Site Map

Please note:

You are viewing archival ICANN material. Links and information may be outdated or incorrect. Visit ICANN's main website for current information.

ICANN Meetings in Marrakech, Morocco

Public Meeting of the Security & Stability Advisory Committee

25 June 2006

Note: The following is the output of the real-time captioning taken during the SSAC Public Meeting held on 25 June 2006 in Marrakech, Morocco. Although the captioning output is largely accurate, in some cases it is incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record.

>>STEVE CROCKER: WELCOME, MY NAME IS STEVE CROCKER.
I'M CHAIR OF THE SECURITY AND STABILITY ADVISORY COMMITTEE.
BEFORE WE BEGIN, THERE'S BROCHURES THAT ARE AVAILABLE OUTSIDE.
AND I'VE PUT A SMALL PILE RIGHT AT THE EDGE OF THE STAGE HERE.
AND WE'VE HANDED OUT A NUMBER TO PEOPLE.
BUT ANYONE WHO WANTS A BROCHURE WHO DOESN'T HAVE ONE YET, FEEL FREE TO COME UP AND GET IT.
IT HAS THE AGENDA.
IT HAS A LITTLE BIT OF BACKGROUND ABOUT OUR COMMITTEE AND SOME POINTERS FOR SOME MORE INFORMATION.
THANK YOU VERY MUCH FOR COMING.
IT'S A BIT UNUSUAL FOR US TO HAVE THIS MEETING SO EARLY IN THE ICANN WEEK, AND WE'RE APPRECIATIVE OF EACH AND EVERY ONE OF WHO YOU HAS TAKEN THE TIME TO COME.
THE AGENDA TODAY IS FOCUSED AROUND -- PRIMARILY AROUND WHAT HAPPENS WHEN A DOMAIN NAME REGISTRATION EXPIRES, PERHAPS UNINTENTIONALLY OR PERHAPS INTENTIONALLY, AND THEN IT IS REUSED BY SOME OTHER PARTY, AND THE CONSEQUENCES ARE SOMETIMES SURPRISING AND SOMETIMES UNTOWARD FOR THE PRIOR REGISTRANT.
WE HAVE TWO PRESENTATIONS AND REPORTS WHICH WE ARE RELEASING CORRESPONDING TO THESE PRESENTATIONS.
THE -- THEY HAVE LONG, DRY NAMES.
WE TRY TO STRIKE A BALANCE BETWEEN THE EXCITING, INTERESTING ATTENTION-GETTING ASPECTS AND A MORE SOBER POSTURE THAT SAYS WE'RE IN FACT SERIOUS AND NOT JUST TRYING TO RUN TABLOID JOURNALISM.
SO THE FIRST IS RENEWAL CONSIDERATIONS FOR DOMAIN NAME REGISTRANTS, WHICH IS FOR EXISTING REGISTRANTS WHO ARE CONSIDERING LETTING THEIR NAME LAPSE OR WHO THINK THAT THEY DON'T NEED IT ANYMORE TO LOOK AHEAD A LITTLE BIT AND SEE SOME OF THE THINGS THAT CAN HAPPEN, PARTICULARLY REPUTATIONAL.
AND THEN THERE IS A MORE SUBTLE, SOMEWHAT TECHNICAL ASPECT, PROBLEMS CAUSED BY NONRENEWAL OF A DOMAIN NAME ASSOCIATED WITH A DNS NAME SERVER.
THIS IS -- FOCUSES ON THE SITUATION WHERE A NAME SERVER THAT IS BEING USED TO PROVIDE NAME SERVICE FOR SOME OTHER DOMAIN, THE NAME FOR THAT NAME SERVER LAPSES -- IT'S A BIT COMPLICATED TO FOLLOW THE CHAIN -- AND GETS USED BY SOMEBODY ELSE.
AND DAVE PISCITELLO, THE SSAC FELLOW, SITTING OVER HERE ON STAGE, WILL GIVE BOTH OF THESE REPORTS AND TAKE YOU THROUGH THE DETAILS.
WE HAVE SCHEDULED SOME TIME FOR LYMAN CHAPIN TO DESCRIBE A NEW OPERATION THAT IS COMING INTO EXISTENCE.
IN THE PAST, WHEN REGISTRIES WANT TO INTRODUCE A NEW REGISTRY SERVICE, IT INVOLVES A SORT OF COMPLICATED DANCE.
WE'RE TALKING ABOUT REGISTRIES WHICH ARE SUBJECT TO THE ICANN CONTRACTUAL PROCESS, SO WE'RE TALKING ABOUT GTLDS PRIMARILY.
AND WHEN SECURITY AND STABILITY ISSUES ARE A CONSIDERATION, WHETHER SOME CONCERN ABOUT WHETHER A NEW SERVICE MIGHT HAVE SOME ISSUES EITHER ON SECURITY OR STABILITY, THE PROCESS FOR DEALING WITH THAT IN THE PAST HAS BEEN A BIT UNCERTAIN.
THE BIG EXAMPLE THAT MOST PEOPLE ARE FAMILIAR WITH WAS VERISIGN'S INTRODUCTION IN SEPTEMBER 2003 OF REDIRECTION OF UNINSTANTIATED DOMAIN NAMES USING A WILD CARD CONSTRUCT.
AND THAT GENERATED QUITE A LOT OF CONTROVERSY.
OUR COMMITTEE GOT HEAVILY INVOLVED.
THERE IS AN ATTEMPT NOW TO MAKE A MORE ORDERLY PROCESS FOR LOOKING AT PROPOSALS IN THAT AREA, AND A GROUP IS BEING FORMULATED, I THINK IT'S ESSENTIALLY COMPLETE.
LYMAN CHAPIN IS THE CHAIR.
HE'S ON AN EXTREMELY TIGHT SCHEDULE.
WE HAD ARRANGED TO PUT HIM ON THE PROGRAM, AND THEN THIS SESSION GOT MOVED BACK TO TODAY.
IT WILL BE AN OPEN QUESTION AS TO WHETHER HE MAKES IT HERE IN TIME.
BUT WE'LL KNOW IN ABOUT AN HOUR FROM NOW WHETHER HE'S HERE.
AND THEN, FINALLY, INTERNAL BUSINESS OF OUR COMMITTEE, WE'VE TRIED TO GET SLIGHTLY MORE ORGANIZED.
WE HAVE A BIT OF REORGANIZATION FOR OUR LITTLE PIECE OF THE WEB SITE, AND THIS SAYS HERE I'M GOING TO TALK ABOUT IT, BUT I THINK I'LL LET DAVE, WHO'S BEEN DOING THE WORK ON THAT, A COUPLE OF SLIDES.
AND THEN A PART THAT WE TAKE MOST SERIOUSLY IS A QUESTION AND ANSWER FOR -- SESSION FOR PEOPLE WHO WANT TO ENGAGE DIRECTLY WITH MEMBERS OF THE COMMITTEE.
LET ME SAY JUST A WORD ABOUT OUR COMMITTEE.
WE ARE A VOLUNTEER COMMITTEE OF EXPERTS.
THE LIST OF THE PEOPLE ON THE COMMITTEE ARE ON THE -- YES, THEY'RE ON THE BROCHURE.
AND ALL LISTED THERE.
WE ARE NOT -- WE'RE FAIRLY BROAD-RANGED.
AND ONLY A SMALL FRACTION OF THE COMMITTEE TENDS TO SHOW UP AT AN ICANN MEETING.
OTHER PEOPLE TYPICALLY SHOW UP, FOR EXAMPLE, AT IETF MEETINGS OR AT ARIN OR NANOG MEETINGS OR FORUMS LIKE THAT, BECAUSE WE HAVE PEOPLE FROM REGISTRIES, REGISTRARS, ADDRESS REGISTRIES, THE RESEARCH -- SECURITY RESEARCH AREA, AND THE LIKE.
LET'S SEE.
WHO IS HERE FROM THE COMMITTEE TODAY?
I SEE RAM MOHAN.
AND SUZANNE WOOLF.
AND THE EYES -- THE LIGHTS ARE IN MY EYES.
AM I MISSING ANY OF OUR ESTEEMED COMMITTEE HERE?
ARE THERE OTHERS THAT YOU GUYS KNOW OF HERE?
AND, OF COURSE, DAVE AND MYSELF.
I'M SORRY?
>> BRUCE TONKIN --
>>STEVE CROCKER: AND BRUCE TONKIN, WHO'S HEAVILY INVOLVED, HE CHAIRS THE GNSO AND HAS GOT QUITE A LARGE NUMBER OF OTHER OBLIGATIONS, IS AT THE ICANN MEETING, BUT NOT IN THE ROOM TODAY.
I THINK THAT'S PROBABLY ABOUT IT.
I'M SORRY?
YEAH, IS RAY HERE?
>> HE'S AT THE MEETING.
HE'S JUST NOT HERE.
>>STEVE CROCKER: HE'S AT THE MEETING.
I HAVEN'T SEEN HIM YET.
IT'S EARLY IN THE WEEK HERE.
THE SORT OF TOPICS THAT WE TAKE UP RANGE FROM RATHER TRADITIONAL ENGINEERING STABILITY TYPE QUESTIONS AND TRADITIONAL SECURITY ANALYSIS TO MORE SUBTLE INTERACTIONS BETWEEN TECHNOLOGY AND MARKET FORCES.
I THINK THAT'S A GOOD GENERAL CHARACTERIZATION OF THE REPORTS YOU'RE GOING TO HEAR TODAY.
AN EXTREMELY IMPORTANT ASPECT OF OUR COMMITTEE IS THAT WE ARE AN ADVISORY COMMITTEE.
WE'RE NOT A REGULATORY OR OPERATIONAL COMMITTEE.
WE HAVE NO AUTHORITY TO MAKE THINGS HAPPEN OR STOP THINGS FROM HAPPENING, FOR THAT MATTER.
THAT IS PERHAPS SEEN AS A WEAKNESS, BUT IT'S ALSO, FROM MY PERSPECTIVE, AN EXTRAORDINARY STRENGTH.
IT GIVES US THE OPPORTUNITY TO SAY WHATEVER IS ON OUR MINDS AND LEAVE THE DECISION PROCESSES TO OTHERS WHO HAVE TO MAKE THOSE DECISIONS AND WHO ARE CHARGED WITH THE RESPONSIBILITY FOR EXECUTING THEM OR FOR BROKERING WHATEVER POLITICAL OR OTHER KINDS OF TRADEOFFS ARE NECESSARY.
SO WE TRY TO BE PRETTY FOCUSED ON WHAT WE THINK THE FACTS OF MATTERS ARE AND TO SPEAK AS NEUTRALLY AS WE CAN ABOUT THE ISSUES THAT WE SEE, WITHOUT MUCH CONCERN ABOUT WHERE THE VEST THE INTERESTS ARE.
IF WE HAVE A BIAS, PERHAPS IT'S SLIGHTLY BIASED TOWARD THE CONSUMER SIDE, WHERE THERE'S PERHAPS LESS REPRESENTATION AND LESS KNOWLEDGE, AND SO THEY'RE SORT OF UNDERPOWERED IN THE OVERALL SCHEME.
WE'RE CHARTERED AS A COMMITTEE THAT REPORTS TO AND IS AN ORGAN OF THE ISOC -- I'M SORRY, THE ICANN BOARD.
BUT WE ARE -- WE OPERATE MORE BROADLY THAN JUST PROVIDING OUR ADVICE DIRECTLY TO THE BOARD.
WE CERTAINLY INTERACT WITH ALL THE OTHER PARTS OF ICANN -- THE STAFF, EACH OF THE SUPPORTING ORGANIZATIONS, AND OTHER COMMITTEES -- AND, MOST PARTICULARLY, AND ONE OF THE THINGS THAT I KNOW EACH AND EVERY MEMBER OF OUR COMMITTEE TAKES QUITE SERIOUSLY, IS THAT WE HAVE AN INDEPENDENT VOICE TO SPEAK TO THE BROADER INTERNET COMMUNITY, SO THAT AT SOME TIMES, OUR PERSPECTIVE MAY NOT ALIGN EXACTLY WITH THE OFFICIAL DIRECTIONS COMING FROM ICANN STAFF AND BOARD, ALTHOUGH WE'RE CERTAINLY NOT INTENDING TO OR SET UP TO BE A COUNTERVAILING FORCE OR IN OPPOSITION.
SO THAT'S A VERY BRIEF INTRODUCTION TO WHAT WE ARE AND WHO WE ARE.
AND WITH THAT, I WANT TO TURN THE FLOOR OVER TO DAVE PISCITELLO.
DAVE JOINED US A YEAR AGO, SLIGHTLY MORE THAN A YEAR AGO, AND IS A FULL-TIME STAFF MEMBER, HAS MADE AN ENORMOUS DIFFERENCE IN OUR ABILITY TO TAKE IDEAS THAT WE HAVE BEEN THINKING ABOUT ON VARIOUS TOPICS AND TRANSFORM THEM INTO USEFUL REPORTS AND MATERIALLY INCREASED OUR CAPACITY TO GET WORK DONE.
DAVE.
>>DAVE PISCITELLO: THANK YOU.
CAN YOU ALL HEAR ME?
ALL RIGHT.
WE JUST NEED TO HAVE THIS SWITCH OVER TO MY LAPTOP.
THERE WE GO.
THANK YOU, STEVE.
I'M GOING TO DO TWO REPORTS BACK TO BACK.
THEY ARE SOMEWHAT RELATED, SO I'LL DO THE MORE GENERAL REPORT FIRST.
WE'VE BEEN LOOKING AT INCIDENTS WHERE THE EXPIRY OR THE CHOICE OF A REGISTRANT TO ALLOW A NAME TO PASS FROM HIS HANDS TO SOMEONE ELSE'S HAS HAD UNANTICIPATED CONSEQUENCES TO NOT ONLY THE REGISTRANT, BUT ALSO TO OTHER PEOPLE WHO MIGHT HAVE RELIED ON THE REGISTRANT'S WEB PRESENCE, AS AN EXAMPLE, FOR INFORMATION.
