding the above, the RC is in near unanimous agreement that sun-setting the Add Grace Period (AGP) is not an appropriate action should the GNSO decide to address Tasting activity. Many Registrars who do not participate in Tasting use the AGP in various ways not related to Tasting, as detailed in section 4.4 of the Outcomes Report of the GNSO Ad Hoc Group on Domain Name Tasting. Report found here: http://gnso.icann.org/drafts/gnso-domain-tasting-adhoc-outcomes-report-final... Sun-setting the AGP would unnecessarily put additional burdens and costs on Registrars and Registrants using the AGP for these non-Tasting reasons. To the extent that the GNSO should decide to recommend policy or actions with the intent of curbing or eliminating Tasting activity, RC members are in general agreement that: Preferred - The GNSO should recommend that ICANN make the transactional fee component of the variable Registrar fees apply to all new registrations except for a reasonable number that are deleted within the AGP. Implementation time for Registrars would be negligible. Acceptable but not preferred - The GNSO should encourage gTLD Registries to only allow AGP refunds on a reasonable number of new registrations, noting that such action is affective only if all gTLD registries apply it, and do so in a reasonably consistent manner. Implementation time for Registrars could be substantial depending on how each Registry decided to define their policy. If Registrars need to modify their systems and/or services a minimum of 90-days advance notice should be given. Note that neither of the above actions requires new policy or modifications to existing policy. Therefore the RC, regardless of their view, is generally opposed to a PDP on this issue.
Tim,
The Registrars Constituency (RC) has not reached Supermajority support for a particular position on Domain Name Tasting. This puts a (process) conclusion ahead of any (policy) ballot. I suggest not making (process) comments, after all, in theory we could reach a two-thirds position among the voting RC members.
I think we should put the stability and security issue up front. Phish live for days, and the volume of tasting registrations makes it wicked difficult to create mechanisms which rely upon this critical temporal property -- registrations in the first tens of hours of life -- to detect and change A records used in Phish. Part of the energy for WHOIS comes from the claim that without WHOIS Phish can't be caught. We don't want to make that belief more credible than it already is. I'll talk to the anti-Phish TF folks and get back to the RC, unless someone already has some text ready to go. Eric
The motions and discussion make this out to be more complicated than the work requires. At this point, the Council has requested that we appoint someone to compile a report of the constituency views. This person need not represent our interests in any forum as the Council has chosen to use an open working group format in which there are no specific constituency representatives - anyone interested can participate. The important thing now is to create this report that captures the views of the constituency. Whomever we appoint should be free to use whatever means appropriate to solicit and record these views. On 9-Nov-07, at 5:32 PM, Eric Brunner-Williams wrote:
Tim,
The Registrars Constituency (RC) has not reached Supermajority support for a particular position on Domain Name Tasting. This puts a (process) conclusion ahead of any (policy) ballot. I suggest not making (process) comments, after all, in theory we could reach a two-thirds position among the voting RC members.
I think we should put the stability and security issue up front. Phish live for days, and the volume of tasting registrations makes it wicked difficult to create mechanisms which rely upon this critical temporal property -- registrations in the first tens of hours of life -- to detect and change A records used in Phish. Part of the energy for WHOIS comes from the claim that without WHOIS Phish can't be caught. We don't want to make that belief more credible than it already is.
I'll talk to the anti-Phish TF folks and get back to the RC, unless someone already has some text ready to go.
Eric
Ross Rader Director, Retail Services t. 416.538.5492 c. 416.828.8783 http://www.domaindirect.com "To solve the problems of today, we must focus on tomorrow." - Erik Nupponen
I think Tim Ruiz did a great job summarizing it. Tim you available to do it? On 11/10/07, Ross Rader <ross@tucows.com> wrote:
The motions and discussion make this out to be more complicated than the work requires. At this point, the Council has requested that we appoint someone to compile a report of the constituency views. This person need not represent our interests in any forum as the Council has chosen to use an open working group format in which there are no specific constituency representatives - anyone interested can participate.
The important thing now is to create this report that captures the views of the constituency. Whomever we appoint should be free to use whatever means appropriate to solicit and record these views.
On 9-Nov-07, at 5:32 PM, Eric Brunner-Williams wrote:
Tim,
The Registrars Constituency (RC) has not reached Supermajority support for a particular position on Domain Name Tasting. This puts a (process) conclusion ahead of any (policy) ballot. I suggest not making (process) comments, after all, in theory we could reach a two-thirds position among the voting RC members.
I think we should put the stability and security issue up front. Phish live for days, and the volume of tasting registrations makes it wicked difficult to create mechanisms which rely upon this critical temporal property -- registrations in the first tens of hours of life -- to detect and change A records used in Phish. Part of the energy for WHOIS comes from the claim that without WHOIS Phish can't be caught. We don't want to make that belief more credible than it already is.
I'll talk to the anti-Phish TF folks and get back to the RC, unless someone already has some text ready to go.
