By Greg Rattray — Chief Internet Security Advisor
The “Staff Focus” is a monthly report about what is on the minds of ICANN staff. Each month will be written by a different ICANN staff member.
The “Staff Focus” is a monthly report about what is on the minds of ICANN staff. Each month will be written by a different ICANN staff member.
As I write this “Focus” section, the challenges of Internet security are receiving ever higher levels of public attention around the globe. In parallel, the ICANN staff has also been strengthening its capacity to contribute to security efforts to address growing concerns. I have been working with the staff, Board, and community to develop the “ICANN Plan for Enhancing Internet Security, Stability and Resiliency.” The plan describes the organization's specific role in addressing security, stability, and resiliency; overviews our programs in this area; and details specific activities throughout the next year. This first version of the plan is intended as a foundation on which ICANN will establish its framework for organizing security, stability, and resiliency efforts. We've recently posted the plan for public comment and I look forward to engaging in dialogue with the community regarding ICANN's role and the plan's vision and activities.
The ICANN security staff is also engaged in a number of collaborative efforts which contribute to community security, stability, and resiliency efforts. In May 2008, ICANN initiated a program in conjunction with the regional ccTLD associations to provide training for Attack and Contingency Response Planning (ACRP). To date, six ACRP training sessions have been conducted involving over 75 ccTLD operators and 150 associated personnel. Since February of this year, ICANN has played an active role in facilitating information sharing with the DNS community in association with security researchers, IT and anti-malware vendors, incident responders, and others in the Internet security community to fight the spread of the Conficker worm and its potential control for malicious purposes. The ability of the Conficker worm to use the DNS system as a control mechanism has been greatly reduced by the collaborative efforts of the community. We look forward to working with others and to build on this Conficker teamwork model to establish ever more effective DNS collaborative response mechanisms in dealing with future threats. The security team also works daily with other staff on a variety of initiatives from the establishment of new gTLDs and IDNs, to the implementation of Domain Name System Security Extensions (DNSSEC).
We firmly believe that our contribution to the overall security, stability, and resiliency of the Internet starts with our own corporate security and continuity programs. We established a meetings security program that was successfully implemented for the recent Mexico City meeting. We've similarly initiated a corporate pandemic contingency plan. We've completed an ICANN Information Security Plan and are establishing an integrated security, contingency, and risk management foundation to guide ICANN investments going forward.
The Internet has become a fundamental feature in our daily lives and we all rely on the unique identifier systems in order to use it. ICANN and its staff will continue our collaborative efforts within the community to ensure that those unique identifier systems remain secure, stable, and resilient.
What's new with New gTLDs?
ICANN Staff continues to balance the desire to move ahead with the launch of new generic Top Level Domains (new gTLDs) with continuing to address concerns raised by the Community. The public comment period for the Applicant Guidebook v2 has recently closed and an analysis report is being written and will be published at the end of May. Version 3 of the Draft Applicant Guidebook, originally anticipated for publication prior to the ICANN Sydney Meeting, has been postponed as consultation work on the overarching issues continues. Meaningful updates will be shared with the community prior to Sydney through the publication of v3 excerpts.
The application process for New gTLDs is currently expected to open in Q1 2010.
ICANN is still seeking firms to perform key roles in reviewing applications for new gTLDs and has extended the application period for firms interested in serving as independent evaluators. Independent evaluators will be retained by ICANN and will play a key role in determining the future of the Internet's domain naming system. The deadline for Expressions of Interest to be an Independent Evaluator has been extended until June 11, 2009.
If you have any questions regarding this process, please email: email@example.com.
More details: http://www.icann.org/en/announcements/
The Governmental Advisory Board (GAC) is looking into possible options to resolve the outstanding implementation issues regarding the protection of geographic names as it relates to the introduction of new gTLDs. The Board requested a final report from the GAC by 25 May. A recent letter from the GAC to ICANN on the issue can be found here: http://www.icann.org/correspondence/
Overarching Issue Activities
i. Trademark Protection
An Implementation Recommendation team (IRT) has been formed by ICANN's Intellectual Property Constituency in accordance with the 6 March 2009 ICANN Board resolution. The team reflects experience and geographic diversity and is comprised of 18 members and two alternates. The IRT is working on proposed solutions for trademark protection issues. Public Comments on their Initial Draft Report (http://www.icann.org/en/topics/new-gtlds/irt-draft-report-trademark-protection-24apr09-en.pdf) is open until 24 May 2009.