AND SO WE'RE TALKING ABOUT INCIDENTS WHERE THE -- A REGISTRANT MAY HAVE OVERLOOKED THE FACT THAT HIS DOMAIN NAME REGISTRATION WAS ABOUT TO EXPIRE AND SIMPLY LET IT EXPIRE UNKNOWINGLY.
IN SOME CASES, THE REGISTRANTS ELECTED TO OR WILLINGLY RELINQUISHED THE NAME AND MADE IT AVAILABLE AND THEN SUBSEQUENTLY REALIZED THAT THAT WAS NOT THE BEST -- OR NOT IN THE BEST INTEREST OF HIS ORGANIZATION.
AND WE'RE ALSO TALKING ABOUT CIRCUMSTANCES THAT ARE -- THAT TYPICALLY OCCUR OUTSIDE OR WELL BEYOND THE APPLICABLE GRACE PERIODS, FOR EXAMPLE, IN THE GTLD WORLD, IT WOULD BE A REDEMPTION GRACE PERIOD OR A SIMILAR PERIOD IN A CCTLD IF ONE WERE AVAILABLE.
SO IN THE REPORT WE'LL PUBLISH, WE ACTUALLY CALL THESE ADVISORIES, WE -- WE DESCRIBE THREE INCIDENTS THAT ARE SIMPLY REPRESENTATIVE OF THE KINDS OF SITUATIONS THAT CAN OCCUR WHERE THE REGISTRANT HAS RELINQUISHED THE DOMAIN NAME AND SUFFERS WHAT WE CALL REPUTATIONAL HARM.
IN THE FIRST CASE, THERE WAS AN ORGANIZATION CALLED PACK216.ORG WHICH WAS ACTUALLY A CUB SCOUT PACK IN THE STATE OF VIRGINIA IN THE UNITED STATES.
AND THEY HAD A WEB MASTER WHO WAS ALSO THE CUB MASTER.
AND HE STOPPED BEING THE CUB MASTER.
HE NEVER BOTHERED TO EVEN MAKE KNOWN THE FACT THAT HE HAD NOT TAKEN DOWN THE WEB SITE.
AND HE DIDN'T CHANGE THE REGISTRATION INFORMATION FOR THE CUB SCOUT PACK.
THE REGISTRATION OF THE NAME EXPIRED, AND THE NEW REGISTRANT USED THE SITE NAME AS A REFERRAL LINK FOR PORNOGRAPHIC WEB SITES.
AND AS YOU CAN IMAGINE, YOU KNOW, THE BOY SCOUTS OF AMERICA AND INTERNATIONAL BOY SCOUTS ASSOCIATIONS WERE, YOU KNOW, COLLATERALLY EMBARRASSED AND DAMAGED BY THE FACT THAT SOMEONE WAS GOING LOOKING FOR INFORMATION ABOUT CUB SCOUTS AND THEY ENDED UP IN SITES THAT WERE VERY UN-CUB SCOUT LIKE IN THEIR CONTENT.
ANOTHER, WHICH IS EQUALLY EMBARRASSING AND PROBABLY EVEN MORE TRAUMATIC FOR VISITORS, IS THE CRISISCENTERSYR.ORG, WHICH IS A RAPE COUNSELING CENTER IN THE STATE OF NEW YORK IN THE UNITED STATES.
AND IN THIS PARTICULAR INSTANCE, THE ORGANIZATION ACTUALLY MERGED WITH ANOTHER COUNSELING CENTER, AND THEY DECIDED THAT AMONG THE PARTIES, THAT THEY REALLY DIDN'T NEED THIS DOMAIN NAME ANY LONGER, SO THEY RELINQUISHED IT.
THE NEW REGISTRANT NOT ONLY REGISTERED THE NAME, BUT TOOK THE OLD REGISTRANT'S WEB PAGE AND MODIFIED THE WEB PAGE SO THAT THE HOME PAGE ACTUALLY HAD REFERRAL LINKS TO PORNOGRAPHIC AND ADULT CONTENT.
SO YOU CAN IMAGINE IF SOMEONE WAS GOING LOOKING FOR ASSISTANCE IN THIS KIND OF SCENARIO THAT THIS WOULD BE A TERRIBLE THING TO ENCOUNTER AND EXPERIENCE.
IT'S NOT THE KIND OF REINFORCEMENT THAT PEOPLE WOULD LIKE.
THE THIRD WAS SIGCAT.ORG, IT WAS A SPECIAL INTEREST GROUP ON CD/DVD APPLICATIONS AND TECHNOLOGY.
THE ORGANIZATION ACTUALLY HAD CORRECT REGISTRATION RECORD INFORMATION, HOWEVER, NONE OF THE PARTIES ACTUALLY COORDINATED WITHIN THE ORGANIZATION TO DECIDE WHO WOULD BE RESPONSIBLE FOR THE NAME AND IT EXPIRED ACCIDENTALLY.
AGAIN, IT SEEMS THERE'S A TREND HERE, THE NEW REGISTRANT USED THE -- THEY ACTUALLY BOUGHT THE NAME AND USED THE NAME AS A REFERRAL LINK TO, YOU KNOW, A PORNOGRAPHIC WEB SITE.
THERE ARE MORE DETAILS IN OUR ADVISORY DESCRIBING SOME OF THE ISSUES THAT EITHER ENCUMBERED OR FACILITATED THE LAPSE OF THE DOMAIN NAME.
AND YOU CAN READ THE REPORT.
WE HOPE TO HAVE IT ONLINE BY NEXT WEEK.
WE USE THE TERM REPUTATIONAL HARM IN OUR REPORT.
I DON'T BELIEVE THAT THERE'S A LEGAL DEFINITION OF THIS TERM.
BUT WE DEFINE IT OURSELVES AS SOME FORM OF EMBARRASSMENT OR TARNISH OF BRAND OR LOSS OF REPUTATION THAT NOT ONLY IMPACTS THE DOMAIN HOLDER WHO HAPPENS TO HAVE LOST THE NAME, BUT ALSO FOR ANY OTHER WEB SITE OR ANY OTHER OPERATOR WHO HAD REFERRAL LINKS OR BUSINESS RELATIONSHIPS TO THAT DOMAIN SITE.
SO, IN PARTICULAR, IN THE CASE OF SIGCAT.ORG, BECAUSE IT WAS A SPECIAL INTEREST GROUP AND A GREAT MANY PEOPLE THOUGHT THAT THEY WERE GOING TO FIND USEFUL RESOURCES ABOUT CD AND DVD APPLICATIONS AND TECHNOLOGY, THERE WERE A SIGNIFICANT NUMBER OF REFERRAL LINKS NOT ONLY AT PRIVATE SITES, BUT ALSO IN GOVERNMENT SITES THAT NOW POINTED TO PORNOGRAPHIC WEB SITES, WHICH CERTAINLY WASN'T THE INTENDED SCENARIO THAT THE PEOPLE RUNNING SIGCAT WOULD HAVE PREFERRED TO SEE.
AND SO WHEN WE TALK ABOUT REPUTATIONAL HARM AND WE TALK ABOUT THESE INCIDENTS, WE ARE -- WE ARE FUNDAMENTALLY FOCUSING ON TRYING TO AVOID THE CONSEQUENCES AS BEING THE PRIMARY CONSIDERATION FOR MANY REGISTRANTS.
AS ALMOST -- AS MANY OF YOU KNOW HERE, AND CERTAINLY IF YOU WANT TO PURSUE AND LEARN A LITTLE BIT MORE ABOUT SUCH THINGS AS DOMAIN NAME MONETIZATION, THERE ARE WORKSHOPS THIS WEEK THAT I'D ENCOURAGE YOU TO ATTEND.
A GREAT MANY REGISTRANTS AREN'T AS FAMILIAR WITH THE DOMAIN NAME REGISTRATION PROCESS AND THE RENEWAL AND DELETION PROCESS, AND THE COMMERCIAL OPPORTUNITIES THAT EXIST IN THE BROKERING OF DOMAIN NAMES AND THE USE OF DOMAIN NAMES IN PAY-PER-CLICK ENVIRONMENTS.
ONE OF THE REASONS WE HAVE PUBLISHED THE ADVISORY IS TO ALLOW PEOPLE IN ONE REPORT LEARN A LITTLE BIT ABOUT THE FACT THAT THERE IS A SECONDARY MARKET FOR DOMAIN NAMES, THAT RECURRING REVENUE OPPORTUNITIES DO EXIST IN THE FORMS OF DOMAIN NAME MONETIZATION AND TASTING, AND THAT THERE ARE ALSO SOME OTHER CONSEQUENCES BEYOND SIMPLY GIVING SOMETHING AWAY THAT MIGHT HAVE ASSET VALUE OR RECURRING REVENUE VALUE THAT COULD AFFECT YOUR ORGANIZATION.
FOR EXAMPLE, IF YOU GO -- IF YOU GO AND YOU CHOOSE TO LET YOUR DOMAIN NAME EXPIRE AND YOU HAD VALUABLE CONTENT THAT OTHER PEOPLE SOUGHT AFTER, WELL, THAT CONTENT POSSIBLY MIGHT BE LOST.
YOU MIGHT ALSO LOSE CONTROL OF THE ABILITY TO TRACK THAT CONTENT.
A COMPETITOR MIGHT CHOOSE TO REGISTER THE NAME, AND BECAUSE PEOPLE ARE LOOKING FOR YOU AND LAND ON HIS SITE AND HE HAPPENS TO BE PROVIDING THE SAME SERVICE OR THE SAME MATERIALS, YOU MIGHT LOSE BUSINESS AS A CONSEQUENCE OF GIVING UP THE NAME.
OR AN UNCONNECTED COMPANY MIGHT REGISTER THE NAME.
I'LL USE A DOMAIN NAME THAT I HAVE REGISTERED AS AN EXAMPLE.
WE HAVE CORECOM.COM.
AND IT TURNS OUT CORECOM.NET IS AN INTERNET SERVICE PROVIDER THAT OPERATES IN THE UNITED STATES.
THEY WOULD LOVE TO HAVE OUR NAME.
BUT A GREAT MANY PEOPLE COME TO OUR DOMAIN NAME AND, YOU KNOW, ACTUALLY LODGE COMPLAINTS WITH US ABOUT THE DREADFUL STATE OF THEIR DIALUP SERVICE.
AND WE SPEND A FAIR AMOUNT OF TIME TRYING TO REDIRECT THEM TO THE APPROPRIATE HELP DESK AS OPPOSED TO MY HOME OFFICE, WHEN THEY'RE TRYING TO RESOLVE A 56-KILOBIT MODEM DIAL PROBLEM THAT HAS NOTHING TO DO WITH OUR COMPANY.
SO THE CONSUMER CONFUSION IS A VERY, VERY IMPORTANT ASPECT, AND IS SOMETHING THAT WE HAVE TO PAY ATTENTION TO WHEN WE'RE CONSIDERING WHAT WE'RE GOING TO DO WITH A DOMAIN NAME IF WE THINK WE NO LONGER NEED IT.
WE POINT OUT THAT THESE CONSIDERATIONS ARE SORT OF SECONDARY TO REPUTATIONAL HARM IN MOST PEOPLE'S MINDS.
BUT THEY ARE IMPORTANT AND THEY PROBABLY INFLUENCE HOW PEOPLE SHOULD CONSIDER DOMAIN NAMES.
ONE OF THE THINGS THAT WE TALKED ABOUT IN PREVIOUS REPORTS IS THAT A DOMAIN NAME IN TODAY'S WORLD HAS AN ASSET VALUE, IF YOU LOOK AT THIS IN A TRADITIONAL SECURITY RISK AND ASSET MANAGEMENT MODEL, THAT THERE IS A GOOD REASON FOR YOU TO HAVE IT, THERE'S A GOOD REASON FOR YOU TO PROTECT IT.
WHEN YOU CHOOSE TO LEAVE IT AND RETURN IT TO THE AVAILABLE NAME POOL, OUGHT TO THINK ABOUT THE CONSEQUENCES BEFORE YOU DO SO.
SO THE SUM OF THE -- OF THE INCIDENTS THAT WE REPORTED ON AND CERTAINLY OTHERS THAT EXIST, WE DID NOT HAVE TIME OR OPPORTUNITY TO PURSUE TO THE SAME DETAIL, IS THAT MANY REGISTRANTS DON'T UNDERSTAND THAT DOMAIN NAME REGISTRATIONS ARE TEMPORARY, EVEN THOUGH THEY THINK THEY PAY FOR IT ANNUALLY, IF YOU TALK TO MANY REGISTRANTS, THEY THINK THAT, WELL, THE NAME WON'T GO AWAY.
I'LL JUST -- YOU KNOW, EVEN IF I'M A LITTLE BIT LATE, I'LL BE ABLE TO PAY FOR IT, I'LL BE ABLE TO PAY FOR IT FOR TEN YEARS AND FORGET ABOUT IT.
THE OTHER THING THAT A GREAT MANY REGISTRANTS DON'T REALIZE IS THAT EVERY DOMAIN NAME REGISTRATION AND RENEWAL IS AN INDEPENDENT TRANSACTION OR AGREEMENT BETWEEN A REGISTRAR AND A REGISTRANT.
SO THERE ARE NO INTERDEPENDENCIES BETWEEN CORE COM.COM AND CORECOM.ORG AND CORECOM.NET.
AND PEOPLE THINK THERE ARE, BECAUSE THEY GO TO DUPONT.NET AND IT ENDS UP BEING THE SAME WEB SITE AS DUPONT.COM.
ANOTHER CONFUSION IS PEOPLE THINK SOMEONE IS GOING TO WARN THEM WHEN SOMETHING MIGHT AFFECT THEIR DOMAIN NAME.
IT'S IMPORTANT THAT REGISTRANTS APPRECIATE THAT NEITHER A REGISTRANT NOR REGISTRARS ARE OBLIGED TO NOTIFY ANY THIRD PARTY OF A CHANGE OF A REGISTRATION OF A DOMAIN NAME.
