DNS Abuse Responses: Difference between revisions
Line 94: | Line 94: | ||
====ICANN==== | ====ICANN==== | ||
ICANN has been steadfast in its focus on technical DNS abuse, what it calls "DNS security threats," and avoidance of policymaking around content abuse. ICANN has two missions related to DNS Abuse: maintaining the [[SSR]] of the DNS and engendering trust in the domain name industry. ICANN's determination of the org's definition for DNS Abuse is based on the work product of GAC and the base gTLD Registry Agreement. Thus, ICANN considers DNS security threats to be limited to attacks involving phishing, malware, botnet command and control, pharming, and spam as a vector.<ref>[https://www.icann.org/en/blogs/details/update-on-icanns-dns-security-threat-mitigation-program-19-7-2021-en Update on DNS Security Threats, ICANN Org]</ref> As recently as [[ICANN 71]], the ICANN board was criticized by members of the [[ALAC]], the [[BC]], and other [[Internet Governance]] bodies for not doing enough to steward contracted parties and non-contracted parties toward involvement in reducing abuse. However, ICANN and [[SSAC]], in particular, have begun pointing to [[SAC115]] and [[DAAR]] as evidence of their work on addressing DNS abuse. | ICANN has been steadfast in its focus on technical DNS abuse, what it calls "DNS security threats," and avoidance of policymaking around content abuse. ICANN has two missions related to DNS Abuse: maintaining the [[SSR]] of the DNS and engendering trust in the domain name industry. ICANN's determination of the org's definition for DNS Abuse is based on the work product of GAC and the base gTLD Registry Agreement. Thus, ICANN considers DNS security threats to be limited to attacks involving phishing, malware, botnet command and control, pharming, and spam as a vector.<ref>[https://www.icann.org/en/blogs/details/update-on-icanns-dns-security-threat-mitigation-program-19-7-2021-en Update on DNS Security Threats, ICANN Org]</ref> As recently as [[ICANN 71]], the ICANN board was criticized by members of the [[ALAC]], the [[BC]], and other [[Internet Governance]] bodies for not doing enough to steward contracted parties and non-contracted parties toward involvement in reducing abuse. However, ICANN and [[SSAC]], in particular, have begun pointing to [[SAC115]] and [[DAAR]] as evidence of their work on addressing DNS abuse. | ||
Parts of ICANN Org, Board, and Community dedicated to resolving DNS Abuse issues: | Parts of ICANN Org, [[ICANN Board|Board]], and [[ICANN Community|Community]] that are dedicated to resolving DNS Abuse issues: | ||
:*[[OCTO]] monitors gTLD zone files and runs | :*[[OCTO]] monitors gTLD zone files and runs | ||
:*[[SSAC]] advises on the stability and security of the DNS, and | :*[[SSAC]] advises on the stability and security of the DNS, and | ||
Line 100: | Line 100: | ||
:*[[Domain Abuse Activity Reporting|DAAR]] | :*[[Domain Abuse Activity Reporting|DAAR]] | ||
:*[[Domain Name Security Threat Information Collection and Reporting Project]] (DNSTICR)<ref>[https://www.icann.org/en/announcements/details/adding-linguistic-diversity-to-the-domain-name-security-threat-information-collection-and-reporting-project-14-6-2021-en Adding Linguistic Diversity to the DNSTICR project, ICANN Announcements]</ref> <br/> | :*[[Domain Name Security Threat Information Collection and Reporting Project]] (DNSTICR)<ref>[https://www.icann.org/en/announcements/details/adding-linguistic-diversity-to-the-domain-name-security-threat-information-collection-and-reporting-project-14-6-2021-en Adding Linguistic Diversity to the DNSTICR project, ICANN Announcements]</ref> <br/> | ||
:*[[ICANN Organization]] has developed an internal [[DNS Security Threat Mitigation Program]],<ref>[https://www.icann.org/en/system/files/files/presentation-dns-security-threat-mitigation-program-update-22jul21-en.pdf DNS Security Threat Mitigation Program Update, ICANN Presentation, July 2021]</ref> which seeks to realize ICANN organization-wide coordination & collaboration on DNS abuse responses and, thus, acts as a hub for DAAR and DNSTICR, Compliance Audits and Abuse Complaints, Working with Contracted Parties, and Leading Educational Outreach. | |||
:*The [[CPH]] has developed a [https://www.rysg.info/wp-content/uploads/archive/Final-CPH-Notifier-Framework-6-October-2021.pdf Trusted Notifier Framework] | :*The [[CPH]] has developed a [https://www.rysg.info/wp-content/uploads/archive/Final-CPH-Notifier-Framework-6-October-2021.pdf Trusted Notifier Framework] | ||