Difference between revisions of "Small Team on DNS Abuse"
Jump to navigation
Jump to search
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | The '''Small Team on DNS Abuse''' is an output of the GNSO Council to determine what policy efforts, if any, the GNSO Council should consider undertaking to support the efforts already underway in the different parts of the ICANN community to tackle DNS abuse.<ref>[https://community.icann.org/display/gnsocouncilmeetings/2021-2022+GNSO+Council+Active+Small+Teams?preview=/178587048/186778173/Small%20Team%20Assignment%20-%20DNS%20abuse_26Jan2022.docx Small Team Assignment, GNSO Council, Community, ICANN]</ref> | + | The '''Small Team on DNS Abuse''' is an output of the [[GNSO Council]] to determine what policy efforts, if any, the GNSO Council should consider undertaking to support the efforts already underway in the different parts of the ICANN community to tackle DNS abuse.<ref>[https://community.icann.org/display/gnsocouncilmeetings/2021-2022+GNSO+Council+Active+Small+Teams?preview=/178587048/186778173/Small%20Team%20Assignment%20-%20DNS%20abuse_26Jan2022.docx Small Team Assignment, GNSO Council, Community, ICANN]</ref> |
==Findings== | ==Findings== | ||
After considering input from across the [[ICANN Community] and ICANN [[Contractual Compliance]] on current requirements and enforcement, the small team found that:<ref>[https://75.schedule.icann.org/meetings/CyuCKhBfPZmZTLhec Small Team on DNS Abuse Session, ICANN 75]</ref> | After considering input from across the [[ICANN Community] and ICANN [[Contractual Compliance]] on current requirements and enforcement, the small team found that:<ref>[https://75.schedule.icann.org/meetings/CyuCKhBfPZmZTLhec Small Team on DNS Abuse Session, ICANN 75]</ref> | ||
| − | * DNS abuse has a life cycle, which determines which parties should mitigate the harm | + | * DNS abuse has a life cycle, which determines which parties should mitigate the harm. The phases involve: |
| + | *# measures to help CPs identify DNS abuse earlier or even prevent a malicious registration | ||
| + | *# ensuring harmed parties know how AND to whom a complaint should be reported | ||
| + | *# reports that are well-formed and actionable | ||
| + | *# well-positioned party (CPs, web-host, website owner/operator, etc) takes action | ||
| + | *# enforcement by ICANN compliance, if contracted party is involved | ||
* concerns and solutions fall into three buckets: | * concerns and solutions fall into three buckets: | ||
*# possibly requiring policy development, | *# possibly requiring policy development, | ||
*# to be shared with the community for consideration outside of policy development, and | *# to be shared with the community for consideration outside of policy development, and | ||
*# to be considered by the [[CPH|Contracted Parties House]]. | *# to be considered by the [[CPH|Contracted Parties House]]. | ||
| + | |||
| + | ==Recommendations== | ||
| + | # After the other recommendations are pursued, if further tools are necessary, the small team recommends that the Council consider requesting a Preliminary Issue Report on the topic of malicious registrations. It would be narrowly focused on malicious registrations used for the distribution of [[malware]], [[phishing]] or the operation of [[Botnet Attacks|botnet command and control]] systems. | ||
| + | #* Phases involved: 0, 3, 4 | ||
| + | #* Bucket - policy development | ||
| + | # Work with [[RrSG]], [[ICANN Organization]], and the [[DNSAI]] to explore the role of bulk registrations in DNS abuse and mitigation measures #* Phases involved: 0 | ||
| + | #* Bucket: Community outreach and coordination | ||
| + | # Encourage Contracted Parties to work with DNS abuse reporters to improve existing tools for simplifying DNS abuse reporting to ensure that information to | ||
| + | make complaints actionable and that complaints go the right party | ||
| + | #* Phases involved 1, 2 | ||
| + | #* Bucket: Community outreach and coordination | ||
| + | # share findings with RySG and RrSG as they relate to gaps in the RA/RAA | ||
| + | #* Phases involved: 3, 4 | ||
| + | #* Bucket: Community outreach and coordination, and potentially Contracted Parties House action (contract negotiations) | ||
==History== | ==History== | ||
| Line 13: | Line 32: | ||
At [[ICANN 75]], the small team presented its findings and suggestions.<ref>[https://meetings.icann.org/en/remote75/icann75-policy-outlook-report-05sep22-en, EPDP-IDNs Background, GNSO Sessions, ICANN 75 Policy Outlook]</ref> | At [[ICANN 75]], the small team presented its findings and suggestions.<ref>[https://meetings.icann.org/en/remote75/icann75-policy-outlook-report-05sep22-en, EPDP-IDNs Background, GNSO Sessions, ICANN 75 Policy Outlook]</ref> | ||
==References== | ==References== | ||
| + | |||
| + | [[Category:DNS Abuse Responses]] | ||
Latest revision as of 19:31, 6 October 2022
The Small Team on DNS Abuse is an output of the GNSO Council to determine what policy efforts, if any, the GNSO Council should consider undertaking to support the efforts already underway in the different parts of the ICANN community to tackle DNS abuse.[1]
Findings
After considering input from across the [[ICANN Community] and ICANN Contractual Compliance on current requirements and enforcement, the small team found that:[2]
- DNS abuse has a life cycle, which determines which parties should mitigate the harm. The phases involve:
- measures to help CPs identify DNS abuse earlier or even prevent a malicious registration
- ensuring harmed parties know how AND to whom a complaint should be reported
- reports that are well-formed and actionable
- well-positioned party (CPs, web-host, website owner/operator, etc) takes action
- enforcement by ICANN compliance, if contracted party is involved
- concerns and solutions fall into three buckets:
- possibly requiring policy development,
- to be shared with the community for consideration outside of policy development, and
- to be considered by the Contracted Parties House.
Recommendations
- After the other recommendations are pursued, if further tools are necessary, the small team recommends that the Council consider requesting a Preliminary Issue Report on the topic of malicious registrations. It would be narrowly focused on malicious registrations used for the distribution of malware, phishing or the operation of botnet command and control systems.
- Phases involved: 0, 3, 4
- Bucket - policy development
- Work with RrSG, ICANN Organization, and the DNSAI to explore the role of bulk registrations in DNS abuse and mitigation measures #* Phases involved: 0
- Bucket: Community outreach and coordination
- Encourage Contracted Parties to work with DNS abuse reporters to improve existing tools for simplifying DNS abuse reporting to ensure that information to
make complaints actionable and that complaints go the right party
- Phases involved 1, 2
- Bucket: Community outreach and coordination
- share findings with RySG and RrSG as they relate to gaps in the RA/RAA
- Phases involved: 3, 4
- Bucket: Community outreach and coordination, and potentially Contracted Parties House action (contract negotiations)
History
At ICANN 72, the GNSO Council initiated a small team on DNS abuse. It gathered information on the efforts already underway to deal with DNS abuse but focused on the narrow topic of DNS abuse issues inadequately mitigated and whether they require policy development. The small team began meeting in February 2022 and articulated DNS abuse problems within the GNSO's purview. The small team received inputs from the ALAC, GAC, SSAC, the DNS Abuse Institute, Contractual Compliance, and from within the GNSO. At ICANN 75, the small team presented its findings and suggestions.[3]