Eric
Ross Rader Director, Retail Services t. 416.538.5492 c. 416.828.8783 http://www.domaindirect.com
"To solve the problems of today, we must focus on tomorrow." - Erik Nupponen
-- Jay Westerdal CEO, Name Intelligence www.domaintools.com http://blog.domaintools.com (Corporate Blog) 206.866.5090 (Cell)
Hi everyone- I am chair of the Anti-Phishing Working Group DNS sub-committee. The sub-committee recently performed a study on the use of domain name tasting by phishers. The conclusions of the study were: 1) Two independent analyses of phishing and domain tasting data showed no correlation between tasting and phishing. 2) Although there have not been formal studies of the impact of domain tasting on the fight against phishing, anecdotal information provided by first responders strongly suggests that the several orders of magnitude of domains registered and deleted daily adds considerable delay to phishing detection, isolation and takedown procedures. The full text of the study can be found here: http://www.antiphishing.org/reports/DNSPWG_ReportDomainTastingandPhishin g.pdf Please let me know if you have additional questions for the sub-committee. -Laura
-----Original Message----- From: owner-registrars@gnso.icann.org [mailto:owner- registrars@gnso.icann.org] On Behalf Of Eric Brunner-Williams Sent: Friday, November 09, 2007 2:33 PM To: Tim Ruiz Cc: Registrars Constituency Subject: Re: [registrars] Motion to adopt Tasting Position Statement
Tim,
The Registrars Constituency (RC) has not reached Supermajority support for a particular position on Domain Name Tasting. This puts a (process) conclusion ahead of any (policy) ballot. I suggest not making (process) comments, after all, in theory we could reach a two-thirds position among the voting RC members.
I think we should put the stability and security issue up front. Phish live for days, and the volume of tasting registrations makes it wicked difficult to create mechanisms which rely upon this critical temporal property -- registrations in the first tens of hours of life -- to detect and change A records used in Phish. Part of the energy for WHOIS comes from the claim that without WHOIS Phish can't be caught. We don't want to make that belief more credible than it already is.
I'll talk to the anti-Phish TF folks and get back to the RC, unless someone already has some text ready to go.
Eric
1) Two independent analyses of phishing and domain tasting data showed no correlation between tasting and phishing.
Well, then they just aren't looking in the right places, and should consult some people who know what they are talking about: +++ Kristina Rosette, Intellectual Property Constituency: http://www.icann.org/meetings/saopaulo/captioning-dnmarket-06dec06.htm AND IT IS MY UNDERSTANDING THAT THE TASTERS HAVE REALLY, TO A CERTAIN EXTENT, STARTED TO SHIFT THE FOCUS IN TERMS OF DERIVING REVENUE FROM ADVERTISING TO A CORE OF THEM, AND I DON'T MEAN TO SUGGEST THAT THIS IS TRUE FOR ALL OF THEM, BUT THERE ARE SOME WHO ARE VIEWING THIS AS AN OPPORTUNITY FOR PHISHING +++ Coalition Against Domain Name Abuse, Josh Bourne: http://www.cadna.org/en/prepared-statement-july-24.html Domain tasting and kiting are also used to facilitate phishing. +++ Perhaps it might be a good idea for your analysts to contact some of these experts who are pretty sure about what is going on, because it is awfully rude of you to say that the IPC and CADNA don't know what they are talking about. Why, if I believed you, then I'd have to believe the IPC, CADNA and others are just making stuff up. So you should think twice before you go around flinging insults at these well known experts, by suggesting they are not being truthful, the way you have done here.
Laura, All kidding aside, I think this was a solid objective report. Good job. Best regards, Tom Barrett EnCirca, Inc -----Original Message----- From: owner-registrars@gnso.icann.org [mailto:owner-registrars@gnso.icann.org] On Behalf Of John Berryhill Sent: Monday, November 12, 2007 3:09 PM To: 'Laura Mather'; 'Eric Brunner-Williams'; 'Tim Ruiz' Cc: 'Registrars Constituency' Subject: RE: [registrars] Motion to adopt Tasting Position Statement
1) Two independent analyses of phishing and domain tasting data showed no correlation between tasting and phishing.
Well, then they just aren't looking in the right places, and should consult some people who know what they are talking about: +++ Kristina Rosette, Intellectual Property Constituency: http://www.icann.org/meetings/saopaulo/captioning-dnmarket-06dec06.htm AND IT IS MY UNDERSTANDING THAT THE TASTERS HAVE REALLY, TO A CERTAIN EXTENT, STARTED TO SHIFT THE FOCUS IN TERMS OF DERIVING REVENUE FROM ADVERTISING TO A CORE OF THEM, AND I DON'T MEAN TO SUGGEST THAT THIS IS TRUE FOR ALL OF THEM, BUT THERE ARE SOME WHO ARE VIEWING THIS AS AN OPPORTUNITY FOR PHISHING +++ Coalition Against Domain Name Abuse, Josh Bourne: http://www.cadna.org/en/prepared-statement-july-24.html Domain tasting and kiting are also used to facilitate phishing. +++ Perhaps it might be a good idea for your analysts to contact some of these experts who are pretty sure about what is going on, because it is awfully rude of you to say that the IPC and CADNA don't know what they are talking about. Why, if I believed you, then I'd have to believe the IPC, CADNA and others are just making stuff up. So you should think twice before you go around flinging insults at these well known experts, by suggesting they are not being truthful, the way you have done here.
participants (7)
-
Eric Brunner-Williams -
Jay Westerdal -
John Berryhill -
Laura Mather -
Ross Rader -
Thomas Barrett - EnCirca -
Tim Ruiz