More details: http://www.icann.org/en/announcements/announcement-24apr09-en.htm
Note: The work of the IRT is not the only source of input ICANN will be considering.
ii. Potential for Malicious Conduct
ICANN is actively seeking comment on this issue through participation in the dedicated wiki (https://st.icann.org/new-gtld-overarching-issues/) and through direct contact with Staff. Several parties have expressed interest providing comment including: the Anti Phishing Working Group (APWG), the Messaging Anti-Abuse Working Group (MAAWG), the Registry Internet Safety Group (RISG), individual Registries and Registrars, members of the National Cyber-Forensics and Training Alliance (NCFTA), members of the Forum for Incident Responders and Security Teams (FIRST), and large commercial e-commerce operators.
Comment on this issue and suggestions for measures to mitigate potential increases in malicious conduct arising from the addition of new gTLDs is welcome from all interested parties and organizations.
iii. Security and Stability
Root Zone Scaling: The Root Server System Advisory Committee (RSSAC) and The Security and Stability Advisory Committee (SSAC) will be working on a study to address root scaling impact. This study will look at the root impact of not only adding new gTLDs, but also IDNs, DNSSEC, IPV6. The study is expected to be available between Q2 and Q3 of 2009.Terms of Reference will be posted on the dedicated overarching Issues wiki
(https://st.icann.org/new-gtld-overarching-issues/ index.cgi). ICANN invites the community to contribute.
iv. TLD Demand and Economic Analysis
ICANN commissioned an independent third-party to produce reports that address consumer benefits and pricing issues. The comment period closed on 17 April 2009 and Staff is now analyzing the comments and will be posting a combined Final Report prior to Sydney.
What to expect next?
There are several upcoming events scheduled. Beginning with two sessions during the Sydney meeting (June 21 - 26). The first session will be held on Monday, 22 June 2009 and this will provide an update on the new gTLD program. A second session at the end of the day will be presented by registry experts covering registry management best practices.
Regarding the overarching issues consultations RSSAC/SSAC will have a session on root zone scaling. And on Wednesday 24 June there will be a special session addressing Trademark protection and Malicious Behavior issues in the new gTLD program.
Events following the Sydney meeting, concerning overarching issues discussion and general Program update include:
- New York - 13 July 2009 – venue to be confirmed
- London - 15 July 2009 – venue RIBA.org
- Hong Kong - between 20 and 24 of July 2009 - date/venue to be confirmed
- Abu-Dhabi - between 2 and 6 of August 2009 - date/venue to be confirmed
Pre registration and agenda details for the events above will be available on the new gTLD website soon.
IRT Final Report - May 09
Analysis on Draft Applicant Guidebook v2 Public Comments – May 09
Amendment excerpts with changes to the application processes – June 09
Final (combined) Report on Competition and Pricing – June 09
Terms of reference developed by SSAC-RSSAC on DNS stability - Q3/09
IMPORTANT: Draft Applicant Guidebook v3 – Q3/09
IMPORTANT: Applicant Guidebook Final – Q4/09
For an in-depth look at the following Policy topics, go to the May Policy Update at http://www.icann.org/en/topics/policy/update-may09-en.htm
Composition of IDN ccPDP Working Group Announced
IDN ccTLDs have the potential to make the Internet far more accessible to those language speakers in the community who do not use Latin-based character sets or readily recognize US-ASCII characters in domain name strings. At the same time, however, introduction of new character sets must assure Internet security and stability. The ccNSO Council is establishing working groups to delve into various aspects of IDN ccTLD introductions, and recently confirmed the composition of the first, broad-based working group.
ccNSO DNSSEC Survey to be Relaunched
DNSSEC could make a major difference to the security and stability of the Internet. Unclear, however, is the extent to which the community understands let alone embraces this concept. To get at the answers to this question, the ccNSO Council decided to re-launch the ccNSO DNSSEC Survey. The survey was first conducted in September and October 2007.