SO NO ONE AT MY COMPANY IS OBLIGED TO NOTIFY ANYONE ELSE IF WE CHOOSE TO CONCEDE CORECOM.COM OR TO SELL IT TO THE COMPANY THAT OWNS CORECOM.NET, AS AN EXAMPLE.
FINALLY, IT'S VERY OBVIOUS FROM THE INCIDENTS THAT BAD THINGS CAN HAPPEN WHEN DOMAIN NAME RECORDS ARE NOT KEPT ACCURATE.
IF THE REGISTRIES AND THE REGISTRARS CAN'T CONTACT REGISTRANTS REGARDING THE REGISTRATION STATUS, THEN THEY DON'T HAVE THE OPPORTUNITY TO SAY THIS NAME IS ABOUT TO -- THE RESPIRATION OF THIS NAME IS ABOUT TO EXPIRE.
YOU HAVE THESE CHOICES IN RE-REGISTERING THE NAME.
HERE IS SOME OF THE INFORMATION YOU MIGHT WANT TO AVAIL YOURSELF OF IN THE EVENT THAT YOU ARE THINKING OF ALLOWING THE NAME TO EXPIRE, ET CETERA.
EQUALLY IMPORTANT, OR PERHAPS EVEN MORE SO, AND SOMETHING WE'LL TALK ABOUT IN THE NEXT PRESENTATION, IS THAT CERTAIN OPERATIONAL ISSUES MAY NOT BE ATTENDED TO IN A TIMELY MANNER IF THERE ISN'T ACCURATE REGISTRATION INFORMATION, AND IN PARTICULAR, DOMAIN NAME SERVICE MAY BE AFFECTED.
SO I'M GOING TO QUICKLY GO THROUGH THE FINDINGS.
YOU CAN READ THE FINDINGS IN THE REPORT.
FIRST FINDING IS FAIRLY OBVIOUS.
THE DOMAIN NAME REGISTRATION PROCESS IS NOT NECESSARILY UNDERSTOOD BY ALL PARTIES WHO REGISTER DOMAIN NAMES.
THE SECOND IS THAT THE ASSUMPTION THAT POLICIES AND PROCESSES IN PLACE WILL PROTECT REGISTRANTS FOR -- BEYOND A GRACE PERIOD IS A FALSE ASSUMPTION.
AND THAT THE POLICIES THAT ARE IN PLACE MAY PROTECT REGISTRANTS FOR A GRACE PERIOD FOLLOWING THE EXPIRATION OF THE DOMAIN NAME.
BUT IT'S VERY IMPORTANT THAT REGISTRANTS RECOGNIZE THAT IF THEY DO NOT RENEW A DOMAIN NAME, IT NOT ONLY MAY BE REGISTERED BY ANOTHER PARTY, BUT WITH THE SECONDARY OPPORTUNITIES OR SECONDARY MARKETS FOR DOMAIN NAMES, IT'S VERY LIKELY THAT THAT DOMAIN WILL BE REREGISTERED.
AND ANOTHER ASPECT IN THE -- IN FINDING NUMBER 2 THAT'S IMPORTANT FOR REGISTRANTS TO REALIZE IS THAT THE NEW REGISTRANT MAY WELL USE A DOMAIN NAME THAT IS INCONSISTENT WITH THE MANNER IN WHICH IT WAS USED BY A FORMER REGISTRANT, AND IT MAY, IN FACT, USE IT IN COMPETITION WITH THE WAY THAT THE FORMER REGISTRANT HAD OPERATED.
WE'VE ALREADY IDENTIFIED INCIDENTS WHERE REGISTRANTS DID NOT RENEW THEIR DOMAIN NAMES AND THEY EXPERIENCED SOME REPUTATIONAL HARM OR EMBARRASSMENT.
WE'VE ALREADY DISCUSSED THE FACT THAT A SECONDARY MARKET FOR DOMAIN NAMES EXISTS, AND IN THIS MARKET, IT'S VERY IMPORTANT TO UNDERSTAND THAT NEARLY ALL DOMAIN NAMES THAT HAVE BEEN REGISTERED HAVE SOME COMMERCIAL VALUE AND ARE COMMONLY RE-REGISTERED.
AND THIS, AGAIN, IS SOMETHING YOU MIGHT WANT TO USE TO STIMULATE YOU TO GO TO THE DOMAIN NAME MONETIZATION WORKSHOP. IS THAT TUESDAY? I BELIEVE THAT'S TUESDAY.
>>STEVE CROCKER: TUESDAY, YES.
>>DAVE PISCITELLO: TUESDAY MORNING.
THE LAST OR ANOTHER PIECE OF ADVICE THAT WE THINK IS IMPORTANT FOR REGISTRARS TO -- REGISTRANTS TO RECOGNIZE IS THAT THEY PROBABLY SHOULD PAY ATTENTION TO WHAT THEIR DOMAIN NAME -- WHAT THE VALUE IS OF THEIR DOMAIN NAME TO OTHER PARTIES, EVEN IF THEY DECIDE IT'S NOT OF VALUE TO THEMSELVES.
SO THE MOST IMPORTANT RECOMMENDATION THAT WE PUT IN THE ADVISORY IS THAT, OBVIOUSLY REGISTRARS CAN AND REGISTRIES CAN HELP BEST IF THEY HAVE ACCURATE INFORMATION ABOUT A DOMAIN NAME REGISTRANT. AND SO KEEP THAT INFORMATION ACCURATE. IT WILL GIVE YOU AT LEAST THE NOTICES THAT WILL PROVIDE YOU WITH SOME OPPORTUNITY TO MAKE A DECISION INTELLIGENTLY AND DO SOME RESEARCH.
THE SECOND IS THAT WHEN AN ORGANIZATION HAS MULTIPLE CONTACT PARTIES, IT'S VERY IMPORTANT THAT THE ORGANIZATION HAS SOME CHAIN OF ACCOUNTABILITY FOR WHO IS RESPONSIBLE FOR RENEWING NAMES.
THE THIRD IS THAT THERE ARE MANY, MANY DIFFERENT REGISTRARS AND RESELLERS, AND CONSIDERING THE KINDS OF SERVICES THAT THE REGISTRAR OR RESELLER OFFERS MAY ACTUALLY SAVE YOU FROM REPUTATIONAL HARM OR FROM A COSTLY ERROR LATER ON IN THE PROCESS.
SO THIS IS ONE OF THOSE DO YOUR HOMEWORK UP FRONT AND DECIDE WHETHER OR NOT THE SERVICES THAT THE REGISTRAR CAN OFFER YOU WHEN YOU REGISTER A DOMAIN NAME ARE SUFFICIENT TO PROTECT YOU, IN FACT, FROM YOURSELF.
SO YOU MIGHT WANT TO CHOOSE A REGISTRAR WHO INDICATES THAT HE WILL SEND MULTIPLE RENEWAL NOTICES BY ELECTRONIC MAIL OR SEND NOTICES BY POSTAL MAIL IF YOU DON'T RESPOND OR WHO OFFERS AN EXTENDED PERIOD BEYOND THE NOMINAL PERIODS REQUIRED BY POLICY, OR WHO OFFERS SOME SORT OF SERVICE TO REDEEM A NAME ON YOUR BEHALF SO IF YOU DECIDE TO LET IT EXPIRE HE SAYS I AM GOING TO TAKE THAT NAME, SINCE YOU HAD IT, IF THERE IS AN ACCRUED VALUE AND WE BROKER IT, YOU CAN HAVE A PIECE.
WE ALSO RECOMMEND THAT YOU LOOK FOR ADDITIONAL SERVICES. SOME REGISTRARS DO OFFER SOME SAFEGUARDS THAT PREVENT NAMES FROM BEING RELEASED WITHOUT A SIGNED CONSENT. SO THAT IS A FAIRLY STRONG WAY TO PROTECT YOUR NAME. YOU KNOW, IF YOU ACTUALLY HAVE TO HAVE A WRITTEN SIGNATURE, YOU HAVE TO HAVE A FORMAL RELEASE TO RELINQUISH THE NAME, THEN THAT'S ACTUALLY A GOOD THING FOR YOU.
OBVIOUSLY, TRYING TO DETERMINE THE REPUTATIONAL COMMERCIAL VALUE OF YOUR DOMAIN IS IMPORTANT BECAUSE THERE ARE SOME CONSEQUENCES, AS WE HAVE ILLUSTRATED.
AND THEN IF YOU CONSIDER OPTIONS OTHER THAN RELINQUISHING THE NAME, IN MANY CASES, YOU'RE TALKING ABOUT SOME SORT OF PAY-PER-CLICK OR SOME OTHER OPPORTUNITY THAT MIGHT EASILY UNDERWRITE THE COST OF YOUR NAME OVER THE PERIOD OF A YEAR AND THE COST OF WEB HOSTING IF YOU DO SOME BACK OF THE ENVELOPE MATHEMATICS, YOU CAN PROBABLY JUSTIFY KEEPING ANY NAME THAT YOU HAVE FOREVER IF YOU CAN FIND A WAY TO GENERATE SOMEWHERE BETWEEN 15 AND $50 WORTH OF REVENUE A YEAR ON A PAY-PER-CLICK PLAY.
AND LASTLY, ONE OF THE THINGS THAT YOU HAVE TO DO IS DO YOUR HOMEWORK EARLY AND DO IT THOROUGHLY BECAUSE YOU ONLY HAVE A LIMITED AMOUNT OF TIME IN EVEN THE MOST GENEROUS OF ARRANGEMENTS THAT REGISTRARS AND RESELLERS WILL ESTABLISH FOR YOU BEFORE YOUR NAME WILL BE DELETED AND WILL BE AVAILABLE FOR SALE TO ANOTHER REGISTRANT.
SO THIS IS, AGAIN, DO YOUR HOMEWORK EARLY AND DO IT THOROUGHLY.
ANY QUESTIONS ON THAT PARTICULAR TOPIC BEFORE WE MOVE TO THE SECOND?
>>STEVE CROCKER: MR. VILTZ.
>> (INAUDIBLE).
>>STEVE CROCKER: THANK YOU. THAT WAS ED VILTZ WHO IS PRESIDENT AND CEO OF THE PUBLIC INTEREST REGISTRY THAT RUNS .ORG. THANK YOU.
ANY OTHER QUESTIONS OR COMMENTS WITH RESPECT TO THIS PARTICULAR REPORT FROM DAVE AND FROM THE COMMITTEE?
RAM.
>>RAM MOHAN: THIS IS RAM MOHAN.
I JUST WANTED TO POINT OUT AS DAVE WAS MENTIONING IN TERMS OF EVALUATING WHAT THE VALUE OF YOUR NAME IS, IF YOU DO USE A PAY-PER-CLICK SERVICE OR SOMETHING LIKE THAT, AT A $10 REGISTRATION OVER A YEAR, IN TERMS OF NUMBERS OF AMOUNT OF DOLLARS IT HAS TO MAKE IS ABOUT 3 CENTS A DAY FOR YOU TO MAKE YOUR $10.
SO IF YOU START YOUR EVALUATION -- IF YOU ARE NOT GOING TO USE THE DOMAIN NAME BUT YOU WANT TO KEEP PRESERVING IT, YOU COULD, IN 60 DAYS PRIOR TO THE EXPIRATION, IF YOU SEE WHAT THE CLICK TREND IS AND WHAT THE REVENUE FROM IT IS, 3 CENTS A DAY MORE THAN COVERS THE COST OF JUST KEEPING IT RENEWED AND GOING.
>>STEVE CROCKER: THAT'S RIGHT.
THE PARTICULAR INCIDENTS THAT ARE DESCRIBED IN THIS ADVISORY ARE CURRENT ONES. I CAN TELL YOU THAT OVER THE PAST COUPLE OF YEARS, I HAVE BEEN CONTACTED PERSONALLY BY PEOPLE WHO HAVE DISCOVERED TO THEIR CHAGRIN THAT A DOMAIN NAME THAT THEY THOUGHT THEY WERE DONE WITH, WELL, THAT THEY WERE DONE WITH, WAS PICKED UP AND RE-USED BY SOMEBODY ELSE IN A WAY THAT CAUSED THEM PERSONAL EMBARRASSMENT. AND THEY WANTED TO KNOW WHAT WE COULD DO ABOUT IT. AND THE GENERAL ANSWER IS NOT VERY MUCH. THE BEST IS TO LOOK AHEAD AND ANTICIPATE THIS.
AND AS RAM HAS JUST DESCRIBED, IF IT'S A QUESTION OF KEEPING HOLD OF A DOMAIN NAME BASICALLY FOREVER, THE COST OF DOING THAT IS RELATIVELY LOW.
SO IN THE PROCESS OF SAVING A FEW DOLLARS A YEAR, YOU MAY SET YOURSELF UP FOR A GREAT DEAL OF HARM THAT YOU DIDN'T ANTICIPATE.
THIS IS A -- LOOKING A LITTLE DEEPER, THIS IS A CONSEQUENCE OF THE PARTICULAR WAY IN WHICH DOMAIN NAMES ARE DEALT WITH, PARTICULARLY IN THE GTLDS. ONE CAN LOOK FOR ANALOGIES IN, SAY, THE TELEPHONE INDUSTRY WHERE A PHONE NUMBER GETS REUSED AFTER A PERIOD OF TIME, AND IT'S BEEN MORE OR LESS COMMON PRACTICE FOR PHONE NUMBERS THAT GO OUT OF SERVICE TO REMAIN OUT OF SERVICE FOR A SUBSTANTIAL PERIOD OF TIME, PRECISELY TO QUELL THE UNINTENDED TRAFFIC TO THEM.
UNDERNEATH ALL OF THAT IS A VERY DIFFERENT ECONOMIC MODEL IN WHICH TELEPHONE NUMBERS ARE PART OF TELEPHONE SERVICE, WHEREAS DOMAIN NAMES ARE NOT PART OF WEB SERVICE OR ISP SERVICE. THEY ARE SOLD BY THOSE PEOPLE, BUT THE COST OF GETTING ONE IS A SEPARATE CHARGE AND GOES THROUGH ENTIRELY SEPARATE CHANNELS.
