<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>You are right, intent is hard to track when the requestr is not
being honest. OTOH, when such behavior is detected, this abusive
use would serve to exclude them from the system henceforth. And
any behavior that matched paterrns of requests where such intent
is likely would be subject to increased scrutiny and review.</p>
<p>Finally, our resources are finite and any SSAD must remain
economically feasible as well. If it is not, we'd be better
advised to stick to legal process for disclosure. <br>
</p>
<p>Volker<br>
</p>
<div class="moz-cite-prefix">Am 09.10.2019 um 18:08 schrieb Mark
Svancarek (CELA):<br>
</div>
<blockquote type="cite"
cite="mid:MWHPR21MB0512E5B82957A693D47075E3D1950@MWHPR21MB0512.namprd21.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:"Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"\@Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}
@font-face
{font-family:"Helvetica Neue";}
@font-face
{font-family:"Helvetica Neue \,serif";
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Helvetica Neue Light \,serif";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
p.p1, li.p1, div.p1
{mso-style-name:p1;
margin:0in;
margin-bottom:.0001pt;
font-size:9.0pt;
font-family:"Helvetica Neue",serif;
color:black;}
p.p2, li.p2, div.p2
{mso-style-name:p2;
margin:0in;
margin-bottom:.0001pt;
font-size:9.0pt;
font-family:"Helvetica Neue",serif;
color:black;}
p.li1, li.li1, div.li1
{mso-style-name:li1;
margin:0in;
margin-bottom:.0001pt;
font-size:9.0pt;
font-family:"Helvetica Neue",serif;
color:black;}
span.EmailStyle25
{mso-style-type:personal;
font-family:"Helvetica Neue",serif;
color:windowtext;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle27
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle28
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle30
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle31
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:298804368;
mso-list-template-ids:1456227644;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:948396141;
mso-list-type:hybrid;
mso-list-template-ids:469802438 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2
{mso-list-id:1013580111;
mso-list-template-ids:-1305839738;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3
{mso-list-id:1121147918;
mso-list-template-ids:-2092765104;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;color:windowtext;mso-fareast-language:JA">Joking
aside, we can argue about exact numbers to no avail if we
don’t establish some operational principles first. Those
principles need to be grounded in SLAs and cost recovery
models. A registrar will definitely have backlogs even at
low volume if they do not invest in appropriate staffing and
infrastructure to achieve the agreed-upon SLA.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:windowtext;mso-fareast-language:JA"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:windowtext;mso-fareast-language:JA">As
I mentioned in my initial comments, Harvesting and Mining
are presumed intents of a requestor, and I don’t know how
you plan to determine that it is happening if a requestor is
following all the other policy requirements. We’ve already
planned safeguards against indiscriminate access. What is
the specific behavior, in addition to the policy safeguards
we already envisage, that should be prohibited?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:windowtext;mso-fareast-language:JA"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;color:windowtext">From:</span></b><span
style="font-size:11.0pt;color:windowtext"> Volker
Greimann <a class="moz-txt-link-rfc2396E" href="mailto:vgreimann@key-systems.net"><vgreimann@key-systems.net></a>
<br>
<b>Sent:</b> Wednesday, October 9, 2019 8:45 AM<br>
<b>To:</b> Mark Svancarek (CELA)
<a class="moz-txt-link-rfc2396E" href="mailto:marksv@microsoft.com"><marksv@microsoft.com></a>; <a class="moz-txt-link-abbreviated" href="mailto:gnso-epdp-team@icann.org">gnso-epdp-team@icann.org</a><br>
<b>Subject:</b> Re: [Gnso-epdp-team] "Abusive" use of
SSAD<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p>Hi Mark,<o:p></o:p></p>
<p>one per minute still sounds reasonable to me as it allows you
1440 queries per day, which should be sufficient for most
legitimate purposes (with most registrars), especially given
that each request will have to be reviewed. I can tell you
right now that if our registrars would get the full quota of
such a rate limit, requests would get backed up pretty
quickly.
<o:p></o:p></p>
<p>And I guess no one will want a response like this:<o:p></o:p></p>
<p>"Thank you for sending a disclosure request. Your request is
currently number 356.152.425 in the queue, which means you can
expect a response on or before December 21, 2119. "<o:p></o:p></p>
<p>So setting realistic limitations will be essential for this
system to work.<o:p></o:p></p>
<p>Harvesting and mining to me is any activity that is designed
to indiscriminately access registration records either with
the purpose of finding records that match a specific search
parameters (mining) or is designed to create a duplicate copy
of the registration base (or parts thereof).<o:p></o:p></p>
<p>So harvesting is basically the preparatory activity of actors
such as spear phishers, spammers, DomainTools, autocrat
governments, etc, e.g. everyone who has an interest in
obtaining a (partial) copy of the database for whatever
purpose.