GNSO Improvements Implementation Efforts Continue to Advance
The Generic Names Supporting Organization (GNSO) community is working to implement a comprehensive series of organizational and structural changes designed to improve the efficiency, effectiveness and accessibility of the organization. Interested community members are encouraged to offer their expertise and brainpower by volunteering to participate in the effort and by joining any one of a number of focused work teams making implementation recommendations.
Geographic Regions Review Charter Ready for Board Approval
The proposed charter of the community-wide working group tasked with the review of ICANN's system of geographic regions has received favorable community reaction and is now ready for approval by the Board.
RIRS Discussing Global Policy Proposal For Recovered IPv4 Address Space
Regional Internet Registries are currently discussing a proposed global policy for handling IPv4 address space returned from the RIRs to IANA. IANA has proposed to allocate such space to the RIRs in smaller blocks than currently, once the free IANA IPv4 address space has been depleted.
SSAC Initiatives Delve Into Many Protective Measures
SSAC has numerous initiatives underway or recently completed, all intended to assure the security and stability of the Internet.
GNSO Council Requests Research on Whois Requirements
Whois is the data repository containing registered domain names, registrant contacts and other critical information. Questions persist concerning the use and misuse of this important resource. The GNSO Council continues its inquiries into the suitability of Whois going forward.
Registration Abuse Policies Get Closer Look
Registries and registrars seem to lack uniform approaches to dealing with domain name registration abuse, and questions persist as to what actions constitute “registration abuse.” The GNSO Council has launched a Registration Abuse Policies (RAP) Working Group to take a closer look at registration abuse policies.
GNSO Considers Expired Domain Name Recovery Changes
To what extent should registrants be able to reclaim their domain names after they expire? At issue is whether the current policies of registrars on the renewal, transfer and deletion of expired domain names are adequate. An Issues Report requested by the At-Large Advisory Committee (ALAC) on this topic was submitted to the GNSO Council on 5 December 2008.
Making it Easier to Transfer Domains Between Registrars
The Inter-Registrar Transfer Policy (IRTP) aims to provide a straightforward procedure for domain name holders to transfer their names from one ICANN-accredited registrar to another. The GNSO is reviewing and considering revisions to this policy.
How do we Deal with Fast Fluxing Cybercriminals?
Fast flux attacks refer to techniques used by cybercriminals to evade detection by rapidly modifying IP addresses and/or name servers. The GNSO is exploring appropriate action.
At-Large Community Policy ADVICE Development Schedule Online
Policy Staff have begun publishing an “at-a-glance” page of information related to policy advice development processes in the At-Large community.
At-Large Provides Advice in Four Key Areas
The At-Large Advisory Committee (ALAC) and the larger At-Large community concluded their consultation processes and issued Advisories/Public Consultation Inputs on New gTLDs, Improving Institutional Confidence, Intellectual Property Recommendations for New gTLDs, and FY2010 Budget and Operating Plan Framework Statements.
At-Large Community Summit Follow-Up Process Continues
The At-Large Advisory Committee (ALAC) agreed to a roadmap in March to help maintain the enthusiasm and engagement resulting from the February At-Large Summit. Ongoing work and policy advice continues to be generated by the At-Large community as a result, including the four Advisories/Public Consultation noted above.
ON THE MOVE
Ray Plzak, former CEO of ARIN, has been elected by the Address Supporting Organization (ASO) Address Council (AC) to succeed David Wodelet on the ICANN Board.
The main IDN topic currently occupying the community is the allocation of IDN TLDs – either through the New gTLD Program or the IDN ccTLD Fast Track Process. And it is the same for staff. We have been very busy taking all public comments and input into consideration in building these processes, and a newly revised version of the Draft Implementation Plan for the Fast Track Process will be posted in May. The latest draft contains the responses and considers all the comments received through 6 April 2009, the close of the last comment period, as well as various topics raised during the Mexico City meeting (March 1–6, 2009).
So how many more revisions are we likely to see before this process is launched? Just a few. The Board wants to see the final process implementation plan ready for consideration no later than the Seoul meeting (25–30 October 2009). This means that the Fast Track process could launch before the end of 2009.
