[ALAC] Fwd: Re: SADAG Public Comment

Wed Sep 6 08:38:28 UTC 2017

Thanks for the information.

Regards

Sent from my mobile
Kindly excuse brevity and typos

On Sep 6, 2017 6:58 AM, "Alan Greenberg" <alan.greenberg at mcgill.ca> wrote:

> I asked Olivier to look at whether we needed to comment on a recent study
> on DNS abuse (commissioned by the CCT-RT). His report followed and is an
> excellent example of what we should be doing to evaluate whether ALAC
> action is required. See https://community.icann.org/x/bRUhB.
>
> In this case, Olivier is recommending no comment, a recommendation I
> support.
>
> Alan
>
>
> Subject: Re: SADAG Public Comment
> To: Ariel Liang <ariel.liang at icann.org>, Alan Greenberg <
> alan.greenberg at mcgill.ca>
> CC: 'At Large Staff' <Staff at atlarge.icann.org>
> From: Olivier MJ CrÃ©pin-Leblond <ocl at gih.com>
> Date: Wed, 6 Sep 2017 03:07:33 +0200
>
>
> Dear Ariel,
> Dear Alan,
>
> thanks for your follow-up. I have read the SADAG report and have found it
> very interesting.
>
> First thing, I was surprised to see that .pharmacy was seen as community
> TLD. (p.2) but then that's not the topic of the report. There are a few
> other grammatical errors, but that's no big deal either. What matters is
> the substance of the paper.
>
> It basically confirms our suspicions when we spoke of misuse of TLDs and
> made our case regarding sensitive strings. Alan will remember this episode
> in Singapore when Alan, Evan and I had a meeting with the NGPC and several
> members of the GNSO - including contracted parties. What we are seeing now
> is the proof of the pudding - that:
>
> "While legacy gTLDs collectively
> had a spam-domains-per-10,000 rate of 56.9, in the last quarter of
> 2016, the new gTLDs experienced a rate of 526.6–which is almostt
> one order of magnitude higher. "
>
> The methodology and technical details of the analysis are of good quality.
> The model which they used to perform the crawl of the domain name space
> appears to be thorough, thus I have no reason to believe that the analysis
> would be flawed.
>
> Some of the report's findings show that some new gTLDs are very affected
> by misuse/malware domains.
> Gibraltar (surprise!) figures on the top of Registrars with most malware
> domains.
> Community gTLDs are less likely to be used for malware that standard gTLDs.
> Cheaper domains appear to be more used for malware - although the authors
> do writein their conclusions:  "It is not clear, however, if pricing is the
> only factor driving high concentra-
> tions of maliciously registered domains."
>
> But they do also say:
>
> "Our findings suggest that some new gTLDs have become
> a growing target for malicious actors." (page 25)
>
> Well, nothing really new in this, but it corroborates the work that ICANN
> has done, as well as many other groups like the APWG.
>
> But at present, short of congratulating the authors of the report and
> asking the CCT-RT to take strong note of the report's finding, including
> expressing the concern that we have about the use of new gTLD for malware,
> I don't see any other reason to write a Statement/Comment.
> I asked Tatiana Tropina to also go through the report. She did note that
> one thing was missing: whether abuse correlates with semantic properties of
> the gTLD names, e.g. some names are more attractive to abuse because of the
> words themselves. As the authors are explaining that they are seeing some
> potential for further work, it might be interesting to suggest this to them.
>
> Last, I note that there is a Webinar about the topic:
> https://www.icann.org/news/announcement-2017-08-31-en
> I would encourage At-Large participants to participate in the Webinar.
> Perhaps during that Webinar should many At-Large participants express their
> concerns.
>
> Kindest regards,
>
> Olivier
>
>
> On 01/09/2017 22:10, Ariel Liang wrote:
>
> Hello Olivier,
>
> Any update on this public comment? https://community.icann.org/x/bRUhB
>
> Saw this action item has been checked but just want to reconfirm whether a
> statement will be needed or not.
>
> Thank you,
> Ariel
>
>
> _______________________________________________
> ALAC mailing list
> ALAC at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/alac
>
> At-Large Online: http://www.atlarge.icann.org
> ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+
> Advisory+Committee+(ALAC)
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/alac/attachments/20170906/2399cb5a/attachment.html>