Changes

==RISG and ICANN==

==RISG and ICANN==

The Registry Internet Security Group commented on [[ICANN]] High Security Zone and Malicious Conduct Mitigation Programs and expressed that it can not support the major security proposals and procedural implementations included the Draft Application Guidebook ([[DAG]]). RISG emphasized that the ICANN security proposals seemed to ignore established security protocols, failed to provide adequate implementation detail and inappropriately broaden the scope of ICANN’s security responsibilities.<ref>[http://registrysafety.org/docs/pdf/RISG_MC_HSZ_Feb_2010.pdf registrysafety.org]</ref>

The Registry Internet Security Group commented on [[ICANN]] High Security Zone and Malicious Conduct Mitigation Programs and expressed that it can not support the major security proposals and procedural implementations included in the [[DAG|Draft Application Guidebook]] (DAG). RISG emphasized that the ICANN security proposals seemed to ignore established security protocols, failed to provide adequate implementation detail, and inappropriately broadened the scope of ICANN’s security responsibilities.<ref>[http://registrysafety.org/docs/pdf/RISG_MC_HSZ_Feb_2010.pdf registrysafety.org]</ref>

The RISG enumerated the following objections:<ref>[http://registrysafety.org/docs/pdf/RISG_MC_HSZ_Feb_2010.pdf RISG Objections]</ref>

The RISG enumerated the following objections:<ref>[http://registrysafety.org/docs/pdf/RISG_MC_HSZ_Feb_2010.pdf RISG Objections]</ref>

# Several measures that are included and not part of the ICANN's limited technical coordination role. RISG pointed that ICANN has limited technical coordination role and its primary role is to maintain the security and stability of the Domain Name System ([[DNS]]). According to RISG, this role does not extend to malicious uses of domain names.

# Several measures are included that violate ICANN's limited technical coordination role. RISG pointed out that ICANN has a limited technical coordination role and its primary role is to maintain the security and stability of the [[DNS|Domain Name System]] (DNS). According to RISG, this role does not extend to the malicious use of domain names.

# ICANN's wider policy process in developing policies related to [[Whois]] implementation and the clear disregard to the [[GNSO]].

# ICANN's wider policy process in developing policies related to [[Whois]] implementation and the clear disregard to the [[GNSO]].

# Measures included in the DAG not related to internet security such as the issue on intellectual property infringement.

# Measures included in the DAG not related to Internet security such as the issue on [[Intellectual Property|intellectual property]] infringement.

# Insufficient empirical evidence, academic study or substantive explanation for most of the proposals to demonstrate efficacy or demand.

# Insufficient empirical evidence, academic study or substantive explanation for most of the proposals to demonstrate efficacy or demand.

# Considerations for legal issues of indemnification, current contractual requirements and enforcement of current contracts is not substantial.

# Considerations for legal issues of indemnification, current contractual requirements and enforcement of current contracts are not substantial.

# The lack of consideration of the market impact particularly on differentiated service offerings by registrars.

# The lack of consideration of the market impact particularly on differentiated service offerings by registrars.

The organization recommended for ICANN to focus on the participation of cross-industry groups that have already implemented successful solutions to security threats, not to surpass the policy implementation process and to be more aware of its technical coordination role and to provide empirical data to demonstrate market demand, need, and the impact of new requirements.<ref>[http://registrysafety.org/docs/pdf/RISG_MC_HSZ_Feb_2010.pdf RISG Recommendations]</ref>

The organization recommended for ICANN to focus on the participation of cross-industry groups that have already implemented successful solutions to security threats, not to surpass the policy implementation process, and to be more aware of its technical coordination role and to provide empirical data to demonstrate market demand, need, and the impact of new requirements.<ref>[http://registrysafety.org/docs/pdf/RISG_MC_HSZ_Feb_2010.pdf RISG Recommendations]</ref>

==References==

==References==