The main topics that remain to be resolved are discussed fully in three topic papers that also will be released in May:
• Proposed Documentation of Responsibility (DoR) between ICANN and prospective IDN ccTLD managers (revision 1.0).
• Proposed Development and use of IDN Tables and character variants for second and top level strings (revision 1.0).
• Proposed Financial Contributions to support the development and deployment of IDN ccTLDs.
From comments received so far, community opinion seems to be divided on these three topics. ICANN staff is attempting to find a workable middle road, but we look forward to further discussions during the Sydney meeting in June.
Other important IDN related topics in brief are:
IDNA Protocol Revision - The IETF is still revising the technical standards that are the basis for what constitutes an IDN. We remain hopeful that the revision will be completed sufficiently to provide the requirements for IDN TLD strings (both gTLD and ccTLD) to be allocated in the root – and for TLD operators (regardless of whether an IDN is at second or top level or both). The next IETF meeting is schedule for the last week of July, and staff will participate and report back on how this work is moving ahead. It is a big challenge and many volunteers are putting a lot of effort and hours into solving these last pieces.
Pre-registration rights - One of the main questions relating to the launch of IDN TLDs is whether existing registrants will have pre-registration rights. In other words, “If I have registered <domainname>.tld, then how will you ensure that I am also the registrant of <domainname>.<idn-tld> for all languages?” The answer is that this is possible, but definitely not a guaranteed option. Why? Well, first of all raising the question shows that there is an expectation that:
1. There is a way to translate the dot-tld into other languages. In doing that with dot-test, we found it quite a challenge to find a word that is an adequate translation for all users in a community. Often there is more than one way to express the word “test” in various languages. Some existing TLDs might be easier to translate than others, but frequently they can either not be translated meaningfully, or they can be represented several ways within one language. However, there has never been a model for "translating" TLDs into anything. They are not standardized abbreviations. The ccTLDs in particular are a standardized coding system, chosen as codes for a number of reasons including recognizability and distinctiveness of undecorated Latin character.
2. That the registry operator for the dot-tld will apply to become the operator for such new IDN TLD(s), and if they do and their application is successful, they will implement dot-tld with aliasing functionality where registrants under dot-tld automatically become registrants of the same domain names under dot-idn-tld. The policy for the IDN TLD allocation processes contains no rule stating that a TLD registry will get pre-rights to an IDN version (if such exists) of an existing TLD. The new gTLD process specifies that such a pre-right does not exist. Thus, ICANN cannot know whether a TLD registry applies for something that could be considered an IDN version of the existing TLD, and also cannot guarantee the registration rules underlying it.
In the case of IDN ccTLDs, the registration policies that apply to IDN ccTLDs will be managed and developed locally. Thus, ICANN cannot guarantee that local registration policies will take pre-rights into consideration – some might, others might not. Indeed, an IDN ccTLD does not need to be managed by an existing ccTLD manager; an entirely new entity in the country or territory can perform this function. We must adopt a wait-and-see attitude as these IDN ccTLDs are introduced, and share the experience and knowledge gained to provide the best possible solution and service to end users.
So, the next steps for the Fast Track will be the release of the revised Draft Implementation plan along with the three topic papers mentioned earlier, followed by the release of a draft web-based form for submitting requests. For the new gTLD process the main IDN work relates to coordinating technical requirements with the Fast Track process and a focus on variant management. All in all it will be a very exciting time ahead of us.
More details can be found at http://www.icann.org/topics/idn/fast-track and http://www.icann.org/en/topics/new-gtld-program.htm
Board Discussion and Decisions
The Board has met twice in the past month; first on 21 April and second at a Board retreat on 15-16 May in Vienna. The Board retreat is not designated as an official Board meeting so there are no minutes.
The Board will meet next on Thursday 21 May. You can see the agenda online at: http://www.icann.org/minutes/agenda-21may09.htm.
Highlights from the 21 April meeting are given below. The full preliminary report is online at: http://www.icann.org/minutes/prelim-report-23apr09.htm.
- Redelegation of Nigeria's .ng top-level domain
- Ombudsman Framework approved
- Update and discussion on GNSO Council restructuring
- Update and discussion on new gTLD program
- Decision to send a letter to the US government regarding RAA amendments
- New conflicts of interest policy posted for public comment
- IPv4 allocation policies approved
- Auditors selected for FY09-10
- Seoul meeting budget approved
A lot is happening with participation in time for the Sydney meeting.
