<<<
Chronological Index
>>> <<<
Thread Index
>>>
[bc-gnso] FW: ICANN News Alert -- Expedited Registry Security Request Process Posted
- To: "'BC gnso'" <bc-gnso@xxxxxxxxx>
- Subject: [bc-gnso] FW: ICANN News Alert -- Expedited Registry Security Request Process Posted
- From: "Mike Rodenbaugh" <icann@xxxxxxxxxxxxxx>
- Date: Fri, 2 Oct 2009 10:04:22 -0700
ICANN has announced a new process for registries to request contract
exemptions, which apparently has not been discussed by anyone that is not an
ICANN registry or staff. While it has good intentions arising out of the
Conficker attack, and apparently necessary if registries are not to breach
their contracts in some cases. But it could be abused, and must be transparent
eventually if not immediately. And so they are asking for public comment now
that it is implemented.
Is this something the BC wants to comment on? And if so, does anyone care to
lead with draft BC comments on this? Deadline is November 1.
Mike Rodenbaugh
RODENBAUGH LAW
548 Market Street
San Francisco, CA 94104
(415)
<http://service.ringcentral.com/ringme/callback.asp?mbid=57178438,0,&referer=http://rodenbaugh.com/contact>
738-8087
http://rodenbaugh.com <http://rodenbaugh.com/>
From: ICANN News Alert [mailto:communications@xxxxxxxxx]
Sent: Thursday, October 01, 2009 5:30 PM
To: icann@xxxxxxxxxxxxxx
Subject: ICANN News Alert -- Expedited Registry Security Request Process Posted
<http://www.icann.org/> ICANN
News Alert
http://www.icann.org/en/announcements/announcement-01oct09-en.htm
_____
Expedited Registry Security Request Process Posted
1 October 2009
Introduction
The Expedited Registry Security Request (ERSR) is the result of a collaborative
effort between ICANN and gTLD registries to develop a process for quick action
in cases where gTLD registries:
* inform ICANN of a present or imminent security incident to their TLD
and/or the DNS and
* request a contractual waiver for actions they might take or have taken
to mitigate or eliminate the incident.
A contractual waiver is an exemption from compliance with a specific provision
of the Registry Agreement for the time period necessary to respond to the
Incident.
The ERSR web-based submission procedure is now available and can be accessed at
http://www.icann.org/en/registries/ersr/. This new process is to be employed by
gTLD registries exclusively for incidents that require immediate action by the
registry in order to avoid deleterious effects to DNS stability or security.
This process is not intended to replace requests that should be made through
the Registry Services <http://www.icann.org/en/registries/rsep/rsep.html>
Evaluation Process (RSEP).
For the sake of DNS stability, this process is going into effect immediately.
ICANN welcomes comments on it in order to improve its effectiveness and to
ensure sufficient safeguards are in place. Comments should be made to
ersr@xxxxxxxxx and can be seen at http://forum.icann.org/lists/ersr/. The
comment period will close on 1 November 2009.
Background
In late 2008, Internet security researchers, operating system and antivirus
software vendors discovered the Conficker worm. Further, it was understood that
the worm could infect millions of computers by using tens of thousands of
domain names that would be auto-generated by the Conficker infection during a
period of several months. The operational response to containing Conficker was
for registries to preemptively block or register the domains that had been
identified as targets of the worm.
The response to Conficker however posed a unique contractual issue for ICANN
and gTLD registries as registries are restricted in their ability to register
names to themselves other than through an ICANN-accredited registrar.
Additionally, a waiver of ICANN fees was appropriate. Given the severity of the
Conficker threat, ICANN provided verbal approval to registries to facilitate
the registrations of targeted domains and agreed to waive all fees associated
with these transactions.
As a result of Conficker, ICANN and the gTLD registries worked to develop a
process that would enable registries to share information and take action in
urgent security situations – actions that might not be covered by their
Registry Agreements. ICANN then developed a draft ERSR and conducted
consultations on the process with gTLD registries, the gTLD Registry
Constituency and ICANN-accredited registrars that had been involved in the
early stages of the community response to Conficker. The product of this
community effort is the Expedited Registry Security Request.
_____
Sign up for <http://www.icann.org/magazine/> ICANN's Monthly Magazine
This message was sent from ICANN News Alert to icann@xxxxxxxxxxxxxx. It was
sent from: ICANN, 4676 Admiralty Way, Suite 330 , Marina del Rey, CA
90292-6601. You can modify/update your subscription via the link below.
<http://www.icontact.com/a.pl/144186> Email Marketing by
<http://www.icontact.com/a.pl/144186> iContact - Try It Free!
<http://app.icontact.com/icp/static/images/icons/email_manage_subscription.png>
<http://app.icontact.com/icp/mmail-mprofile.pl?r=11033829&l=6333&s=PWHD&m=264706&c=165637>
Manage your subscription
<http://click.icptrack.com/icp/track.php?msgid=264706&act=PWHD&r=11033829&c=165637>
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|