[gnso-rds-pdp-wg] Final Version of the DT7 deliverable for Criminal Activity/ DNS Abuse Mitigation

Richard W icann at richardw.ca
Thu Mar 8 17:59:38 UTC 2018 

 > and patterns, correlation with other data such as nameservers, and
 > finding association with known bad actors.”

I'm going to add "good actors" to that as well.  When I'm looking at 
domain reputation I looking just as hard for signs the domain is 
legitimate and belongs to who it purports to belong to.

Large corporations can be horrible in their setups, which is what makes 
it so easy for phishing domains to be set up.  If I can't determine 
'good or bad', I'm likely to error on the side of caution.


Richard

On 2018-03-08 9:28 AM, Greg Aaron wrote:
> I will not be able to attend Saturday morning’s session and provide my 
> comments here.
> 
> The questions and responses focused on contact and notification – “who 
> needs to be contacted and when”—and under-document the value and use of 
> /identifying/ the domain contacts, and the use of non-contact data. In 
> the case of DNS abuse mitigation and reputational scoring, there are 
> many legitimate reasons for processing RDS data elements that have 
> nothing to do with contacting registrants and their designated 
> contacts.   Indeed, in some uses cases contact/outreach is irrelevant or 
> undesirable.
> 
> For example, on page 1, question #2 is missing a critical item. Please 
> add to page 1, question #2: “An objective achieved by identifying domain 
> contacts (and accessing non-contact domain data)  is to assign 
> reputation (risk) to domain names.  This can involve identifying trends 
> and patterns, correlation with other data such as nameservers, and 
> finding association with known bad actors.”
> 
> All best,
> 
> --Greg
> 
> **********************************
> 
> Greg Aaron
> 
> Vice-President, Product Management
> 
> iThreat Cyber Group / Cybertoolbelt.com
> 
> mobile: +1.215.858.2257
> 
> **********************************
> 
> The information contained in this message is privileged and confidential 
> and protected from disclosure. If the reader of this message is not the 
> intended recipient, or an employee or agent responsible for delivering 
> this message to the intended recipient, you are hereby notified that any 
> dissemination, distribution or copying of this communication is strictly 
> prohibited. If you have received this communication in error, please 
> notify us immediately by replying to the message and deleting it from 
> your computer.
> 
> *From:*gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org> *On Behalf Of 
> *Marika Konings
> *Sent:* Wednesday, March 7, 2018 6:39 PM
> *To:* gnso-rds-pdp-wg at icann.org
> *Subject:* [gnso-rds-pdp-wg] Final Version of the DT7 deliverable for 
> Criminal Activity/ DNS Abuse Mitigation
> 
> Dear All,
> 
> Here is the Final Version of the DT7 deliverable for Criminal Activity/ 
> DNS Abuse Mitigation. It will also be posted on the WG wiki.
> 
> As noted by Chuck, the leadership team requests that everyone review 
> this before our WG session Saturday morning in Puerto Rico. In doing so, 
> please understand that the purpose of this exercise is to improve 
> everyone’s understanding about the proposed purpose with the hope of 
> making our future deliberation on whether it is a legitimate reason for 
> doing any processing of any RDS data elements.  Do not look at what is 
> said in the DT’s answers as decisions that have been made or will be 
> made in our meeting on Saturday. It is merely input to facilitate our 
> future deliberations, so it is not essential that we have a certain 
> level of consensus now.  Please come prepared to ask any questions you 
> have or suggestions as to anything that the DT may have missed.
> 
> Note that due to other commitments, a number of members of the DT7 were 
> not able to weigh in and may do so as part of the WG’s review and 
> deliberation.
> 
> Best regards,
> 
> Marika
> 
> */Marika Konings/*
> 
> /Vice President, Policy Development Support – GNSO, Internet Corporation 
> for Assigned Names and Numbers (ICANN) /
> 
> /Email: //marika.konings at icann.org/<mailto:marika.konings at icann.org>//
> 
> //
> 
> /Follow the GNSO via Twitter @ICANN_GNSO/
> 
> /Find out more about the GNSO by taking our //interactive 
> courses/<http://learn.icann.org/courses/gnso>/ and visiting the //GNSO 
> Newcomer 
> pages/<http://gnso.icann.org/sites/gnso.icann.org/files/gnso/presentations/policy-efforts.htm#newcomers>/. 
> /
> 
> 
> 
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>

More information about the gnso-rds-pdp-wg mailing list