First up, we have been working on new video technology which should not only enable ICANN to produce more videos but also allow everyone to find them more easily to watch videos according to topic as well as watch them in a range of different languages.
What's more, we hope that in the next month or so we will be able to add interactive transcripts in multiple languages onto our webpages. This cutting-edge technology should effectively make videos searchable by search engines.
Tied in with videos, we are expanding our experiment with advanced conferencing software. The pilot with the ccNSO in Mexico City proved so popular that the Council formally recommended its expanded use. So, we're doing just that. And rather than cobbling together five laptops we have built custom boxes so we will be able to simply sit it down and install it wherever we go.
This system enables us to stream live audio, video, chatrooms and presentations in a single window so you can follow exactly what is going on in a room. And we can record the session and upload it to be reviewed whenever you like in the future. Combined with the transcript technology above, the hope is that whatever happens in meetings can be captured and made instantly discoverable.
A big part of participation is translation. An increasing number of ICANN participants do not have English as their first language and so in order to be truly representative of a global audience, for the past year ICANN has been increasing the amount of translation and interpretation it offers .
There are several things worth noting with translation. First and foremost, ICANN has a translations manager who has been building much better systems for making translations available. But we are also doing more translation and of increasing quality. We have put in place a new community-request translation system where the community can request any page on the ICANN website be translated with just two clicks – and we have been following that demand and translating pages where there is a clear demand. The first page to benefit from this community request was the UDRP page at http://www.icann.org/en/udrp/ - now available in 11 languages.
Internally, we are also introducing a specialized piece of open-source translation software that should improve the speed and efficiency of translation and, we hope, soon make it possible to allow the community to feed back into our translation efforts directly. Real participation should mean real results in helping ICANN to perform its work.
What else? The Board Public Participation Committee has been busy looking at ways of improving participation. It will shortly draw up a document deadline policy which should mean that documents are provided to the community much sooner before meetings – giving you more time to properly read documents before discussing them. The Committee is also looking at new remote participation tools in the hope of allowing those not physically at meetings to be able to interact with events.
We recently improved the public comments page at http://www.icann.org/en/public-comment to make it easier to see what is going on and we are reforming the way in which public comment periods are run.
We're on Twitter. There are several outlets. “ICANN” is the main ICANN Twitter feed – where you can follow what is the latest news from ICANN or concerning ICANN. We have a Spanish feed at “icann_es” and we have an account specifically for IDN TLDs at “idntlds”. It's been only two months or so since we started the service but already we have over 1,500 people subscribed.
One big change that will impact everyone – we are currently working on a usability study for the ICANN main website. The website needs a revamp and redesign so we are taking the opportunity to ask everyone what they actually do with the website and what they would like to do so that we can redesign it to fit in with the needs of the community. We will be asking for your help and feedback on that study soon.
And we continue to try to improve the way that ICANN shares information and allows people to make their views known to make participation within ICANN simple, easy and effective. There are new factsheets coming out, improved webpages, more blog posts, better participation systems, and so on.
We're always happy to listen to what you have to say about what would make your life easier to effectively participate in ICANN, so if you have any ideas or want to know more about what is above, please do email firstname.lastname@example.org and we'll get back to you.
General Manager of Public Participation
Why the Fellowship Program is Important to ICANN and the Community: A Letter from Alumni Gao Mosweu
As I become a stronger member of the internet and ICANN community, I felt it important to share my own journey in order to encourage others to start or continue with their work. I was one of the participants from the first fellowship round for the San Juan Meeting in June 2007. From that meeting alone, I learned so much about ICANN, its processes, and the community of people that make it all happen. Being able to participate in person at the meeting opened my eyes to the fact that a lot of people in my country do not know about Internet Governance (IG), let alone the tremendous work that ICANN does. Subsequent to the San Juan Meeting, I was selected to participate at the Los Angeles meeting, and then invited to the Paris Meeting to participate and act as a mentor to first time fellows.
For me, the experience became a launching pad to find my voice within my local community and become much more involved at that community level. Since 2007, I have organized workshops on IG issues, IPv6 training for local technicians, and made a presentation about ICANN at those events.