DEBBIE, CAN I CALL ON YOU? WE HAVE THE DOMAIN NAME COMMISSIONER FROM .NZ, FROM INTERNET NZ IN NEW ZEALAND, AND IT OCCURS TO ME AS I AM DESCRIBING A PHENOMENON THAT IS DRIVEN PRINCIPALLY I THINK BY THE CONTRACTUAL MECHANISMS ASSOCIATED WITH GTLDS THAT THERE MAY BE SOMEWHAT DIFFERENT DYNAMICS IN CCTLDS, AND I CAN'T THINK OF ANYBODY WHO WOULD KNOW BETTER THAN YOU ON THESE KINDS OF THINGS AND HOW THEY PLAY OUT, AT LEAST IN YOUR PARTICULAR SPACE.
>>DEBBIE: THANKS, STEVE. WE ACTUALLY HAVE A 90-DAY PENDING RELEASE PERIOD, SO WHEN A NAME IS CANCELED IN THE .NZ SPACE, IT STAYS IN PENDING RELEASE FOR 90 DAYS. IN THOSE 90 DAYS, IT'S NOT PUSHED TO THE ZONE. AND THE REGISTRANT AND ONLY THE REGISTRANT CAN REINSTATE IT AT ANY STAGE IN THOSE 90 DAYS.
HOWEVER, WE STILL HAVE THE SAME ISSUES THAT AS SOON AS IT BECOMES AVAILABLE FOR RELEASE WE DO HAVE A STRONG SECONDARY MARKET AND WE DO SEE A LARGE NUMBER OF THOSE NAMES WHICH IS -- NOT LARGE, BUT ABOUT 5 TO 8% OF THOSE NAMES ARE REREGISTERED WITHIN THE FOLLOWING WEEK AFTER RELEASE.
>>STEVE CROCKER: AND HAVE YOU -- MY GUESS IS IF THERE WERE INCIDENTS OF THE KIND WE ARE DESCRIBING THAT TOOK PLACE IN NEW ZEALAND, YOU WOULD BE THE PERSON WHO IT WOULD COME TO YOUR ATTENTION RAPIDLY.
>>DEBBIE: WE DO GET A NUMBER OF VERY UNUSUAL REQUESTS. WE HAD THE SAME PROBLEMS OF PEOPLE NOT KEEPING THEIR DETAILS UP-TO-DATE BUT WE OPERATE OUR REGISTER ON AN AUTOMATIC RENEW BASIS. WHICH MEANS ON THE "BILLED UNTIL DATE," IT AUTOMATICALLY RENEWS FOR ONE MONTH RATHER THAN GETTING CANCELED ON THAT DATE. AND MOST OF THE REGISTRARS ACTUALLY UTILIZE THAT, PLUS OUR FIVE-DAY RENEWAL GRACE PERIOD, TO ACTUALLY GIVE REGISTRANTS A BIT MORE TIME TO PAY FOR THEIR NAME BEFORE IT'S ACTUALLY CANCELED.
>>STEVE CROCKER: AND HAVE YOU ENCOUNTERED CASES WHERE SOMEBODY WHO IS RUNNING A SITE ORIENTED FOR CHILDREN OR FOR WHAT WE CALL G-RATED ACTIVITIES DISCOVERS THAT THE DOMAIN NAME HAS LAPSED OR THEY HAVE LET GO OF IT AND THEN IT GETS PICKED UP FOR SEXUALLY EXPLICIT OR OTHERWISE UNPLEASANT ACTIVITIES?
>>DEBBIE: YES, WE HAVE HAD THAT, AND THAT'S WHY WE JUST INTRODUCED A DISPUTE RESOLUTION SERVICE WHICH WE DIDN'T ACTUALLY HAVE UP UNTIL NOW.
>>STEVE CROCKER: AND DOES THAT DISPUTE RESOLUTION COVER THINGS LIKE THIS? BECAUSE MY IMPRESSION IS THAT THE UDRP, THE UNIFORM DISPUTE RESOLUTION PROCESS, IS PRIMARILY AIMED AT TRADEMARKS AND SO FORTH AND DOESN'T HAVE MUCH LEVERAGE FOR THE REPUTATIONAL HARM WHERE THERE IS NO TRADEMARK INFRINGEMENT.
>>DEBBIE: WE HAVE TAKEN OUR DEFINITION OF RIGHTS TO BE BROADER THAN TRADEMARKS. SO DEPENDING ON THE NAME -- IF IT'S A GENERIC NAME, THE CHANCE IS IT PROBABLY WON'T WORK UNDER A DISPUTE RESOLUTION SERVICE BUT ANYTHING LIKE THE CUB SCOUTS OR OTHER SUCH THINGS WOULD ACTUALLY COME THROUGH IN OUR SERVICE.
>>STEVE CROCKER: INTERESTING. AND ARE YOU FAMILIAR WITH COMPARABLE ISSUES IN OTHER COUNTRIES?
>>DEBBIE: YEAH, I THINK A LOT OF THE CCTLDS WHO OPERATE VERY OPEN REGISTRATION PROCESS WHICH WE HAVE GOT SIMILAR SORTS OF ISSUES.
BUT WE TRY, THROUGH OUR AUTOMATIC RENEWAL RATHER THAN CANCELLATION ON THE DATE, AND THE 90-DAY PENDING RELEASE PERIOD TO TRY TO MINIMIZE IT AS MUCH AS POSSIBLE.
>>STEVE CROCKER: GOOD.
THANK YOU. AND I APPRECIATE YOUR WILLINGNESS TO LET ME ENGAGE YOU ON THE SPUR OF THE MOMENT THERE.
TIM COLE, THE REGISTRAR LIAISON FROM ICANN. DO I HAVE THE RIGHT TITLE?
>>TIM COLE: CLOSE ENOUGH.
YEAH, I WAS -- THANK YOU, STEVE.
>>STEVE CROCKER: CHIEF REGISTRAR LIAISON. THERE WE GO.
>>TIM COLE: EVEN BETTER. YEAH, I AM THE CRL.
WE HAVE -- WE HAVE A WORKSHOP THAT I JUST WANTED TO MENTION, SCHEDULED DURING THIS MEETING ON TUESDAY MORNING AT 9:30 IN THIS ROOM AND IT'S GOING TO BE DEALING TO A LARGE EXTENT WITH VARIOUS MONETIZATION AND MARKETING ASPECTS OF THE DOMAIN NAME INDUSTRY, AND INCLUDING SECONDARY USES OF EXPIRED NAMES AND SO FORTH.
SO THIS TOPIC WILL HAVE ADDITIONAL -- PEOPLE WILL HAVE ADDITIONAL OPPORTUNITY TO HEAR MORE AND PARTICIPATE MORE IN DISCUSSIONS ON THIS TOPIC AT THAT TIME.
>>STEVE CROCKER: I THINK THIS IS A VERY, VERY IMPORTANT TOPIC.
I THINK THE -- THERE ARE A LARGE NUMBER OF PEOPLE WHO DID NOT HAVE AN APPRECIATION OF HOW VIGOROUS AND VIBRANT THAT MARKET IS. I WAS TALKING TO AN INCOMING BOARD MEMBER LAST NIGHT WHO IS PRIMARILY TECHNICAL BACKGROUND, AND I WAS TRYING TO EXPLAIN ABOUT THIS AND I SAW HIS EYES OPEN WIDER AND WIDER AS I TRIED TO EXPLAIN THE ORDERS OF MAGNITUDE, MONEY AND TRAFFIC AND SO FORTH THAT ARE INVOLVED IN ALL OF THIS.
LET US MOVE ON TO THE NEXT REPORT, AND I AM PLEASED AND PERHAPS EVEN A LITTLE RELIEVED THAT LYMAN CHAPIN HAS ARRIVED, AND WE'LL HAVE HIS PRESENTATION AS WELL.
>>DAVE PISCITELLO: THE SECOND TOPIC WE'RE GOING TO TALK ABOUT IS RELATED IN THE SENSE THAT INFORMATION THAT IS PUBLISHED IN THE REGISTRATION RECORD AND FINDS ITS WAY INTO TLD NAME SERVERS IS EITHER MISCONFIGURED OR MALICIOUSLY ALTERED SO THAT SOMEONE'S DOMAIN NAME SERVICE IS AFFECTED BY THE NONRENEWAL OF A DOMAIN NAME.
SO THE SITUATIONS THAT WE'RE TALKING ABOUT HERE IS WHERE ONE DOMAIN'S DNS SERVICE IS AFFECTED BY CHANGES IN ANOTHER DOMAIN NAME'S REGISTRATION STATUS.
THE POSSIBLE CONSEQUENCES THAT WE'RE GOING TO SHOW IN SORT OF SCENARIOS ARE THAT THE NAME SERVICE FOR A DOMAIN IS INTERRUPTED OR IT BECOMES UNPREDICTABLE, DEPENDING ON WHAT NAME SERVER YOU ACTUALLY QUERY FOR A PARTICULAR NAME. OR THAT IN THE EXTREME, AN ATTACKER ALTERS DNS INFORMATION FOR SOME MALICIOUS PURPOSE. THAT CAN RANGE FROM A PHISHING ATTACK TO INTERCEPTION OF ELECTRONIC MAIL, TO REDIRECTION OF INTERNET USERS IN THE SAME FORM AS A SEARCH ENGINE OR A HOME PAGE HIJACKER PIECE OF SPYWARE MIGHT. SO THERE IS A LITTLE BIT OF BACKGROUND MATERIAL HERE TO THOSE OF YOU WHO ARE EXPERTS IN THE REGISTRATION PROCESS AND IN THE RELATIONSHIP OF REGISTRATION INFORMATION TO NAME SERVICE, BEAR WITH US.
A REGISTRAR COLLECTS A FAIR AMOUNT OF INFORMATION FROM THE REGISTRANT. PART OF IT IS BUSINESS RELATED, PART OF IT IS OPERATIONALLY RELATED.
THE SORT OF BUSINESS RELATED IS THE CONTACT INFORMATION. BUT IN ADDITION TO THAT, ONE OF THE THINGS THAT THE REGISTRANT MUST OFFER TO THE REGISTRAR IS A LIST OF DOMAIN NAME SERVERS THAT WILL BE SERVING AS AUTHORITATIVE HOSTS FOR NAME RESOLUTION FOR THAT DOMAIN.
SO IF YOU LOOK ON YOUR RIGHT-HAND SIDE, THESE GRAY INSETS ARE ESSENTIALLY REGISTRATION RECORD SNIPPETS. AND SO IN THIS PARTICULAR CASE, IF YOU LOOKED AT -- WENT AND DID A WHOIS ON A REGISTRATION RECORD, YOU WOULD FIND A DOMAIN NAME. YOU WOULD FIND SOME REGISTRAR INFORMATION, SOME ADMINISTRATIVE, TECHNICAL CONTACT INFORMATION. AND IF YOU SCROLL DOWN FAR ENOUGH YOU WOULD ACTUALLY FIND THE -- I'M BUSY -- IF YOU SCROLL DOWN FAR ENOUGH, YOU WOULD FIND THE NAME SERVERS THAT ARE OPERATING ON BEHALF OF THE REGISTRANT OF EXAMPLE .BIZ IN THIS EXAMPLE AND PROVIDING NAME SERVICE.
SO IN ORDER TO UNDERSTAND THE SORT OF CONSEQUENCES OF THE FACT THAT THERE'S THIS INTERDEPENDENCY BETWEEN A REGISTRATION RECORD AND DNS INFORMATION, IT'S IMPORTANT TO UNDERSTAND THE NOTION OF BAILIWICK. AND A BAILIWICK BASICALLY IDENTIFIES WHERE A REGISTRANT IS ACTUALLY HOSTING DOMAIN NAME SERVICE. AND SO A REGISTRANT CAN SUPPORT HIS NAME SERVICE BY RUNNING IT HIMSELF FROM A DOMAIN NAME WITHIN THE REGISTERED DOMAIN. SO, FOR EXAMPLE IF MY REGISTRANT WERE EXAMPLE.BIZ, I CAN SUPPORT A NAME SERVER THAT I CALL DNS1.EXAMPLE.BIZ, AND I CAN USE THAT AS MY AUTHORITATIVE SOURCE FOR DOMAIN NAME INFORMATION, FOR EXAMPLE.BIZ. I CAN ALSO CHOOSE TO SUPPORT THAT NAME SERVICE UNDER ANOTHER DOMAIN NAME. AND WHETHER OR NOT I OWN IT IS IMMATERIAL. THE FACT OF THE MATTER IS IT'S JUST ANOTHER DOMAIN NAME.
SO IN THE CASE WHERE I OWN AND NOT ONLY -- OR I HAVE REGISTERED NOT ONLY EXAMPLE.BIZ BUT EXAMPLE.NET, I CAN CHOOSE TO HAVE MY DOMAIN NAME SERVICE OPERATING ON AUTHORITATIVE NAME SERVERS THAT ARE OUT OF MY DELEGATION BUT IN THE DELEGATION OF EXAMPLE.NET. SO IN THIS SCENARIO, DNS1.EXAMPLE.NET WOULD BE MY NAME SERVER FOR EXAMPLE.BIZ.
MAYBE I'M NOT PARTICULARLY INTERESTED IN RUNNING DOMAIN NAME SERVICE OR I DON'T FEEL HAVE THE SKILL SET OR I FEEL IT'S IMPORTANT THAT I HAVE MORE THAN ONE AUTHORITATIVE NAME SERVER FOR RESILIENCY PURPOSES, AND SO WHAT I CAN DO IS I CAN ACTUALLY CONTRACT WITH ANOTHER PARTY TO HOST MY DNS INFORMATION AT ONE OF HIS NAME SERVERS.
