Logo

Michelle DeSmyter's Personal Meeting Room - Shared screen with speaker view
James Galvin (Afilias)
30:19
hmm, tasty ankles....
Sue Schuler
30:23
Welcome to the meeting of the DAAR Discussion Group. Please announce your name before speaking for purposes of the transcript. Please mute your microphone when not speaking to help maintain sound quality. Thanks
Richard Roberto
34:52
yes
Kurt Pritz
36:42
Are we asking ccTLDs to publish stats only or also join this group?
James Galvin (Afilias)
38:17
@kurt - it’s just about ccTLD stats being included in DAAR. Not this group. Thanks for that clarification.
Kristine Dorrain (Amazon Registry)
40:30
Hi Kurt, It's ICANN's decision to add ccTLDs. Since they decided not to add them ALL, but made it voluntary, it's not a useful metric. That said, my answer would be "no" - this is a WG for the RySG only.
Maxim Alzoba
40:48
+1 (RySG group)
Kristine Dorrain (Amazon Registry)
40:59
Sam, AGREE. We have to ask about what doors we open.
Maxim Alzoba
41:05
verification comes with costs
Maxim Alzoba
41:40
and making costs higher making market smaller
Kristine Dorrain (Amazon Registry)
41:47
@Sam, I think we have to get into mitigation, to show WHAT the "less abused" open TLDs are doing.
Maxim Alzoba
42:07
GAC will say !!!yes, please verify everyone, will passports
Sam Demetriou
42:57
@Kristine, I totally hear you, I’m just concerned about how we’d be able to capture that data consistently…would it mean self-reporting by RYs?
Kristine Dorrain (Amazon Registry)
43:04
I don't know. It
Kristine Dorrain (Amazon Registry)
43:26
It's a big question, but I'm also VERY worried about the implied "solutions."
Kristine Dorrain (Amazon Registry)
44:11
Look what the CCT-RT said about price. they assumed low price= bad without any more context. We want to avoid blanket characterizations about that.
Sam Demetriou
45:12
Yes, I’m very much on the same page re: worrying about drawing lazy conclusions about what all RYs SHOULD do
Kristine Dorrain (Amazon Registry)
45:37
@Richard: ICANN is collecting this data and presenting it in a shitty report. We're just trying to fix it to be useful and hard for the community to misinterpret.
Kristine Dorrain (Amazon Registry)
45:53
+1 Jim
Richard Roberto
46:40
Agreed, but fixing it implies there's a use for it we agree on and it sounds to me like we still don't know what that is
Kristine Dorrain (Amazon Registry)
47:24
@Richard, true.
Kristine Dorrain (Amazon Registry)
49:57
@Kurt, I understand your perspective, but are there not some merits to sort of eliminating the "noise" of TLDs that really don't see any abuse? Isn't that how we find the "areas of concentration" you were mentioning?
Kristine Dorrain (Amazon Registry)
52:18
Thinking harder on Richard's question: our first complaint was "don't categorize the abuse by contract type." What we
Kurt Pritz
52:25
Hi Kristine: I think ICANN has already identified the areas of concentration. Haven’t they said that? I don’t think the community would see the elimination of restricted TLDs as value-added
Kristine Dorrain (Amazon Registry)
52:39
What we're trying to do is come up with an alternative. No one like "domn
Kristine Dorrain (Amazon Registry)
52:58
"don't do..." they prefer "instead do"
Kristine Dorrain (Amazon Registry)
53:14
@Kurt...have they? where are they?
Maxim Alzoba
53:17
I think we need to start spreading the word that ICANN seems to be moving to the idea of the resitricted internet :)
James Galvin (Afilias)
54:15
@jc - while I agree we don’t have to be the one’s to find a solution, my fear is that as a practical matter we are the most expert to propose something. ICANN is unlikely to come up with a model we can work with. I think it’s really our problem. Just my view of course.