<o:p></o:p></p>
<p>And mining is digging in the database with the hope of
finding specific "gems".<o:p></o:p></p>
<p>Others may have other or broader definitions, and these
definitions may need more work, but these are my assiociations
with these terms.
<o:p></o:p></p>
<p>Best,<o:p></o:p></p>
<p>Volker<o:p></o:p></p>
<div>
<p class="MsoNormal">Am 09.10.2019 um 17:31 schrieb Mark
Svancarek (CELA):<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt;color:windowtext;mso-fareast-language:JA">As
we have not defined high volume, I think it is premature
to say that its utility has passed. Recall, a few days
ago you said that 1 request per minute would be an
acceptable rate limit. That tells me we have a long way
to go.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:windowtext;mso-fareast-language:JA"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:windowtext;mso-fareast-language:JA">Harvesting
and mining are similarly undefined. What detectible
behavior would you prohibit?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:windowtext;mso-fareast-language:JA"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;color:windowtext">From:</span></b><span
style="font-size:11.0pt;color:windowtext">
Gnso-epdp-team
<a href="mailto:gnso-epdp-team-bounces@icann.org"
moz-do-not-send="true"><gnso-epdp-team-bounces@icann.org></a>
<b>On Behalf Of </b>Volker Greimann<br>
<b>Sent:</b> Wednesday, October 9, 2019 1:53 AM<br>
<b>To:</b> <a href="mailto:gnso-epdp-team@icann.org"
moz-do-not-send="true">gnso-epdp-team@icann.org</a><br>
<b>Subject:</b> Re: [Gnso-epdp-team] "Abusive" use of
SSAD</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p>Hi Mark,<o:p></o:p></p>
<p>I think the times of legitimate high volume requests have
passed. There are now less invasive methods of confirming
domain ownership - such as modifications to the DNS records
- that do not require knowing the personal data whom the
domain belongs to. High volume requests are almost always an
indicator for abuse.<o:p></o:p></p>
<p>You have a point about request formats and we should allow
some leeway for formats that have been accurate recently.<o:p></o:p></p>
<p>If the data has actually changed, then that would not be a
request for the same data anymore. But I I think we need to
have some form of cap for requests for the dame domain by
the same requestor. Two to three requests over the course
of as many months probably would not count as abusive.<o:p></o:p></p>
<p>Circumventing legitimate rate limits is abusive use of the
system as those limits are there for a reason. If multiple
vendors are used that access the data, each of those vendors
would have to be accredited seperately and therefore not
fall under the circumvention rule. If those vendors are
however affiliated entities, this would be different. Which
brings me to another affiliation requirement: Provide list
of all affiliated entities that are already accredited, or
have applied for accreditetion, similar to the obligation of
registrars to provide lists of all affiliated registrars to
ICANN.<o:p></o:p></p>
<p>I think the terms harvesting and mining speak for
themselves but I assume we can find a commonly acceptable
definition.
<o:p></o:p></p>
<p>Best,<o:p></o:p></p>
<p>Volker<o:p></o:p></p>
<div>
<p class="MsoNormal">Am 09.10.2019 um 04:25 schrieb Mark
Svancarek (CELA) via Gnso-epdp-team:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA">Thanks,
James. Here are my concerns:</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l1 level1 lfo3"><span
style="font-size:11.0pt;mso-fareast-language:JA">Some
abuse may be high-volume, but high volume is not
inherently abusive. If there are industry-standard
methods for distinguishing denial-of-service attacks
from other high-volume activity, we should adopt them
here.</span><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l1 level1 lfo3"><span
style="font-size:11.0pt;mso-fareast-language:JA">Request
formats may change over time. Use of outdated formats
during a transition period is not abusive.</span><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l1 level1 lfo3"><span
style="font-size:11.0pt;mso-fareast-language:JA">Subsequent
requests for data where the format has been improved
(e.g. missing fields have been populated; more
appropriate basis has been submitted; more information
that has been discovered during an ongoing
investigation is added; etc.) is acceptable.</span><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l1 level1 lfo3"><span
style="font-size:11.0pt;mso-fareast-language:JA">Repeated
requests for a domain name record over are justifiable
when it is reasonable to assume that domain name
registration data is likely to have changed during an
investigation. </span><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l1 level1 lfo3"><span
style="font-size:11.0pt;mso-fareast-language:JA">In
the Port 43 public WhoIs system some requestors used
multiple and/or spoofed IP addresses to avoid rate
limits imposed by registrars. Until issues of SLAs
and funding are resolved, we cannot assume that rate
limiting, or quota systems, will apply to SSAD.