AND SO IN THIS CASE, FOR EXAMPLE, I MIGHT GO TO AN ISP, AND THE ISP HAPPENS TO BE NAMED EXAMPLEISP.NET, AND I SAY I WOULD LIKE YOU TO NOT ONLY PROVIDE ME WITH INTERNET ACCESS BUT ALSO HOST MY DNS INFORMATION AT YOUR NAME SERVER.
SO IN CONFIGURATION NUMBER ONE WHERE I AM DOING IT INSIDE MY OWN REGISTERED DOMAIN IS CALLED AN IN-BAILIWICK DNS SERVICE. AND WHEREAS CONFIGURATIONS TWO AND THREE ARE CALLED OUT OF BAILIWICK DNS SERVICES.
WHAT WE ARE GOING TO DESCRIBE IN THE FOLLOWING SCENARIOS ARISE WHEN SERVICE IS OFFERED OUT OF BAILIWICK AND WHEN SOMETHING CHANGES IN THE OWNERSHIP OR THE STATUS OF THE REGISTRATION RECORD OF THE DOMAIN NAME THAT IS THE OUT OF BAILIWICK NAME.
SO WHAT HAPPENS HERE IS VERY SIMILAR TO WHAT HAPPENED IN THE PREVIOUS ADVISORY AND WHAT WE WERE DESCRIBING IN TERMS OF REGISTRANTS MAKING ASSUMPTIONS ABOUT THE RENEWAL AND NONRENEWAL STATES OF A DOMAIN NAME.
SO IN MOST OF THESE SCENARIOS, WHAT WE SEE IS THAT SOMEONE HAS DECIDED TO USE AN OUT-OF-BAILIWICK NAME SERVER, AND THEY HAVE MADE THE ASSUMPTION WHEN THEY DO SO THAT EITHER THAT THAT NAME WILL NEVER EXPIRE OR THAT THE NAME REMAINS REGISTERED TO THE SAME PARTY THAT THEY HAVE CONTRACTED SERVICE WITH, OR THAT IF EITHER OF THOSE CONDITIONS WERE TO CHANGE, SOMEBODY WOULD TELL THEM.
AND IN PRACTICE, WHAT WE HAVE SEEN IS THAT THOSE CONDITIONS -- THESE CONDITIONS MAY CHANGE, AND THEY HAVE UNANTICIPATED CONSEQUENCES TO NAME SERVICE.
SO LET'S LOOK AT THREE SEPARATE SCENARIOS. IN ONE SCENARIO, JANE DOE REGISTERS FOO.TLD, AND SHE DECIDES SHE IS NOT COMPETENT ENOUGH TO RUN DOMAIN NAME SERVICE ON HER OWN SO SHE CONTRACTS WITH FRED ISP WHO HAS REGISTERED THE DOMAIN NAME BAR.TLD.
SO WHAT JANE DOES IS SHE NOW GIVES HER NAME RECORD INFORMATION, HER DNS INFORMATION, TO FRED ISP. FRED ISP PUTS THAT INFORMATION ON DNS1.BAR.TLD. SO THAT IS NOW HOSTING ALL THE DNS INFORMATION FOR FOO.TLD.
SO NOW WHAT HAPPENS IF FRED GOES AND FORGETS TO REGISTER HIS DOMAIN NAME AND CHOOSES TO ALLOW IT TO EXPIRE. WHAT HAPPENS IS THE NAME IS DELETED FROM THE TLD REGISTRY AND THE DNS1.BAR.TLD NO LONGER RESOLVES.
SO WITHOUT DNS1.BAR.TLD RESOLVING, THE DELEGATION IS LAME, AND THE CONSEQUENCE FOR JANE DOE, THE REGISTRANT, IS THAT THE NAME SERVICE FOR FOO.TLD IS INTERRUPTED. THERE IS NO NAME SERVER THAT ACTUALLY PROVIDES THAT SERVICE OVER SOME PERIOD OF TIME. THERE MAY BE SOME CACHING SOMEWHERE BUT EVENTUALLY IT WILL TIME OUT.
SO IN THE SECOND SCENARIO LET'S SAY JANE IS SUFFICIENTLY ENOUGH TO SAY I THINK I CAN DO THIS MYSELF BUT LET'S USE A SECONDARY. AND SHE CHOOSES TO RUN HER OWN NAME SERVER AT DNS1.FOO.TLD AND SHE ALSO AGAIN CONTRACTS WITH FRED ISP TO HOST NAME SERVICE AS A SECONDARY.
AND SO AT THIS POINT, JANE HAS RECORDS -- DNS INFORMATION AT TWO SITES WHICH GIVES HER RESILIENCY AND SHE HAS ONE IN BAILIWICK SERVER AND ONE OUT-OF-BAILIWICK SERVER.
SO AGAIN WHAT HAPPENS WHEN FRED'S DOMAIN NAME IS ALLOWED TO EXPIRE OR HE CHOOSES NOT TO RENEW IT? WELL, DNS1.BAR.TLD DISAPPEARS. WELL, YOU WOULD SAY THAT'S NOT A BIG PROBLEM BECAUSE THERE IS AT LEAST ONE PRIMARY NAME SERVER, DNS1.FOO.TLD, THAT IS STILL IN PLAY. THE PROBLEM IS THE DELEGATION IS STILL LAME TO DNS1.BAR.TLD AND ANYONE POINTING TO THAT NAME SERVER IS NOT GOING TO RESOLVE CORRECTLY UNLESS THEY GO THROUGH AN ITERATION. SO THE SITUATION ENDS UP BEING ONE WHERE DEPENDING ON WHETHER OR NOT THERE IS A SUFFICIENT ROBUSTNESS IN DNS CONFIGURATION AT LOCAL RESOLVERS, THERE MAY NOT BE AN ACCURATE RESOLUTION OR A TIMELY RESOLUTION OF ANY NAME IN THE FOO.TLD DOMAIN.
THE THIRD SCENARIO IS A LITTLE BIT MORE WORRISOME BECAUSE IT IS ACTUALLY AN EXPLOITABLE PATH TO ATTACKING AN ORGANIZATION.
SO WHEN THIS -- IN THIS SITUATION, JANE DOE HAS ACTUALLY GONE AND DECIDED THAT DNS1.BAR.TLD IS GOING TO AGAIN BE HER SOLE DOMAIN NAME SERVER AND IS GOING TO BE THE AUTHORITATIVE FOR ALL THE RECORDS IN FOO.TLD. SO SHE HAS MADE THAT RELATIONSHIP WITH FRED ISP JUST AS SHE DID IN SCENARIO ONE.
SO WHAT HAPPENS HERE IS FRED ISP DOESN'T RENEW BAR.TLD, SO A BAD ACTOR SEES THAT AND SAYS I AM GOING TO JUMP ON THAT RIGHT AWAY. AND SO HE GOES AND HE REGISTERS BAR.TLD AS QUICKLY AS HE CAN.
NOW WHAT HE DOES IS HE SAYS, AH, I AM IDENTIFIED AS THE AUTHORITATIVE NAME SERVER FOR FOO.TLD SO I AM GOING TO PUBLISH DNS INFORMATION FOR FOO.TLD BUT IF YOU NOTICE, HE HAS ALTERED THE "A" RECORDS BETWEEN THE TWO SCENARIOS, AND THESE WILL BE AVAILABLE SHORTLY ONLINE, SO THAT NOW WWW.FOO.TLD ACTUALLY POINTS TO ONE OF HIS WEB SERVERS, AND FTP.FOO.TLD POINTS TO HIS FTP SERVER. SO HE HAS NOW ESSENTIALLY CAPTURED THE TRAFFIC OR REDIRECTED THE TRAFFIC FOR TWO MAJOR SERVICES THAT JANE DOE WAS OFFERING IN THE FOO.TLD DOMAIN BY MALICIOUSLY ALTERING THE DOMAIN NAME ORDERS AT WHAT JANE AS PUBLISHED AS HER AUTHORITATIVE NAME SERVER.
SO THE CONSEQUENCE IS I SAY FOO.TLD IS NOW PHISHING PHODDER, AND ONE OF THE PRACTICAL OUTCOMES OF THIS IS SIMILAR TO A DNS CACHE POISONING ATTACK WHERE THE PURPOSE OF THE ATTACK IS TO REDIRECT TRAFFIC TO A SITE THAT LOOKS A WHOLE LOT LIKE A LEGITIMATE SITE BUT IS ACTUALLY A SITE THAT IS INTENDED TO ATTEMPT TO CAPTURE SOMEONE'S IDENTITY OR SOMEONE'S CREDIT CARD INFORMATION OR OTHER PRIVATE INFORMATION.
SO WHAT KIND OF REMEDIES DO WE CONSIDER IN OUR ADVISORY? WELL, THERE ARE A COUPLE OF DIFFERENT THINGS THAT REGISTRANTS OUGHT TO BE DOING THAT WE THINK ARE VERY IMPORTANT. ONE IS THAT, OBVIOUSLY, IF YOU ARE GOING TO USE OUT-OF-BAILIWICK NAME SERVICE YOU NEED SOMEONE IN OUR ORGANIZATION WHO IS RESPONSIBLE FOR COORDINATING NAME SERVICE WITH THE OPERATOR OF THE OUT-OF-BAILIWICK NAME SERVER.
THE SECOND IS THAT YOU OUGHT TO MAKE CERTAIN THAT YOUR ORGANIZATION HAS ACCURATE CONTACT INFORMATION, AND ESPECIALLY TECHNICAL CONTACT INFORMATION, FOR ANY OPERATOR THAT YOU HAVE DELEGATED YOUR NAME SERVICE TO.
AND THE THIRD IS THAT IN CONJUNCTION WITH HAVING THOSE TWO PARTIES IDENTIFY THEMSELVES, ESTABLISH A FORMAL PROCESS BY WHICH YOU ARE GOING TO HAVE YOUR DOMAIN NAME INFORMATION MAINTAINED AND KEPT ACCURATE. AND THE LAST ONE IS, MONITOR YOUR OWN DOMAIN NAME SERVICE. IT'S FAIRLY EASY TO SCRIPT OR TO PUT INTO PLACE SOME PROCESS THAT ROUTINELY CHECKS TO MAKE CERTAIN THAT YOUR DOMAIN NAME SERVICE IS AVAILABLE AND THAT IT'S RESOLVING TO THE EXPECTED RESULTS.
ANOTHER -- THIS IS ANOTHER CASE WHERE SSAC IS ENCOURAGING PEOPLE FOR -- DO WE NEED TO HURRY? -- TO MAINTAIN CORRECT AND ACCURATE INFORMATION BECAUSE IF THE CONTACT INFORMATION IS CORRECT, WE CAN MAKE CERTAIN THAT TECHNICAL CONTACTS CAN VERIFY THE DNS INFORMATION IS VALID AND THAT THE NAME SERVER LISTED IN THE REGISTRATION RECORD IS THE CORRECT ONE.
AND SO NOT TO BELABOR THIS. OBVIOUSLY IT'S VERY IMPORTANT THAT THE REGISTRARS AND REGISTRIES AND OTHER TECHNICAL STAFF BE ABLE TO REACH YOU REGARDING ANY DNS-RELATED MATTER ASSOCIATED WITH YOUR DOMAIN NAME.
SO TO QUICKLY GO THROUGH THE FINDINGS, WE HAVE ALREADY TALKED ABOUT THE FACT THAT REGISTRANTS CREATE OPERATIONAL DEPENDENCIES WHEN THEY GO OUT-OF-BAILIWICK. WE TALKED ABOUT THE FACT THAT THERE ARE SOME SITUATIONS WHERE CONDITIONS CAN CHANGE AND DOMAIN NAME REGISTRATIONS ARE BY THEIR NATURE ARE NOT PERMANENT AND MAY NOT BE RENEWED BY A PARTY THAT YOU ARE RELYING ON.
WE HAVE TALKED ABOUT THE POTENTIAL FOR SERVICE INTERRUPTION AND POTENTIAL FOR REDIRECTION ATTACKS AS CONSEQUENCES OF NOT PAYING ATTENTION TO THE REGISTRATIONS OF ANYONE THAT YOU ARE RELYING ON FOR OUT-OF-BAILIWICK NAME SERVICE.
AND SO OUR RECOMMENDATIONS ARE THAT, A, YOU MAINTAIN ACCURATE CONTACT INFORMATION. AGAIN, ESTABLISH A CHAIN OF ACCOUNTABILITY FOR DOMAIN NAME REGISTRATION AND ALSO FOR NAME SERVER ACCURACY.
MAINTAIN ACCURATE CONTACT INFORMATION, NOT ONLY FOR YOUR OWN ORGANIZATION BUT FOR OTHERS THAT YOU HAVE NOW CREATED DEPENDENCIES ON NOW FOR HE NAME SERVICE. MONITOR DOMAIN NAME SERVICE. AND LASTLY, SOMETHING WE WILL AGAIN TALK ABOUT ON WEDNESDAY, THINK ABOUT USING DNSSEC TO PROTECT AGAINST UNDETECTED MODIFICATION OF YOUR DNS RECORDS, BECAUSE IF THE ZONE -- OR THE DNS INFORMATION HAD BEEN SIGNED AND AUTHENTICATED, IT WOULD BE VERY DIFFICULT FOR SOMEONE TO POISON THE ZONE IN THE MANNER THAT I DESCRIBED UNDER SCENARIO 3 WITHOUT ANYONE KNOWING.
AND THAT'S IT.
THANK YOU.
>>STEVE CROCKER: THANK YOU, DAVE.
ANY QUESTIONS OR COMMENTS WITH RESPECT TO THIS REPORT?
LET ME DO A QUICK POLL HERE.
THIS PROBABLY IS NOT A SET OF PEOPLE WHO OPERATE THEIR OWN ZONES OR WHO HAVE THEIR HANDS ON THE CONFIGURATION OF THEIR ZONE FILES AND THE CHOICE OF PRIMARY AND SECONDARY NAME SERVERS.
HOW MANY PEOPLE HERE DO HANDLE THESE THINGS?
