ICANN ICANN Email List Archives

[gnso-dow123]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [gnso-dow123] Regarding accuracy issues and outcome of discussion in Cape Town

  • To: Tim Ruiz <tim@xxxxxxxxxxx>
  • Subject: Re: [gnso-dow123] Regarding accuracy issues and outcome of discussion in Cape Town
  • From: Thomas Keller <tom@xxxxxxxxxx>
  • Date: Wed, 9 Mar 2005 11:14:58 +0100

Hello all,

I absolutely concure with Tims observation. The issue of malicious
complaints which in the worst case might even lead to some kind
of denial of service attack is a very serious one and needs our
attention. In the ccTLD world such requests are in general channeled
through the TLD operator which makes some sanity checks before passing
the request and obligation to fix the problem on to the sponsoring
registrar. Since there are some TLD operators (i.e. .de .uk) that 
already have a process in place to deal with this issue, we should 
consider to shedule a consultation with them to learn from their
experience.

Best,

tom

Am 08.03.2005 schrieb Tim Ruiz:
> Bruce,
> 
> I recall a few other issues discussed in regards to item 2, especially
> if registrars are required to strictly apply it.
> 
> How do we protect against frivilous complaints? Should the party filing
> the complaint be required to identify themselves? Should they become
> responsible to some degree if the complaint turns out to be frivilous
> or malicious? Is the registrar required to take the complaint on face
> value, even if the contact data appears to be complete and accurate?
> Should the third party filing the complaint be required to include a
> specific reason why they believe the data to be inaccurate?
> 
> There is a huge risk here that registrars are being expected to take.
> There has to be something in place to protect against this situation
> putting one of them out of business.
> 
> Tim
> 
>  
> -------- Original Message --------
> Subject: [gnso-dow123] Regarding accuracy issues and outcome of
> discussion in Cape Town
> From: "Bruce Tonkin" <Bruce.Tonkin@xxxxxxxxxxxxxxxxxx>
> Date: Tue, March 08, 2005 5:12 am
> To: gnso-dow123@xxxxxxxxxxxxxx
> 
> Hello All,
> 
> Given difficulties in making progress on the issue of improving the
> accuracy of contact information displayed in the WHOIS service, a
> breakfast meeting was held amongst interested individuals in Cape Town.
> I recall this meeting as being constructive, but it appears everyone
> thought someone else was taking notes.  I will ensure this doesn't
> happen again.
> 
> As I understand it, this is the current status of discussion on
> accuracy.   All those on task force 3 should feel free to correct or
> improve my impressions.
> 
> (1) Although some in the ICANN community would like to see registrars
> carry out verification of registrant contact information at the time of
> registration, there was little support for doing so from the registrars.
> The feeling was that most registrants provided accurate information in
> good faith, and that it was a minority of registrants that deliberately
> provided false information.  Requiring verification of contact data for
> all registrations, would raise the cost of registrations for all
> registrants.
> 
> 
> (2) The focus of the discussion has more recently been on what to do
> when an Internet user that wishes to get in contact with a registrant
> can't do so because of inaccurate WHOIS information.
> 
> The current mechanisms essentially requires a registrar to contact a
> registrant and ask them to correct the information.  If the registrant
> does not reply within 15 days, a registrar may take further action.
> The business processes vary greatly amongst registrars, and this makes
> it difficult for an Internet user to understand what process should
> occur after reporting inaccurate contact information.
> 
> From what few notes I could find, I believe the following business
> process was discussed in Cape Town.
> 
> A registrar would attempt to contact the registrant.
> If the registrant did not respond within 15 days, the name would be put
> on HOLD (ie removed from the zonefile and made in-active).
> The registrant would then be advised by the registrar that if the
> contact information is not updated, that the name would be cancelled
> after an additional 15 (or possible 30) day period.
> 
> A registrar would be free to use one or more of the contact elements in
> an attempt to contact the registrant.  The various methods used would
> likely be a matter of agreement between the registrant and registrar.
> E.g for low priced registrations a registrar may only use email, and the
> registrant would be required to keep the email up-to-date and monitor
> the email.  For higher priced registrations (e.g for larger corporates)
> a registrar may use all means available to contact the registrant to get
> the information corrected.
> 
> 
> (3) The process described in (2) above is appropriate for dealing with
> inaccurate contact information.   There is another issue in the
> community that relates to the use of domain names for intellectual
> property infringement (e.g to place a pirated copy of a new release
> movie on the Internet) or for the purposes of committing a crime that
> may harm many Internet users (e.g phishing scams aimed a banks).  In
> such cases a 15 - 45 day process would be inadequate.   I believe these
> issues are outside of the scope of ICANN (ie don't relate to security
> and stability), however the issues do need to be addressed by the domain
> name industry in collaboration with the intellectual property and law
> enforcement community.  There are some processes such as the courts that
> could be used (but even these processes may be too slow).  The meeting
> in Cape Town identified this problem area as need further work.  
> 
> With respect to (3) above, it might be worth establish a working group
> outside of the ICANN processes to consider some practical means of
> addressing the issue.  E.g some registrars choose to include acceptable
> use policies in their agreements and have been prepared to suspend or
> cancel some names, other registrars have required third parties to
> indemnify them from legal action if the registrar suspends of cancels a
> name (this would assume the registrar believes that the third party has
> sufficient funds to cover any costs incurred from a court action).
> 
> Regards,
> Bruce Tonkin 
> 
> 
> 

Gruss,

tom

(__)        
(OO)_____  
(oo)    /|\     A cow is not entirely full of
  | |--/ | *    milk some of it is hamburger!
  w w w  w  



<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy