(A) "To encourage ongoing discussions within
the community regarding the development of best practices and/or policy changes
to identify and mitigate the illicit uses of Fast Flux"
Make a friendly amendment to change to:
"...the development of best practices and/or Internet industry solutions to
identify and mitigate..."
Reasons:
* The WG did not recommend any policy
changes specific to fast-flux. The issue of domain name abuse in general
is a completely separate and more complicated matter -- see (B) below.
* The phrase
"Industry solutions" were included
in the relevant Final Report's
Recommendations section -- but was
dropped in the Resolution language for some reason. See (C) below for why
Internet industry is a preferred option.
* The creation of non-binding best
practices is a good idea; awareness-raising and education are needed and in
keeping with the RyC position. Such efforts could include the ccNSO or
other relevant bodies.
* The RyC supports best practices and encourages industry solutions by the wider Internet
community, rather than further policy change discussions.
(B) "To examine whether existing policy
sufficiently empowers Registries and Registrars to mitigate illicit uses of Fast
Flux, as a component of any future Registration Abuse PDP(s)"
Make friendly amendment so as to read: "The
Registration Abuse Policy Working Group (RAPWG) should examine whether existing
policy may empower Registries and Registrars, including consideration for adequate
indemnification, to mitigate illicit uses of Fast Flux."
Reasons:
* Make the referral explicit. The
Registration Abuse Policies Working Group (RAPWG) was specifically created to
examine such abuse issues, and was an explicit outgrowth of the learning done in
the FFWG. Core issues are now being examined in the RAPWG.
* It
is not agreed that GNSO policy can or should "empower" registries and registrars
to mitigate illicit FF.
* "of any future Registration Abuse PDP(s)" is
poor wording. The GNSO has had several PDPs related to registration abuses
-- such as domain tasting. FF is not related to any and all registration
issues.
* The current
wording of the resolution implies that registries should be responsible for
mitigating fast-flux (and by extension other abusive uses of domain
names).
(C) "To encourage staff, interested
stakeholders, and subject matter experts to analyze the feasibility of a Fast
Flux Data Reporting System to collect data on the prevalence of illicit use, as
a tool to inform future discussions and/or policy work"
Suggest friendly amendment to remove the words
"staff" and "and/or policy work." ICANN should not devote resources to the
creation or maintenance of a fast-flux reporting tool.
Reasons:
* FF is an issue that ICANN is not
well-suited to deal with on a practical level, FF is really outside of GNSO
policy-making scope, and FF is not a core DNS security and stability issue
within ICANN's mission.
* Therefore spending ICANN funds is not
relevant.
* The Final Report points out that similar security issues are
dealt with by interested parties outside of ICANN -- such as for phishing (APWG
and PhishTank), botnets (ShadowServer and Conficker WG), and spam (Spamhaus and
the SURBLs).
* NOTE: Discussion about a "Fast Flux Data
Reporting System" should be clear -- participation in such a tool was never
discussed as something that should be mandated by policy. A Fast Flux Data
Reporting System should not be equated with ICANN's WHOIS WDPRS reporting tool
[http://wdprs.internic.net/ ] -- the WDPRS is a compliance tool related to
existing contractual obligations that registrars and registrants must adhere to.