HOW MANY OF YOU DO HANDLE THESE THINGS YOURSELF?
TWO, THREE, OR A COUPLE.
HAVE YOU --
>> I HAVE A QUESTION.
>>STEVE CROCKER: WHY DON'T YOU COME ON UP TO A MIKE.
INTRODUCE YOURSELF.
>>TIM RUIZ: TIM RUIZ WITH GODADDY.
I JUST WONDER IF YOU COULD CLARIFY A LITTLE MORE HOW SIGNING WOULD SOLVE THE PROBLEM DESCRIBED IN THE THIRD SITUATION.
>>DAVE PISCITELLO: DO I TAKE THAT?
>>STEVE CROCKER: I'LL LET YOU DO THAT.
>>DAVE PISCITELLO: WELL, IF YOU ARE USING DNSSEC AND YOU -- AND THERE WAS SOME AUTHORITATIVE CERTIFICATE THAT PROVED THAT YOU WERE IN FACT FOO.TLD AND YOU HAD SIGNED THE DNS INFORMATION, THEN IF SOMEBODY ELSE TRIED TO COMPARE THE SIGNATURE OF THE DNS INFORMATION THAT WAS ON THE ATTACKER'S SERVER AGAINST THE LEGITIMATE SIGNATURE, THE TWO WOULD NOT COMPUTE.
SO IT WOULD BE ESSENTIALLY A MATCHING HASH AND SAYING THIS IS NOT EQUAL TO THE OTHER, SO THERE'S SOME MODIFICATION I DON'T KNOW ABOUT.
>>STEVE CROCKER: YEAH.
THE REUSE AMOUNTS TO A KIND OF POISONED CACHE EQUIVALENT. AND DNSSEC WILL PORT THAT.
SO, ACTUALLY, WITH THE FOCUS -- WITH THE QUESTION ABOUT DNSSEC, LET ME EMPHASIZE A POINT THAT DAVE HAS JUST MADE.
THERE IS A SEPARATE THREAD OF ACTIVITY ON DNSSEC DEPLOYMENT, AND WE HAVE A WORKSHOP SCHEDULED AT 8:00 O'CLOCK IN THE MORNING ON WEDNESDAY.
AND -- IN THIS ROOM HERE.
THERE WILL BE ANOTHER BROCHURE THAT LOOKS SIMILAR BUT IS DIFFERENT AVAILABLE JUST BEFORE THEN.
AND SPEAKING OF THIS BROCHURE, IF ANYBODY HAS WALKED IN AND HAS NOT GOTTEN A COPY OF THIS BROCHURE, THERE'S SEVERAL SITTING RIGHT AT THE EDGE OF THE STAGE HERE AND THEN THERE'S A BUNCH OUTSIDE AS YOU CAME IN.
ANOTHER QUESTION.
>> JUST A REPORT FROM THE .JP REGISTRY.
MY NAME IS HIRO HOTTA.
AND UNDER DOT JP, WE HAVE FOUND THIS KIND OF PROBLEM.
THE PROBLEM WAS FROM A KIND OF CREDIT CARD COMPANY.
SO IT WAS A BIG PROBLEM.
BUT, FORTUNATELY, THERE WAS NO DNS TRAFFIC HIJACKING THERE.
WE SOLVED THAT.
AND AFTER THAT, WE CONSULTED WITH OUR REGISTRANTS AND COMMUNITY, AND .JP REGISTRY IS A THICK REGISTRY AND HAS CONTRACTS WITH REGISTRANTS.
SO WE DO NOW PRUNE THE NS RECORDS WHICH HAVE NONEXISTING JP NAMES AS NAME SERVER HOT NAMES.
SO THAT'S THE REPORT.
>>STEVE CROCKER: THANK YOU.
>>DAVE PISCITELLO: ACTUALLY, WE ACTUALLY CITE THE ACTIVITIES THAT .JP DOES IN TERMS OF PRUNING ON DOMAIN NAMES AS ACTIONS THAT REGISTRARS AND REGISTRIES COULD CONSIDER TO THWART SUCH ATTACKS.
AND SO WE HAVE CITATIONS FROM SOME OF THE INFORMATION THAT YOU'VE MADE PUBLIC AT THE .JP, YOU KNOW, WEB SITE, AND JPRS IS CERTAINLY SORT OF A POSTER CHILD FOR GOOD BEHAVIOR IN TERMS OF HOW REGISTRIES CAN HELP MITIGATE SUCH ATTACKS.
>>STEVE CROCKER: GOOD.
ANY OTHERS?
>>BOB HUTCHINSON: I'M BOB HUTCHISON WITH DYNAMIC VENTURES.
I WAS WONDERING WHY IN BOTH OF THESE CASES YOU WERE RELUCTANT TO PUT THE BURDEN ON THE REGISTRIES TO FIX THE PROBLEM WITH PROTECTING THE LIFE OF THE EXPIRED DOMAIN NAME FOR A LONGER PERIOD OF TIME.
IT SEEMS LIKE AN OBVIOUS SOLUTION.
>>STEVE CROCKER: THAT'S A GOOD QUESTION.
LET ME SEE IF I'VE CAPTURED IT CORRECTLY.
IN THE -- THE CURRENT ENVIRONMENT, WHEN A NAME LAPSED, IT'S HELD FOR 45 DAYS, I BELIEVE.
AND IT'S JUST TAKEN OUT OF SERVICE.
AND AFTER THAT, IT'S FAIR GAME FOR ANYBODY TO REGISTER IT AND REUSE IT FOR WHATEVER PURPOSE.
AND I TAKE THE FORCE OF YOUR QUESTION, WHY NOT CHANGE THAT RULE TO MAKE IT LONGER.
90 DAYS, SIX MONTHS, A YEAR, FIVE YEARS, TEN YEARS, WHATEVER.
I THINK THAT'S AN EXTREMELY REASONABLE THOUGHT TO PUT ON THE TABLE.
IT IS CLEARLY A CHANGE IN THE CONTRACTUAL STRUCTURE AND IN THE MARKET STRUCTURE.
WE MADE A CHOICE IN THIS PARTICULAR ADVISORY TO FOCUS OUR ATTENTION WHERE THE PEOPLE WHO ARE BEING HARMED CAN TAKE PROTECTIVE ACTION FOR THEMSELVES BY RAISING THE VISIBILITY OF THAT.
IT IS -- BUT WE CLEARLY HAD IN MIND THAT ONE COULD ALSO CHANGE THESE RULES.
AND IT WAS A QUESTION OF HOW MANY THINGS TO RAISE AT ONE TIME.
BUT I THINK THAT'S A QUITE IMPORTANT IDEA TO PUT ON THE TABLE.
IT WOULD GET, UNQUESTIONABLY, WOULD HAVE TO GO THROUGH THE POLICY DEVELOPMENT PROCESS AND GO THROUGH A LOT OF BROKERED INTEREST, VESTED INTEREST ARGUING ON BOTH SIDES.
SO IT'S -- IT WOULD BE A SOMEWHAT DIFFERENT PROCESS.
>>DAVE PISCITELLO: THERE'S ALSO -- WE'VE KIND OF TRIED TO CHANGE SSAC'S TRADITIONAL PUBLICATION MONOLITHIC MODEL FROM JUST HAVING REPORTS TO HAVING COMMENTS, ADVISORIES, AND REPORTS.
AND THESE TWO ARE ACTUALLY ADVISORIES.
AND BEING A SECURITY CONSULTANT AND EXPERT, ONE OF THE THINGS THAT I'VE TRIED TO PERSUADE STEVE TO DO IS TO THINK ABOUT MODELS WHERE WE OPERATE VERY SIMILAR TO U.S. CERT AND TO SANS AND OTHER ORGANIZATIONS WHERE WHEN WE SEE SOMETHING THAT PUTS PEOPLE AT RISK, WE TRY TO DISCLOSE SOMETHING QUICKLY SO THAT REGISTRANTS, FOR EXAMPLE, MIGHT HAVE THE SAME OPPORTUNITY TO PUT IN PLACE A WORK-AROUND IN THE SAME MANNER THAT THEY WOULD IF THEY DISCOVERED THAT THERE WAS A BUG IN A WEB SITE AND SOMEBODY SAID THAT THE WORKAROUND RIGHT NOW IS TO NOT PUT UP PAGES OF THIS KIND.
SO THESE ARE REALLY MORE AGILE DOCUMENTS THAN THE KIND OF DOCUMENT THAT WOULD INVOLVE SSAC GOING FORWARD AND SAYING, "HERE IS SOMETHING THAT WE SEE, HERE IS AN IMPACT THAT MIGHT BE RESOLVED BY POLICY, HERE IS WHAT THE CURRENT POLICY IS, HERE'S A NUMBER OF POLICY ALTERNATIVES."
AND AS STEVE SAYS, WOULD REQUIRE A FAIRLY LENGTHY PROCESS NOT ONLY TO COME OUT OF OUR COMMITTEE, BUT TO GO THROUGH THE WHOLE POLICY CONSENSUS PROCESS.
SO IN THE MEANTIME, WE DON'T WANT PEOPLE SITTING THERE, CONSTANTLY HAVING THESE SORTS OF UNANTICIPATED CONSEQUENCES HAMMERING AT THEM.
SO THESE ADVISORIES ARE VERY FOCUSED ON REGISTRANTS AND, IN FACT, THE FRONT MATTER OF OUR ADVISORY SAYS, "THESE ARE DIRECTED TO REGISTRANTS."
BUT CERTAINLY WHAT YOU'RE TALKING ABOUT IS CLEARLY IN PLAY FOR SSAC AND THINGS THAT WE WOULD CONSIDER.
>>STEVE CROCKER: THANK YOU.
RAM.
>>RAM MOHAN: THIS IS RAM.
I OPERATE A REGISTRY.
I HAD SOMETHING THAT PERHAPS SHOULD BE CONSIDERED, WHICH IS THAT FOR A REGISTRY, A THICK REGISTRY PARTICULARLY, AND THE SAME APPLIES FOR A THIN REGISTRY AS WELL, REGISTRARS REALLY ARE THE ONES WHO, QUOTE, UNQUOTE, OWN THE CUSTOMER AND THE INFORMATION THERE.
AND WE HAVE A PRINCIPLE THAT WE DON'T ACTUALLY TOUCH THE DATA THAT IS PROVIDED TO US UNLESS THE REGISTRAR ACTING ON BEHALF OF THE REGISTRANT ASKS FOR THAT DATA TO BE TOUCHED, RIGHT.
SO THE -- ONE OF THE FOCUSES FROM A REGISTRY PERSPECTIVE IS TO ENSURE THAT THE DATA HAS INTEGRITY AS PROVIDED TO US, AND THEN WE DON'T ARBITRARILY GO AND TOUCH IT AND MODIFY IT. SO THAT'S A CONSIDERATION THAT PERHAPS DOESN'T ALWAYS COME ACROSS, BECAUSE IT SEEMS LIKE AT THE TOP YOU CAN JUST GO AND TOUCH IT AND MODIFY IT AND CHANGE THINGS.
BUT THERE ARE -- AS A REGISTRY, YOU HAVE -- YOU ARE HELD UP TO MAKE SURE THAT WHAT'S THERE IS WHAT'S GIVEN TO YOU, AND NOT JUST CHANGED BY YOU.
>>STEVE CROCKER: AND, RAM, WILL YOU CONNECT THE DOTS ON THAT.
TAKE THE APPLICATION OF THAT PRINCIPLE TO THE SITUATION WHERE A NAME EXPIRES AND TO THE POINT OF THE QUESTION OF WHY NOT JUST HOLD IT IN ABEYANCE FOR A MUCH LONGER PERIOD OF TIME.
>>RAM MOHAN: I CAN THINK OF PROBABLY AT LEAST TWO SCENARIOS, IN ONE SCENARIO, WHERE THE REGISTRANT HAS NOT PAID THE REGISTRAR, THEIR REGISTRAR, THE FEE NECESSARY FOR RENEWING THE DOMAIN NAME, AND THE REGISTRAR IS, IN THE CURRENT SYSTEM WITH GTLDS, THE REGISTRY AUTOMATICALLY RENEWS THE NAME AND PROVIDES A GRACE PERIOD FOR THE DOMAIN NAME TO THE REGISTRAR AND TELLS THEM, "YOU HAVE 45 DAYS TO CHOOSE TO DELETE THE NAME FOR WHATEVER REASON THAT YOU WANT."
AND ONCE A NAME IS DELETED, THEN THERE IS AN EXTRA 30-DAY TIME PERIOD.
BUT IN THE CASES WHERE A REGISTRAR IS UNABLE TO CONTACT A REGISTRANT AND THE NAME IS NOT RENEWED, WELL, THE REGISTRAR IS OUT THE MONEY, WHICH HAS A SIGNIFICANT ECONOMIC PROBLEM FOR THEM.
SO AS A REGISTRY, IF WE WERE TO JUST KEEP THE NAME RESOLVING AND WORKING ON BEHALF OF A REGISTRANT WHO THE REGISTRAR IS NOT ABLE TO CONTACT ANYMORE, WELL, THERE'S A BROKEN CHAIN THERE.
THE SECOND PART OR POSSIBILITY IS WHERE THE -- THE DOMAIN NAME REGISTRANT OR THE INDIVIDUAL WHO HAS THE DOMAIN NAME HAS BEEN CONTACTED, PROVIDES CREDIT CARD INFORMATION THAT IS POTENTIALLY FRAUDULENT OR THE REGISTRAR THINKS THAT THEY HAVE A LEGITIMATE REASON TO HAVE THE NAME BE DROPPED, AND IF YOU'RE THE REGISTRY LEVEL IN THIS SAYING, "WELL, I DON'T THINK SO, THIS NAME SHOULD STILL STAY," YOU HAVE A PROBLEM.
AND I KNOW PERSONALLY OF CASES WHERE THE REGISTRANT SAYS THEY NEVER GOT CONTACTED BY THEIR REGISTRAR.