Kristine Dorrain (Amazon Registry)
54:30
+1 Jim.
Richard Roberto
54:34
it's certainly our problem now anyway
Kristine Dorrain (Amazon Registry)
54:58
Yes, this problem is now ours...it's been foisted upon us. I
Kurt Pritz
55:14
An old expression: it is not our fault but it is our problem.
Kristine Dorrain (Amazon Registry)
55:21
Yep
J.C. Vignes (Uniregistry)
56:04
Obviously I do agree it is our problem… but defining categories does not really help us I think: bad guys are not that sophisticated
Kristine Dorrain (Amazon Registry)
57:17
@Maxim, price is not the only factor though. I could give domains away for FREE as part of a service that vets customers deeply. There would be no abuse. It's a balance. The point is that everyone should choose an anti-abuse model that works for them. Raise prices? Sure. Validate? Sure. Strict abuse mitigation department with takedowns? Sure.
Kristine Dorrain (Amazon Registry)
57:46
@JC I am not sure categories help us. but I'm willing to ask Samaneh to try and see what (if anything) we learn.
Richard Roberto
57:50
using different categorical views to investigate different lines of analysis is common in research, but canning a report based on one view of the data is where it gets problematic. Price is an interesting vector from one point of view, for example, but I wouldn't want that in the official DAAR report
Kurt Pritz
58:07
@Kristine: I am fairly sure that John Crain, David Conrad or Samenah (or Goran in some talk) said, “we know where TLD Abuse is concentrated in a limited number of registries.
Kristine Dorrain (Amazon Registry)
58:11
+1 Richard
Kristine Dorrain (Amazon Registry)
58:48
@Kurt, I agree. But we don't know which ones so how can we figure out the defining characteristics
Maxim Alzoba
01:01:03
also saying that prices in the rest of the world should be as high as in EU & US - is harmful for registrants from those parts of the world
Maxim Alzoba
01:01:28
where the avg. income is way lower
Donna Austin, Neustar
01:01:49
Perhaps a naive question on my part, but how much of the 'abuse' problem is a registry issue and how much is a registrar issue? ICANN has consistently said that 'we that participate in ICANN' are not the bad actors, so I do believe they have data that can isolate the problem TLDs or registrars.
Kristine Dorrain (Amazon Registry)
01:01:58
@Jim, if we are going to talk to mitigation...then we should include "pre-mitigation." High prices, validation, and registration requirements (eligibility policies) should all be considered pre-mitigation.
Kurt Pritz
01:02:12
@Kristine - Right - that is hard to manage strategically. I think we should tell ICANN to do that. We should not fear the truth. We should fear others implementing half measures before the full story is known and managing that. (By full story I mean cause AND effective mitigation.)
James Galvin (Afilias)
01:03:30
@kristine - isn’t pre-mitigation just registration model?
Kristine Dorrain (Amazon Registry)
01:03:40
Yes, but we
Kristine Dorrain (Amazon Registry)
01:03:51
Yes but we're talking about not breaking things up by model.
Kristine Dorrain (Amazon Registry)
01:04:14
But these things are important reasons we KNOW abuse is limited in some TLDs.
Maxim Alzoba
01:04:23
I am against agreeing to pre-mitigation, we are not thought police
Rick Wilhelm (Verisign)
01:04:59
compare WITHIN categories… not ACROSS categories
Kristine Dorrain (Amazon Registry)
01:05:03
@Maxim, of course. No one is agreeing to anything. It's showing that it's a way SOME regsitries use to avoid abuse.
Richard Roberto
01:05:57
to Rick's point, having a category invites comparing them, even if we also compare (unnamed?) TLDs within them. It still doesn't solve the problem of different categories being interesting for different reasons ...
Maxim Alzoba
01:06:34
they need to uderstand that ccTLD Registrants are out of DAAR kind of things
Maxim Alzoba
01:06:39
Registrars
Richard Roberto
01:07:03
so, are we trying to get better categories to make the official DAAR report less bad? or are we doing research so we can learn what should go into the report eventually?
