Feeling the Temperature of the Room on DNS Abuse

Chief Executive Officer, DotAsia 中文翻譯

DNS abuse is no longer a new topic among the ICANN community, but it appears to continue to attract interest. At the recent 2nd ICANN APAC-TWNIC Engagement Forum held in hybrid format, it was my privilege to have helped moderate a lively discussion on Domain Name Abuse – one that also examined expectations from parts of the community for ICANN to do more.

One aspect highlighted at the session is that many abusive activities are being included into “DNS abuse” discussions, which may not be about the DNS, or even if part of the DNS, may be outside of ICANN’s remit, not to mention that ICANN’s by-laws specifically oblige ICANN not to regulate content and services provided through domain names. A more important aspect discussed was how much different stakeholders at ICANN are in fact already doing in their own capacities, appropriately beyond ICANN’s collective purview.

Thomas Kuiper of Gandi explained the challenges faced and responses by registrars, and Crystal Peterson of GoDaddy Registry described registry policies that have been put in place to tackle cybersecurity threats and abuses. Kiran Sanghera at the Hong Kong International Arbitration Centre (HKIAC) presented the experiences at the Asia Domain Name Dispute Resolution Centre (ADNDRC) as a Uniform Doman Name Dispute Resolution Policy (UDRP) Dispute Resolution Service Provider (DRSP), and Henry Tsai, as a Division-Chief Judge at the Taiwan Shilin District Court gave a perspective from the courts, calling out on some areas of coordination that the ICANN community can perhaps improve on. Jamie Hedlund from ICANN added the multifaceted actions taken by ICANN org on the issue.

I think, as many have said also, that it may be an imperative to consider, as a starting point, what ICANN’s scope of policy and enforcement should and should not include. Specifically about the DNS: firstly, the difference between generic Top-Level Domains (gTLD) and country-code TLDs (ccTLD); and secondly, for gTLDs, ICANN’s limited policy purview which pertains to statuses and behaviours in three areas – 1. Transactions between registry and registrars, 2. Registration data services (i.e. WHOIS), and, 3. DNS services provided at the registry. Before we demand ICANN and the ICANN community to “do more”, especially collectively, it is crucial to understand in what capacity such activities should be taken forward. That being said, I do believe the multistakeholder process at ICANN can constructively contribute to addressing part, if albeit a narrow scope, within the much broader topic of DNS abuse.

Finally, somewhat related to the topic, I observe that part of the reason, it seems, that the discussion on this has been drawn-out maybe attributed to the COVID interruption to ICANN and other Internet community meetings. Meeting physically remains important and irreplaceable I believe, especially for issues that require better establishment of trust between stakeholders to move things forward, and which contains intricate subtleties. While virtual meetings are great, and I am all for enhancing remote participation and its immersiveness capabilities into post-pandemic times, informal encounters and getting a sense of the “temperature of the room” at physical events are aspects it seems that are sorely missed at ICANN.


體驗持續熱門的DNS濫用議題

即使DNS濫用在ICANN社群討論中已不再是新的議題,眾人的興趣仍持續受其吸引著。第二屆ICANN與TWNIC合作交流論壇第二天的混合會議當中,我很榮幸協助主持一場關於DNS濫用的生動討論-從不同部分的社群意見角度檢視期望ICANN採取更多行動的聲音。

很重要的一點是:很多人談到「DNS濫用」時列舉的多項濫用行為,其實可能與DNS完全無關,或並不在ICANN的職權範圍內,況且在ICANN的內部章程當中就已清楚闡明:ICANN無權干涉透過域名提供的內容及服務。更重要的討論層面是許多利害關係人已在他們本身的能力許可範圍內做了許多工作,超越了ICANN集體所能達成的範圍。

當天在座的與談人也分別提出見解或分享經驗。Gandi的Thomas Kuiper說明受理註冊機構的DNS濫用應對方式及面臨的挑戰;GoDaddy的Crystal Peterson介紹註冊管理機構因應網路安全威脅及域名濫用行為所制定的政策;香港國際仲裁中心(HKIAC)的Kiran Sanghera分享其身為亞洲域名爭議解決中心(ADNDRC)統一網域名稱爭議處理政策(Uniform Doman Name Dispute Resolution Policy,UDRP)爭議解決服務提供商(Dispute Resolution Service Provider,DRSP)的相關經驗;臺灣士林地方法院的蔡志宏庭長從法院的角度,提出一些可供ICANN參考的建議;來自ICANN的Jamie Hedlund,則是補充了ICANN org在這項議題所採取的相關行動。

我認同多數人所提出的,ICANN社群討論DNS濫用議題時,應首先考慮ICANN的政策及合約規範的限制。關於DNS的部分,首先通用頂級域名(gTLD)及國碼頂級域名(ccTLD)有相當大的差異,次之,gTLD中ICANN有限的政策範圍只管理3個部分:1.註冊管理機構及受理註冊機構之間的轉移;2.註冊資料服務-如:WHOIS;3.註冊管理機構提供的DNS服務。特別是在我們集體要求ICANN及社群「做更多」之前,必須瞭解這些新的政策活動需要多少能力。儘管範圍有限,我相信ICANN的多方利害關係人治理模式仍有助於提出建設性的解決方案來解決在DNS濫用的廣泛議題中的一部分問題。

最後,與這個議題有些相關的想法,我觀察到這些議題持續被提出的部分原因可能是COVID疫情對ICANN及其他社群會議討論造成的中斷影響。我相信實體會議仍舊相當重要及難以取代,特別是一些錯綜複雜,需要建立討論前提的議題。線上虛擬會議非常好,我也全心鼓勵在後疫情時代的遠端參與及沉浸於其中的體驗。但實體會議眾人不期而遇的經驗及參與會議室內的討論熱度仍是我非常期待能在ICANN實體會議中體驗到的。

Leave a Comment

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *

Scroll to Top