THE REGISTRAR CAN SHOW EVIDENCE THAT THEY SENT E-MAILS TO AN ADDRESS.
AND IT TURNS OUT THAT THERE WERE INTERMEDIATE PARTIES ALONG THE WAY, AN ISP OR SOMEBODY ELSE, THINGS GOT DROPPED ALONG THE WAY.
REGISTRANT REALLY GOT HARMED.
REGISTRAR REALLY TRIED TO DO SOMETHING.
AND ON THE REGISTRY LEVEL, WHEN THE REGISTRANT COMES TO THE REGISTRY AND SAYS, "HELP ME," PRETTY MUCH WHAT THE REGISTRY HAS TO SAY IS, "PLEASE GO TALK TO YOUR SERVICE PROVIDER."
>> (INAUDIBLE).
>>STEVE CROCKER: YEAH.
THE QUESTION IS, WHY NOT PARK -- SPECIFIC -- YOUR SPECIFIC SUGGESTION IS THE TWO-YEAR HIATUS IN RE-REGISTRY.
>>BOB HUTCHINSON: YEAH.
SO THE -- MY SUGGESTION WOULD BE JUST PARK THE REGISTRATIONS FOR TWO YEARS WHEN THEY EXPIRE.
AND THAT WOULD BE IT.
>>STEVE CROCKER: AND I CAN THINK OF A NUMBER OF THINGS THAT -- TO SAY.
BUT IT'S PROBABLY NOT FOR ME TO MAKE UP THE POSSIBLE RESPONSES TO ALL THAT.
BUT I SAW ONE HAND RAISED.
>> RICK WILHELM, NEUSTAR.
I WON'T TAKE THAT ONE UP DIRECTLY, BECAUSE THE REGISTRAR COMMUNITY WOULD OBVIOUSLY, YOU KNOW, NOT LIKE TO HAVE INVENTORY LOCKED UP THAT MUCH.
BUT SETTING THAT ASIDE, ONE OF THE THINGS SOMEONE ELSE MENTIONED EARLIER IS THAT IF A NAME IS USED IN OUT-OF-BAILIWICK NAME SERVICE, THAT ONE OF THE THINGS THAT IS IMPORTANT TO REALIZE IS THAT THERE'S NO AUTHENTICATION DONE TO DETERMINE IF WHEN A NAME IS DELEGATED TO ONE OF THESE OUT-OF-BAILIWICK NAME SERVERS IF IT'S ACTUALLY THERE.
SO IT'S BAD OPERATING PRACTICE.
BUT, FOR EXAMPLE, RIGHT NOW, I COULD GO REGISTER SOME NAME DOT BIZ AND GO DELEGATE THAT TO NS1.GODADDY.BIZ EVEN IF THE NAME IS NOT THERE.
RESOLUTION WOULD BE BROKEN, BUT ONE OF THE DANGERS OF LOCKING THESE TWO THINGS TOGETHER IS THAT THERE'S NO AUTHENTICATION DONE WHEN THAT WOULD HAPPEN.
>>STEVE CROCKER: GOOD POINT.
ALL RIGHT.
WITH THAT, LET ME MOVE FORWARD.
I WANT TO INTRODUCE LYMAN CHAPIN, THE CHAIR OF THE NEWLY ORGANIZED -- WELL, I WANT TO SAY STANDING PANEL OF EXPERTS, BUT I ALSO WANT TO SAY THAT I'M LOOKING FOR AT LEAST TWO THINGS FROM LYMAN IN WHAT HE'S ABOUT TO SAY.
ONE IS, WHAT IS THE CORRECT OFFICIAL TITLE OF THIS GROUP?
AND THE OTHER IS, WHATEVER HE WANTS TO SAY ABOUT THE RELATIONSHIP OF THE ACTIVITIES OF THAT GROUP WITH THE ACTIVITIES OF OUR GROUP, SSAC.
SO WITH THAT, LYMAN, YEAH, COME ON UP.
AND -- YEAH.
LET PEOPLE GET A GOOD LOOK AT YOU.
AND --
>>LYMAN CHAPIN: LINK ARMS OR SOMETHING?
>>STEVE CROCKER: LINK ARMS.
WE'RE OLD, ESTABLISHED GOOD FRIENDS.
IT'S REALLY QUITE A PLEASURE.
AND I AM PLEASED TO HAVE YOU HERE.
AND QUITE PLEASED TO SEE THAT YOU MADE YOUR CONNECTIONS, WHICH HAS NOT BEEN THE UNIFORM --
>>LYMAN CHAPIN: JUST BARELY.
>>STEVE CROCKER: WE'VE HAD A NUMBER OF PEOPLE WHO JUST BARELY DIDN'T.
THAT'S FINE.
SO LYMAN CHAPIN.
>>LYMAN CHAPIN: OKAY.
THE -- I WANT TO DO A COUPLE OF THINGS.
AND I WON'T BELABOR YOU WITH A LOT OF DETAIL.
BUT I WANT TO DESCRIBE WHAT THIS NEW ENTITY IS, BECAUSE EVERY TIME ICANN CREATES A NEW ENTITY, YOU KNOW, IT'S NOT NECESSARILY THE CASE THAT IT'S OBVIOUS EITHER WHAT IT'S SUPPOSED TO DO OR WHY IT WAS CREATED.
AND CERTAINLY IN THE CASE OF THE STANDING PANEL, ONE OF THE FIRST QUESTIONS THAT I GET FROM PEOPLE WHO HAVE BEEN, YOU KNOW -- WHO ARE FAMILIAR WITH THE AREA IS, WHY DID YOU NEED A STANDING PANEL TO REVIEW NEW REGISTRY SERVICE REQUESTS FOR THEIR IMPACT ON SECURITY AND STABILITY OF THE INTERNET OR OF THE INTERNET'S DOMAIN NAME SYSTEM WHEN YOU HAD A PERFECTLY GOOD SECURITY AND STABILITY ADVISORY COMMITTEE?
AND SO I'LL TRY TO ANSWER THAT QUESTION, WHICH I THINK IS A PRETTY OBVIOUS ONE.
THE STANDING PANEL THAT WE'RE TALKING ABOUT IS SOMETHING THAT ARISES AS A RESULT OF A CONSENSUS POLICY PROCEDURE THAT WAS DEVELOPED OVER THE PAST YEAR, ALMOST YEAR AND A HALF, CULMINATED IN JUNE OF LAST YEAR WITH THE APPROVAL BY THE GNSO, GNSO COUNCIL, OF WHAT THEY CALL A CONSENSUS POLICY PROCESS FOR CONSIDERATION OF NEW REGISTRY SERVICES.
AND THE REGISTRY SERVICES WE'RE TALKING ABOUT ARE PRIMARILY THOSE THAT A GTLD REGISTRY OPERATOR MIGHT OFFER IN ITS ROLE AS THE OPERATOR OF THE TLD.
SO WE'RE FOR THE MOST PART, ALTHOUGH WE COULD BE TALKING ON EITHER SIDE OF THE SHOP, FOR THE MOST PART, WE'RE NOT TALKING ABOUT, YOU KNOW, SORT OF NEW AND INVENTIVE WAYS TO REGISTER NAMES.
WE'RE TALKING ABOUT NEW AND INVENTIVE WAYS FOR THE REGISTRY OPERATOR TO TAKE ADVANTAGE IN A PERFECTLY -- USUALLY PERFECTLY LEGITIMATE WAY, OF ITS OTHER ROLE AS THE ACTUAL OPERATOR OF THE RESOLUTION SERVICES FOR THAT TOP-LEVEL DOMAIN.
A COUPLE OF THINGS RIGHT OFF THE BAT.
FIRST OF ALL, THIS APPLIES ONLY TO GTLDS, BOTH SPONSORED AND UNSPONSORED.
SO IT HAS NO IMPACT WHATSOEVER ON THE WAY IN WHICH CCTLDS ORGANIZE THEIR RELATIONSHIP WITH ICANN.
IT COMES INTO PLAY ONLY IN SITUATIONS IN WHICH ICANN, THE ICANN STAFF, RECEIVES A REQUEST FROM A REGISTRY OPERATOR TO EITHER CHANGE AN EXISTING SERVICE OR INTRODUCE A NEW SERVICE, AND THE ICANN STAFF, AFTER LOOKING AT IT, DETERMINES THAT AN INDEPENDENT TECHNICAL REVIEW WOULD BE USEFUL AND WOULD HELP THE ICANN BOARD TO DECIDE WHETHER OR NOT TO APPROVE THE NEW SERVICE.
NEW SERVICES COME ABOUT, OF COURSE, IN THIS CONTEXT AS PROPOSALS TO MODIFY THE REGISTRY OPERATOR'S CONTRACT WITH ICANN TO OPERATE THE GTLD REGISTRY.
IF THE GTLD REGISTRY WANTED TO DO SOMETHING THAT HAD NO CONTRACT IMPLICATIONS, THEN, YOU KNOW, ICANN WOULDN'T BE INVOLVED.
THE PROCESS OF GETTING THIS OFF THE GROUND HAS BEEN SORT OF LENGTHY.
IT HASN'T REALLY BEEN ALL THAT LABORIOUS, BUT HAS DEFINITELY BEEN LENGTHY.
AS I SAID, THE GNSO COUNCIL APPROVED THIS ON THE 30TH OF JUNE.
THE ICANN BOARD APPROVED OR ACCEPTED THE RECOMMENDATION OF THE GNSO AT A SPECIAL BOARD MEETING ON THE 8TH OF NOVEMBER.
I WAS NOMINATED TO CHAIR, ACTUALLY, BOTH CHAIR AND ASSEMBLE, A GROUP OF PEOPLE TO SERVE ON THIS PANEL BACK ON THE 26TH OF JANUARY.
AND AT THE LAST ICANN MEETING AT WELLINGTON ON THE 31ST OF MARCH, THE ICANN BOARD FORMALLY APPROVED MY NOMINATION AFTER A PUBLIC COMMENT PERIOD BETWEEN JANUARY AND MARCH.
THE WAY THIS WORKS IS THAT A GTLD REGISTRY OPERATOR THAT WANTS TO INTRODUCE A NEW SERVICE, THERE'S A PRESUMPTION THAT THERE'S SOME BACK AND FORTH BETWEEN THE REGISTRY OPERATOR AND THE ICANN REGISTRY STAFF THAT OCCURS ON AN ONGOING BASIS SO THAT THESE THINGS DON'T SUDDENLY APPEAR OUT OF NOWHERE.
AND THIS IS, IN SOME SENSE, AN OPTIMISTIC VIEW.
BUT I THINK IT'S ACTUALLY ONE THAT'S PRETTY REALISTIC, BECAUSE ULTIMATELY, THE VALUE OF PLAYING THE GAME ANY OTHER WAY SIMPLY, I DON'T THINK, SHOWS ANY BENEFIT FOR EITHER SIDE, CERTAINLY NOT FOR ICANN, AND PROBABLY NOT FOR THE REGISTRY OPERATOR.
BECAUSE THE DEFAULT ANSWER, OF COURSE, IS "NO."
SO IF THE REGISTRY OPERATOR, YOU KNOW, IS TRYING TO SPRING A FAST ONE ON ICANN BY, YOU KNOW, COMING UP WITH SOME NIFTY NEW SERVICE THAT IT'S PRETTY CONFIDENT IS GOING TO HAVE SOME SERIOUS IMPACTS AND THEN SPRINGING IT ON ICANN BECAUSE, YOU KNOW, WE NOW HAVE THIS PROCESS THAT'S TIME-LIMITED AND SO FORTH, THE DEFAULT ANSWER, IF ICANN DOESN'T HAVE -- DOESN'T FEEL AS THOUGH IT'S BEEN PROPERLY BRIEFED ON WHAT THE REGISTRY SERVICE IS GOING TO BE, THE DEFAULT ANSWER IS "NO."
SO AT SOME LEVEL, THERE'S NO REAL BENEFIT, AND WE KNOW THAT ALL SORTS OF DIFFERENT WAYS IN WHICH THAT GAME CAN BE PLAYED.
BUT LET'S ASSUME THAT THERE'S A, YOU KNOW, GOOD-FAITH EXCHANGE BETWEEN THE REGISTRY OPERATORS AND ICANN REGISTRY STAFF.
AT SOME POINT, THE REGISTRY OPERATOR DECIDES THAT IT'S TIME TO SUBMIT A FORMAL PROPOSAL FOR THE NEW SERVICE THAT THEY'VE BEEN DEVELOPING.
AT THAT POINT, ONE OF SEVERAL CLOCKS STARTS TO TICK.
THERE'S WHAT'S CALLED A PREDETERMINATION PERIOD.
ICANN'S STAFF HAS UP TO 15 DAYS -- THEY DON'T HAVE TO TAKE ALL 15 DAYS, BUT THEY HAVE A MAXIMUM OF 15 DAYS -- TO TAKE A LOOK AT THE PROPOSAL AND DECIDE WHETHER OR NOT ANY FURTHER REVIEW IS NECESSARY.
AND THERE ARE TWO KINDS OF REVIEW, ONLY ONE OF WHICH THE STANDING PANEL IS INVOLVED IN.
ONE IS A COMPETITION REVIEW, IF THE STAFF DETERMINES THAT THE PROPOSAL, THE SERVICE PROPOSAL, MIGHT HAVE COMPETITION CONSEQUENCES, THEY CAN REFER IT TO A SEPARATE BODY TO LOOK AT THAT.
IF THEY DECIDE DURING THIS PREDETERMINATION PERIOD THAT THERE IS A POTENTIAL FOR SIGNIFICANT IMPACTS ON EITHER THE SECURITY OR STABILITY IN INTRODUCING THE NEW SERVICE, THEY CAN ASK THIS NEW STANDING PANEL TO FORM FROM ITS MEMBERSHIP -- MEMBERSHIP IS ROUGHLY 20 PEOPLE.