I also regularly teach a group of part time students e-commerce, and every year since I got involved with ICANN, each of them graduates from the course knowing at least about ICANN and its work around the world.
This year, I have also been able to get involved with the redelegation process for our ccTLD – the dot-bw domain. I have been able to gather enough courage to walk up to the authorities in charge and challenge them to do something about it.
No, I could not have done it without having been involved with ICANN... You could say that ICANN helped me to be the voice and facilitate the change I wanted to see. It helped me to gain enough confidence to tackle issues relating to the internet community in Botswana.
As I write this now, I have been, for the past few weeks in touch with the Regional Liaison Officer for Africa (Ms. Anne-Rachel Inne), to try to get her to come down to Botswana to facilitate a workshop on the redelegation process. We are working on the specifics but she should be here end of May. I am looking forward to that, and so are many members of the community, who I have mobilized – like the Botswana Information Technology Society, for which I am now Secretary General.
I am going to the airport now for my flight to leave to Namibia, to meet other people, who I met through the ICANN network, who will be training me on the management of the ccTLD.
Imagine, if it could help Botswana in the way it has, what about other countries?
ICANN has helped me and my country in a phenomenal way through my fellowship participation!
ICANN Acronyms Explained
ccPDP—Country Code Policy Development Process
Initiated by the ccNSO to develop and recommend to the ICANN Board a long term, overall policy for the introduction and delegation of internationalized country code top level domains (IDN ccTLDs)
On 7 April 2009, the ccNSO Council officially started a ccPDP by accepting an Issues Report (http://www.ccnso.icann.org/workinggroups/ final-issues-report-idn-ccpdp-02apr09.pdf) recommending ccNSO action, and by approving a resolution (http://ccnso.icann.org/workinggroups/ resolutions-initiation-idn-ccpdp-07apr09.pdf) to:
- Initiate the IDN country code Policy Development Process;
- Appoint working groups as suggested in the Issues Report; and
- Approve the proposed PDP Time Line.
As a first step in the IDN ccPDP, a working group will be established to develop proposed recommendations on an overall policy on the introduction and delegation of IDN ccTLDs. These draft recommendations will be posted for public discussion and consultation. This working group will be broad based, involving representatives from multiple ICANN Supporting Organizations and Advisory Committees.
More Information: http://www.icann.org/en/announcements/
We've been given the “icann” Twitter name, and will use that as the main ICANN Twitter feed.
You can find an English Twitter feed at icann (http://twitter.com/icann), icann_en (http://twitter.com/icann_en) and a Spanish one at icann_es (http://twitter.com/icann_es).
We have been using the tag #icann, as have many of you in the community, to flag any posts (”tweets”) relevant to ICANN. You can see all those posts through a Twitter search for “#icann”.
Draft FY10 Operating Plan and Budget .... Ready for Your Consideration
17 MAY 09
Advisory: OnlineNIC Transfer Issues Resolved
15 MAY 09
Bulk Transfer of Parava Domains to Tucows
14 MAY 09
Status Overview of IPv4 Block Allocation Published
12 MAY 09
Public Comment: Revised gTLD Registries
11 MAY 09
Upcoming Meetings - May 2009
- 21 May: Board Meeting
- 26 May: Board IANA Committee Meeting
Upcoming Meetings - June 2009
- 3 June: ICANN Board Governance Committee Meeting
- 9 June: ICANN Board Public Participation Committee Meeting
- 21-26 June: Public ICANN Meeting (Sydney)
HAVE YOUR VOICE HEARD
Visit the Public Participation Site and let us know what you think about the current issues.
If you care about the Internet and how it evolves, your voice will only be heard if you get involved.
Policy update: http://www.icann.org/en/topics/policy/
Compliance newsletter: http://www.icann.org/en/compliance/newsletter/
Monthly magazine: http://www.icann.org/en/magazine/
Public Participation: http://public.icann.org
We Want To Hear From You
If you have a comment about an article you've read, want to know more about a particular topic, are confused about an acronym, or if you would you like to submit an Op-Ed article? We invite you to submit your thoughts, ideas, and feedback to us at: email@example.com