Whatever systems are ultimately put in place, the
following observations about IP addresses and
distributed requests should be considered: </span><o:p></o:p></li>
</ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="circle">
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l1 level2 lfo3"><span
style="font-size:11.0pt;mso-fareast-language:JA">It
is not unusual to have a case worked on by multiple
vendors/attorneys/platforms (e.g. one organization
for initial take down requests, another to handle
escalations, outside counsel for follow-up and/or
suit).</span><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l1 level2 lfo3"><span
style="font-size:11.0pt;mso-fareast-language:JA">It
is not unusual to have a case worked on from
multiple geographies.</span><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l1 level2 lfo3"><span
style="font-size:11.0pt;mso-fareast-language:JA">It
is not unusual for a requestor to use a VPN.</span><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l1 level2 lfo3"><span
style="font-size:11.0pt;mso-fareast-language:JA">Credentialed
access should be based on credentials and be neutral
to IP addresses - so mitigations based on IP
addresses are only applicable for the
noncredentialled users of SSAD, if at all.</span><o:p></o:p></li>
</ul>
</ul>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l1 level1 lfo3"><span
style="font-size:11.0pt;mso-fareast-language:JA">I am
very concerned about the undefined terms “harvesting”
and “mining”, which seem to me to be more about intent
than any specific activity. Until we specifically
describe the behavior to be blocked, we should remove
the last bullet.</span><o:p></o:p></li>
</ul>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA">/marksv</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt">From:</span></b><span
style="font-size:11.0pt"> Gnso-epdp-team
<a href="mailto:gnso-epdp-team-bounces@icann.org"
moz-do-not-send="true"><gnso-epdp-team-bounces@icann.org></a>
<b>On Behalf Of </b>James M. Bladel<br>
<b>Sent:</b> Tuesday, October 8, 2019 7:15 PM<br>
<b>To:</b> <a
href="mailto:gnso-epdp-team@icann.org"
moz-do-not-send="true">gnso-epdp-team@icann.org</a><br>
<b>Subject:</b> [Gnso-epdp-team] "Abusive" use of
SSAD</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Helvetica Neue
,serif",serif">Colleagues –
</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Helvetica Neue
,serif",serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Helvetica Neue
,serif",serif">Following up with my homework from
last Thursday, here is the non-exhaustive list of
“abusive” SSAD behaviors.
</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Helvetica Neue
,serif",serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Helvetica Neue
,serif",serif">I’ve been in discussions with Mark
SV, and note that he has some concerns. Expect his
comments/edits in a separate message that will be a
fast-follow to this post.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Helvetica Neue
,serif",serif"><br>
Thanks—</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Helvetica Neue
,serif",serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Helvetica Neue
,serif",serif">J.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Helvetica Neue
Light ,serif",serif">-------------</span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt">James
Bladel</span></b><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Helvetica Neue
Light ,serif",serif">GoDaddy</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-family:"Helvetica",sans-serif">“Abusive”
use of SSAD may include (but is not limited to) the
following behaviors/practices:</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-family:"Helvetica",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-left:1.25in;text-indent:-.25in"><span
style="font-family:"Helvetica",sans-serif">1. High
volume submissions of malformed or incomplete requests.</span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-left:1.25in;text-indent:-.25in"><span
style="font-family:"Helvetica",sans-serif">2. Frequent
duplicate requests that were previously fulfilled or
denied.</span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-left:1.25in;text-indent:-.25in"><span
style="font-family:"Helvetica",sans-serif">3. Use
of distributed or spoofed source addresses or platforms
to circumvent quotas or rate limits.</span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-left:1.25in;text-indent:-.25in"><span
style="font-family:"Helvetica",sans-serif">4. Use
of false or counterfeit credentials to access the
system.</span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-left:1.25in;text-indent:-.25in"><span
style="font-family:"Helvetica",sans-serif">5. Storing/delaying
and sending high volume requests with the intention of
