<div dir="ltr"><div dir="ltr">Wasn't subscribed with this email address, subscribed now, and posting it again. If there is a duplication, apologies.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Apr 24, 2019 at 4:18 PM sivasubramanian muthusamy <<a href="mailto:6.internet@gmail.com">6.internet@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><br></div><div>Yes, it is an issue that concerns the domain name User. ALAC could initiate the necessary steps on what needs to be done by ICANN. </div><div><br></div><div>You mentioned "<span style="color:rgb(80,0,80)">a "Registry Lock" which many Registries were unwilling to implement." As a domain registrant, I am familiar with a Domain Lock, by whatever name it is called, that the Registrant chooses to lock or unlock, but most registrants don't frequently login into the Domain Control panel, or even once. This lock needs to be set by default to "lock", I am not sure if the domain name is locked when registered, by all Registrars across the DNS space.</span></div><div><span style="color:rgb(80,0,80)"><br></span></div><div><span style="color:rgb(80,0,80)">If the "Registry lock" or the "Registrar Lock" </span><a href="https://en.wikipedia.org/wiki/Registrar-Lock" target="_blank">https://en.wikipedia.org/wiki/Registrar-Lock</a> is different from the lock that is available to the Registrant, then ALAC could examine this with the required technical advice to examine if it may recommend that all Registries and Registrars could implement and lock it by default, even if this leads to a slight delay in the domain transfer process. </div><div><br></div><br clear="all"><div><div dir="ltr" class="gmail-m_-1139008473677872902gmail_signature"><div dir="ltr"><a href="https://www.facebook.com/sivasubramanian.muthusamy" target="_blank">Sivasubramanian M</a><div><a href="http://twitter.com/shivaindia" target="_blank">twitter.com/shivaindia</a></div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Apr 24, 2019 at 3:59 PM Marita Moll <<a href="mailto:mmoll@ca.inter.net" target="_blank">mmoll@ca.inter.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p><font face="Times New Roman, Times, serif">There's no denying the
potential end user impact.</font></p>
<p><font face="Times New Roman, Times, serif">Marita</font><br>
</p>
<div class="gmail-m_-1139008473677872902gmail-m_536294082849600527moz-cite-prefix">On 4/20/2019 4:24 AM, Holly Raiche
wrote:<br>
</div>
<blockquote type="cite">
Hi Olivier
<div><br>
</div>
<div>Why isn’t this something that ALAC should take up? </div>
<div><br>
</div>
<div>Holly<br>
<div><br>
<blockquote type="cite">
<div>On Apr 20, 2019, at 3:30 AM, Olivier MJ
Crépin-Leblond <<a href="mailto:ocl@gih.com" target="_blank">ocl@gih.com</a>> wrote:</div>
<br class="gmail-m_-1139008473677872902gmail-m_536294082849600527Apple-interchange-newline">
<div>
<div bgcolor="#FFFFFF"> Dear
colleagues,<br>
<br>
I have just read an article on Wired that speaks of mass
scale cyber attacks on the DNS:<br>
<a class="gmail-m_-1139008473677872902gmail-m_536294082849600527moz-txt-link-freetext" href="https://www.wired.com/story/sea-turtle-dns-hijacking/" target="_blank">https://www.wired.com/story/sea-turtle-dns-hijacking/</a><br>
<br>
This looks very serious indeed. Furthermore, it appears
to be happening on domains that are not DNSSEC
enabled/signed. And of course, this is a known
vulnerability. But one thing that has somehow shocked me
was that one of the way to avoid this was using a
"Registry Lock" which many Registries were unwilling to
implement.<br>
<br>
Is it time to (a) ask SSAC what this is all about and
(b) get the ICANN Board to mandate an essential security
implementation before the whole DNS falls apart for lack
of trust? Or is this article way too alarmist? My big
concern at the moment is that if I was a Government
representative, I'd ask "who runs this DNS?" and upon
being told it's ICANN, I'd think that ICANN is
incompetent in making the DNS safe from attack. As a
result -> DNS is a critical resource -> get it run
by countries rather than this incompetent organisation.
(a lose-lose for all of us)<br>
<br>
Kindest regards,<br>
<br>
Olivier<br>
</div>
_______________________________________________<br>
Technical-issues mailing list<br>
<a href="mailto:Technical-issues@atlarge-lists.icann.org" target="_blank">Technical-issues@atlarge-lists.icann.org</a><br>
<a class="gmail-m_-1139008473677872902gmail-m_536294082849600527moz-txt-link-freetext" href="https://atlarge-lists.icann.org/mailman/listinfo/technical-issues" target="_blank">https://atlarge-lists.icann.org/mailman/listinfo/technical-issues</a></div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="gmail-m_-1139008473677872902gmail-m_536294082849600527mimeAttachmentHeader"></fieldset>
<pre class="gmail-m_-1139008473677872902gmail-m_536294082849600527moz-quote-pre">_______________________________________________
CPWG mailing list
<a class="gmail-m_-1139008473677872902gmail-m_536294082849600527moz-txt-link-abbreviated" href="mailto:CPWG@icann.org" target="_blank">CPWG@icann.org</a>
<a class="gmail-m_-1139008473677872902gmail-m_536294082849600527moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/cpwg" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
CPWG mailing list<br>
<a href="mailto:CPWG@icann.org" target="_blank">CPWG@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/cpwg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a><br>
_______________________________________________<br>
registration-issues-wg mailing list<br>
<a href="mailto:registration-issues-wg@atlarge-lists.icann.org" target="_blank">registration-issues-wg@atlarge-lists.icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/registration-issues-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/registration-issues-wg</a><br>
</blockquote></div>
</blockquote></div></div>