WE CURRENTLY, ACTUALLY, HAVE MORE THAN 20 PEOPLE WHO HAVE AGREED TO SERVE -- BUT FORM FROM THAT MEMBERSHIP A FIVE-PERSON REVIEW TEAM. AND THAT REVIEW TEAM WOULD THEN HAVE 45 DAYS TO CONDUCT A REVIEW AND TO PREPARE A WRITTEN REPORT.
AND THERE'S A LOT OF DETAILS, YOU CAN IMAGINE, AS TO HOW THAT ACTUALLY HAPPENS, WHICH I WON'T BORE YOU WITH HERE.
BUT THE IMPORTANT ELEMENT OF THAT, OF COURSE, IS THAT IT'S TIME-LIMITED.
SO A REGISTRY OPERATOR THAT WANTS TO INTRODUCE A NEW SERVICE HAS A FAIRLY DETERMINISTIC RELATIONSHIP WITH ICANN WHICH HASN'T EXISTED BEFORE THIS.
IT IS A CERTAINTY, AT LEAST IF EVERYBODY'S FOLLOWING THE RULES, THAT THERE WILL BE, AT MOST, A 15-DAY PREDETERMINATION PERIOD, A 45-DAY REVIEW.
THE RESULTS OF THE REVIEW ARE SUBMITTED IN A WRITTEN REPORT THROUGH ICANN STAFF TO THE ICANN BOARD, WHICH HAS THE FINAL DECISION.
BECAUSE REMEMBER, AGAIN, THIS IS A CONTRACT CHANGE BETWEEN ICANN AND A REGISTRY.
SO THE BOARD THEN HAS 30 BUSINESS DAYS TO DECIDE.
AND WHAT THAT DOES IS IT BOUNDS THE AMOUNT OF TIME THAT A REGISTRY OPERATOR HAS TO BE HANGING OUT THERE WONDERING WHETHER OR NOT THEIR SERVICE PROPOSAL IS GOING TO BE APPROVED.
THE PANEL HAS BEEN ASSEMBLED FROM A BROAD RANGE OF PEOPLE WHO HAVE EXPERTISE BOTH IN THE CORE TECHNOLOGIES OF SECURITY AND THE DNS, AND ALSO IN THE OPERATIONS SIDE OF ACTUALLY RUNNING REGISTRY AND REGISTRY -- REGISTRIES AND REGISTRARS.
AND THAT GROUP, I BELIEVE, WE ARE RIGHT ON THE EDGE OF HAVING CONTRACTS IN PLACE SO THAT WE CAN OPEN THE DOORS ON THIS.
ICANN HAS NOT, AS FAR AS I KNOW, AT LEAST WHEN I GOT ON THE PLANE IN BOSTON ABOUT 24 HOURS AGO, THEY HAD NOT YET OFFICIALLY POSTED THE CONSENSUS POLICY.
AS SOON AS THEY POST IT OFFICIALLY, IT ESSENTIALLY OPENS THE DOOR.
AND AT THAT MOMENT OR AT ANY POINT THEREAFTER, A REGISTRY OPERATOR COULD SHOW UP WITH A NEW SERVICE PROPOSAL.
SO THEY'VE BEEN HOLDING OFF TO MAKE SURE THAT THE RIGHT CONTRACTS ARE IN PLACE SO THAT THIS PANEL WILL ACTUALLY BE AVAILABLE TO CONDUCT REVIEWS IF AND WHEN IT'S ASKED TO DO SO.
THE RELATIONSHIP OF THE PANEL TO SSAC, TO THE SECURITY AND STABILITY ADVISORY COMMITTEE, IS ACTUALLY A LOT CLEARER THAN IT MIGHT SEEM.
THE PANEL THAT I'VE JUST DESCRIBED IS A PURELY REACTIVE AND INDEPENDENT TECHNICAL EVALUATION BODY.
IT DOESN'T DO ANYTHING UNLESS AND UNTIL IT'S ASKED TO REVIEW A SPECIFIC REGISTRY SERVICE PROPOSAL BY ICANN.
AND WHEN IT IS ASKED TO DO THAT, IT IS BOUNDED BY VERY SPECIFIC LANGUAGE THAT IS WRITTEN INTO BOTH THE GNSO CONSENSUS POLICY AND ALSO INTO THE NEW GTLD REGISTRY CONTRACTS, IN PARTICULAR, THE ONES THAT ARE COMING OUT FIRST WITH THIS NEW LANGUAGE IN THEM ARE DOT COM AND DOT NET.
EVENTUALLY, THAT WILL BE IN ALL OF THE CONTRACTS FOR ALL OF THE GTLDS.
SO THE PANEL IS CONSTRAINED BOTH BY THE FACT THAT IT ONLY COMES INTO PLAY WHEN IT'S ASKED TO REVIEW SOMETHING VERY SPECIFIC, AND IT IS BOUND, CONTRACTUALLY OBLIGATED, TO CONDUCT ITS REVIEW USING VERY SPECIFIC DEFINITIONS OF WHAT AN IMPACT ON SECURITY MEANS, WHAT AN IMPACT ON STABILITY MEANS.
AS YOU CAN PROBABLY IMAGINE, THAT IS A VERY LIMITED SET OF RESPONSIBILITIES.
AND IF YOU THINK ABOUT THE WAY IN WHICH THAT COMPLEMENTS WHAT SSAC DOES, SSAC IS A MUCH MORE PROACTIVE AND ADVISORY BODY.
SSAC, AS AN ADVISORY COMMITTEE, IS RESPONSIBLE FOR STAYING OUT AS FAR AHEAD OF THE CURVE AS POSSIBLE, LOOKING OUT AT THE HORIZON, SO THE ICANN BOARD IN PARTICULAR HAS THE BENEFIT OF KNOWING WHAT'S GOING ON, WHAT ARE THE POTENTIAL THREATS TO SECURITY AND STABILITY THAT ARE LURKING OUT THERE.
IT ACTS INDEPENDENTLY AND PROACTIVELY AND HAS A RESPONSIBILITY TO BE AS WIDE-RANGING AND FAR-REACHING AS POSSIBLE.
THE ICANN BOARD EXPECTS THAT SSAC WILL BE OUT IN FRONT OF WHAT'S ACTUALLY HAPPENING AND INFORMING THE BOARD OF, YOU KNOW, WHAT THE LIKELY ISSUES ARE GOING TO BE COMING -- YOU KNOW, COMING AT THEM.
IT'S A VERY DIFFERENT ROLE, OBVIOUSLY, THAN WHAT THE STANDING PANEL IS SUPPOSED TO DO.
THE STANDING PANEL IS, ESSENTIALLY, A REACTIVE BODY THAT COMES INTO PLAY ONLY WHEN A PARTICULAR REGISTRY SERVICE HAS BEEN PROPOSED AND ICANN HAS DECIDED THAT THERE'S SOME ASPECT OF THAT SERVICE THAT MIGHT HAVE A SPECIFIC EFFECT ON SECURITY AND STABILITY, AS CODIFIED IN A PROCESS AND WRITTEN INTO REGISTRY AGREEMENTS.
I'D BE HAPPY TO TAKE ANY QUESTIONS ABOUT THE PANEL OR ITS RELATIONSHIP TO SSAC.
YOU'LL BE HEARING MORE ABOUT THIS DURING THE WEEK.
I EXPECT THAT WE'LL BE IN A POSITION TO MAKE A COUPLE OF OTHER ANNOUNCEMENTS WHEN WE GET SOME OF THE CONTRACTS IN PLACE.
DO YOU WANT TO --
>>STEVE CROCKER: THANK YOU VERY MUCH.
CONGRATULATIONS, AND GOOD LUCK.
>>LYMAN CHAPIN: THANK YOU.
>>STEVE CROCKER: IT WILL BE INTERESTING TO SEE HOW ALL OF THIS EVOLVES.
I HAVE THE SENSE THAT WHEN THIS IS FIRED UP SHORTLY, THERE WILL BE SOME ACTION FAIRLY SOON.
A VERY QUICK COUPLE OF SLIDES FROM DAVE PISCITELLO ON THE NEW SSAC WEB PAGES AND THEN WE'LL CLOSE WITH ANY GENERAL QUESTIONS AND ANSWERS THAT PEOPLE HAVE.
>>DAVE PISCITELLO: ACTUALLY, I WILL -- I'LL TRY NOT TO KEEP YOU MUCH LONGER.
WE HAVE PUT SOME EFFORT INTO A FAIRLY EXTENSIVE MAKEOVER OF THE COMMITTEE WEB SITE, AND RATHER THAN BORE YOU WITH -- YOU KNOW, WITH SLIDES TALKING ABOUT WEB PAGES, I THINK I'LL JUST GO TO THE WEB PAGE DIRECTLY.
THE ADDRESS IS WWW.ICANN.ORG/ COMMITTEES/SECURITY.
AND THE PRIMARY PURPOSE OF DOING THE MAKEOVER WAS TO PROVIDE MORE INFORMATION ABOUT WHAT WE DO IN A MORE TIMELY MANNER AND PROVIDE A LITTLE BIT BETTER NAVIGATION TO THE THINGS THAT PEOPLE ARE MOST OFTEN AND MOST INTERESTED IN ACCESSING.
SO WE HAVE A NAVIGATION BAR THAT ESSENTIALLY IDENTIFIES THE MAIN RESOURCES ON THE PAGE.
THE ONES THAT I WOULD -- I'D CALL YOUR ATTENTION TO IF YOU'VE NEVER VISITED BEFORE WOULD BE THE HOME PAGE, WHERE WE HAVE THE BACKGROUND INFORMATION AND THE MEMBERS OF THE COMMITTEE AND CONTACTS FOR THE MEMBERS.
THE NEXT PAGE THAT WOULD BE INTERESTING FOR MOST OF YOU MIGHT BE THE CHARTER, AND IDENTIFIES WHAT IT IS THAT SSAC IS ESSENTIALLY DELEGATED TO DO ON BEHALF OF THE BOARD AND THE COMMUNITY.
THE NEXT SET OF PAGES THAT SEEMS TO BE THE MOST FREQUENTLY HIT ARE THE LISTS OF THE DOCUMENTS THAT WE HAVE PREPARED, OUR ADVISORIES AND REPORTS AND COMMENTS.
FOLLOWING EACH MEETING, STEVE AND I GATHER TOGETHER THE PRESENTATIONS THAT WE HAVE MADE AT THE PUBLIC ICANN MEETINGS, AND THEY'LL BE AT THE SSAC PRESENTATIONS PAGE.
THEN THE -- THESE ARE ALL SORT OF BITS AND PIECES THAT USED TO BE ON ONE SINGLE PAGE AND VERY HARD TO FIND.
SO THE NAVIGATION HAS IMPROVED HERE, AND THE COMPLETENESS AS WELL.
THE NEXT SET OF PAGES ARE RELATIVELY NEW, AND MERIT SOME DISCUSSION.
ONE OF THE THINGS THAT WE ARE DOING IS PUTTING TOGETHER A LIST OF ACTIVE PROJECTS AND A WORK PLAN.
AND SO RIGHT NOW, THERE IS AN ACTIVE PROJECTS PAGE THAT TALKS ABOUT WHAT WE ARE INVESTIGATING AND IDENTIFIES WHETHER OR NOT REPORTS OR ADVISORIES ARE AVAILABLE IF IT'S A CONTINUING PROJECT.
WE ALSO HAVE A SET OF COMPLETED PROJECTS THAT DESCRIBE SOME OF THE THINGS WE'VE DONE IN THE PAST.
WE HAVE A -- A READING LIST THAT IS ESSENTIALLY SUPPLEMENTAL MATERIAL THAT IS WRITTEN BY MEMBERS OF THE SSAC, IF NOT SPECIFICALLY AS SSAC MEMBERS, CERTAINLY, BECAUSE OF THEIR REPUTATION AND BECAUSE OF THEIR KNOWLEDGE IN THE FIELD, WHAT'S PUBLISHED HERE IS TYPICALLY COMPLEMENTING INFORMATION TO THE ADVISORIES AND THE REPORTS THEMSELVES.
SO, IN A NUTSHELL, WE HOPE THAT WE'VE PROVIDED MORE INFORMATION, EASIER ACCESS TO THE INFORMATION, A LITTLE BIT OF -- MORE INSIGHT INTO WHAT WE ARE DOING, WHICH GIVES US MORE TRANSPARENCY AND MORE ABILITY FOR THE COMMUNITY TO JUDGE OUR PERFORMANCE PROACTIVELY.
AND THAT'S IT.
ANY QUESTIONS?
>>STEVE CROCKER: THANK YOU.
THE LIST OF ACTIVE PROJECTS LOOKS SLIM.
IT HAS JUST TWO ON IT.
BUT THERE IS ACTUALLY DISCUSSION UNDER WAY INTERNALLY AND SORT OF A FOUNTAIN OF THINGS COMING FORTH.
ANY QUESTIONS WITH RESPECT TO THE INFORMATION WE ARE PROVIDING OR MORE GENERALLY, ANY COMMENTS OR QUESTIONS ON SSAC OPERATION OR ACTIVITIES IN GENERAL?
BOY, THAT'S PERFECT.
WE HAVE NO PROBLEMS.
THANK YOU ALL FOR COMING.
REALLY APPRECIATE YOUR ATTENTION AND SUPPORT.
DON'T BE HESITANT TO INTERACT WITH US BY E-MAIL OR ANY OTHER MEANS.
WE'RE AROUND ALL WEEK, I AM, ANYWAY.
DAVE, YOU'LL BE HERE, OF COURSE.
AND THANK YOU FOR COMING.
WITH THAT, LET ME ADJOURN THIS SESSION.
I THINK THERE'S AN IDN SESSION SCHEDULED IN THIS ROOM AT 3:00.
AND LET ME SAY AGAIN, WE HAVE A DNSSEC DEPLOYMENT WORKSHOP ALSO IN THIS ROOM AT 8:00 WEDNESDAY MORNING.
THANK YOU.
[ APPLAUSE ]

© Internet Corporation for Assigned Names and Numbers