causing SSAD or other parties to fail SLA performance.</span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-left:1.25in;text-indent:-.25in"><span
style="font-family:"Helvetica",sans-serif">6. Attempts
or efforts to mine or harvest the data protected by
SSAD.</span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-left:1.25in;text-indent:-.25in"><span
style="font-family:"Helvetica",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-left:1.25in;text-indent:-.25in"><span
style="font-family:"Helvetica",sans-serif">As
with other access policy violations, abusive behavior
can result in suspension or termination of access to the
SSAD.</span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-left:1.25in;text-indent:-.25in"> <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Helvetica",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><br>
<br>
<br>
</span><o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Gnso-epdp-team mailing list<o:p></o:p></pre>
<pre><a href="mailto:Gnso-epdp-team@icann.org" moz-do-not-send="true">Gnso-epdp-team@icann.org</a><o:p></o:p></pre>
<pre><a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmm.icann.org%2Fmailman%2Flistinfo%2Fgnso-epdp-team&data=02%7C01%7Cmarksv%40microsoft.com%7C6e6707304c3b4d06aec108d74ccfa5a9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637062327032522884&sdata=cFDOjOM5pvUJZ6HZFvJtQgDZK%2FfBB7DLLA5FeSRKdmE%3D&reserved=0" moz-do-not-send="true">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a><o:p></o:p></pre>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.icann.org%2Fprivacy%2Fpolicy&data=02%7C01%7Cmarksv%40microsoft.com%7C6e6707304c3b4d06aec108d74ccfa5a9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637062327032532882&sdata=yobE%2FEhFaqXeFrS1j8aawrwKlfbBdGL4ateUs7OOqI8%3D&reserved=0" moz-do-not-send="true">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.icann.org%2Fprivacy%2Ftos&data=02%7C01%7Cmarksv%40microsoft.com%7C6e6707304c3b4d06aec108d74ccfa5a9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637062327032542879&sdata=TD8WqDuTrCWy4mHNDPHOjJyYrgHKgyTnnae1%2FahUd4c%3D&reserved=0" moz-do-not-send="true">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.<o:p></o:p></pre>
</blockquote>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt">-- <br>
Volker A. Greimann<br>
General Counsel and Policy Manager<br>
<strong><span
style="font-family:"Calibri",sans-serif">KEY-SYSTEMS
GMBH</span></strong><br>
<br>
T: +49 6894 9396901<br>
M: +49 6894 9396851<br>
F: +49 6894 9396851<br>
W: <a
href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.key-systems.net&data=02%7C01%7Cmarksv%40microsoft.com%7C6e6707304c3b4d06aec108d74ccfa5a9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637062327032542879&sdata=JnnTx7%2Bx1BJ3AugvtApUsP6Nd03D01FiUJ3WT8hzNl0%3D&reserved=0"
moz-do-not-send="true">
www.key-systems.net</a><br>
<br>
Key-Systems GmbH is a company registered at the local
court of Saarbruecken, Germany with the registration no.
HR B 18835<br>
CEO: Alexander Siffrin<br>
<br>
Part of the CentralNic Group PLC (LON: CNIC) a company
registered in England and Wales with company number
8576358.</span><o:p></o:p></p>
</div>
</blockquote>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt">-- <br>
Volker A. Greimann<br>
General Counsel and Policy Manager<br>
<strong><span
style="font-family:"Calibri",sans-serif">KEY-SYSTEMS
GMBH</span></strong><br>
<br>
T: +49 6894 9396901<br>
M: +49 6894 9396851<br>
F: +49 6894 9396851<br>
W: <a
href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.key-systems.net&data=02%7C01%7Cmarksv%40microsoft.com%7C6e6707304c3b4d06aec108d74ccfa5a9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637062327032552873&sdata=L%2BP%2Bq51jxHgFGH349YwNGSS2K9CrNn6tu%2Bm4dFcpMGE%3D&reserved=0"
moz-do-not-send="true">
www.key-systems.net</a><br>
<br>
Key-Systems GmbH is a company registered at the local
court of Saarbruecken, Germany with the registration no.
HR B 18835<br>
CEO: Alexander Siffrin<br>
<br>
Part of the CentralNic Group PLC (LON: CNIC) a company
registered in England and Wales with company number
8576358.<o:p></o:p></span></p>
</div>
</div>
</blockquote>
<div class="moz-signature">-- <br>
Volker A. Greimann<br>
General Counsel and Policy Manager<br>
<strong style="border-bottom: 3px solid #5C46B5">KEY-SYSTEMS GMBH</strong><br>
<br>
T: +49 6894 9396901<br>
M: +49 6894 9396851<br>
F: +49 6894 9396851<br>
W: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a><br>
<br>
Key-Systems GmbH is a company registered at the local court of
Saarbruecken, Germany with the registration no. HR B 18835<br>
CEO: Alexander Siffrin<br>
<br>
Part of the CentralNic Group PLC (LON: CNIC) a company registered
in England and Wales with company number 8576358.</div>
</body>
</html>