Kurt Pritz
01:07:19
I missed it: what is “pre-mitigation”?
Maxim Alzoba
01:07:43
Minority Report kind of actions
James Galvin (Afilias)
01:07:44
@richard - both. That latter first.
Kristine Dorrain (Amazon Registry)
01:09:59
Pre-mitigation - some term I just coined to lump together registry business models that vet their registrants somehow.
Kristine Dorrain (Amazon Registry)
01:11:43
@Maxim, I understand that you're concerned about restrictions being made a new standard, I have the same fear about pricing restrictions. And we need to guard against that, but we cannot say we can't discuss what is working. "Pre mitigation" works.
Kristine Dorrain (Amazon Registry)
01:12:11
No one is saying EVERYONE needs to PREVENT Abuse...we just need to include it as a factor in the discussion.
Maxim Alzoba
01:12:40
OCTO has almost unlimited funds (they just ask for more)
Kristine Dorrain (Amazon Registry)
01:13:39
OCTO has demonstrated that improving DAAR is a very low priority. It seems Samaneh has a very limited time to work on this. I feel like they "launched" DAAR and then pulled all resources.
Richard Roberto
01:14:52
I have to run, thanks everyone!
Sam Demetriou
01:14:55
To Donna’s point, is there a way that the DAAR data itself could demonstrate mitigation? Like, is there any way to mark month-over-month which abusive/abused domains are new vs. carry-overs?
Kristine Dorrain (Amazon Registry)
01:15:01
Stepping away for a moment..BRB
Maxim Alzoba
01:15:48
we had this discussion before - all our actions are framed in the security framework
Kristine Dorrain (Amazon Registry)
01:16:02
I'm back.
Kristine Dorrain (Amazon Registry)
01:16:52
@Donna, I've also been noodling on what the RySG could do. Samaneh was saying they can't track mitigation. If we want to advertise what we do...we might need to publish a paper. Not sure we
Kristine Dorrain (Amazon Registry)
01:17:12
Not sure we could get any sort of consensus on what they would look like across the whole SG though.
Maxim Alzoba
01:17:15
it’s like saying that energy companies are responsible for some bad guys electrocuting people
Kristine Dorrain (Amazon Registry)
01:18:12
@Maxim, we all agree. However, we perhaps should discuss which electric companies are able to support fewer electrocution and how they're able to do that.
Kristine Dorrain (Amazon Registry)
01:18:42
but we have to agree that fewer homicide-by-electrocution is a good thing
Donna Austin, Neustar
01:19:16
I have to jump off. See you on the Goran call.
Kurt Pritz
01:21:21
In California, electrical companies start brush fires
Maxim Alzoba
01:21:46
they are helped by those who prohibit removal of old wood :)
Sam Demetriou
01:22:16
Just a quick word of caution - I don’t know that we want to simply assume that closed or highly restricted TLDs have NO abuse, bc abuse also (I think) covers compromised domains
Sue Schuler
01:22:39
one administrative item: only one more meeting on the calendar for this group for the rest of the year
Sam Demetriou
01:22:47
So if a .BRAND domain was compromised and used for a phishing scheme, the ultimate harm could be v significant
Sue Schuler
01:22:47
I will schedule into January
Maxim Alzoba
01:23:16
bye all, see you on the Göran call in 3 min
Kristine Dorrain (Amazon Registry)
01:25:35
@Sam, the .BRAND abuse is a good point. I think the community focuses on volume. One thing we may eventually get to is magnitude of harm.... :)
Sam Demetriou
01:26:05
So many factors, so little time haha
Kristine Dorrain (Amazon Registry)
01:26:32
Thanks Jim
J.C. Vignes (Uniregistry)
01:26:53
@Jim :-)
Kristine Dorrain (Amazon Registry)
01:26:53
It seems like a good point for jumping off