<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
Hi,
<div class=""><br class="">
</div>
<div class=""> I am re-opening this thread to inform about any progress that has been made on specifying or even rolling out this API.</div>
<div class="">We would be interested in using this as an additional monitoring service but I cannot find a more recent update than this mail thread from February.</div>
<div class=""><br class="">
</div>
<div class="">Best regards,</div>
<div class=""><br class="">
</div>
<div class="">Ron Geens</div>
<div class="">DNS Belgium</div>
<div class=""><br class="">
<div>
<blockquote type="cite" class="">
<div class="">On 25 Feb 2017, at 01:48, Gustavo Lozano <<a href="mailto:gustavo.lozano@icann.org" class="">gustavo.lozano@icann.org</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)" class="">
<style class=""><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div bgcolor="white" lang="EN-US" link="#0563C1" vlink="#954F72" class="">
<div class="WordSection1">
<p class="MsoNormal"><i class="">Thank you for your feedback, Scott, and </i>Michele<i class="">,<o:p class=""></o:p></i></p>
<p class="MsoNormal"><i class=""> </i></p>
<p class="MsoNormal"><i class="">@Scott,<o:p class=""></o:p></i></p>
<p class="MsoNormal"><i class=""> </i></p>
<p class="MsoNormal">I think it would be helpful to note somewhere that TLS protection is required, and that the credentials are protected using TLS.<o:p class=""></o:p></p>
<p class="MsoNormal"><o:p class=""> </o:p></p>
<p class="MsoNormal"><span style="color:#002060" class="">[Gustavo Lozano] - </span>
<span style="color:#002060" class="">OK, I will add text in this regard.<o:p class=""></o:p></span></p>
<p class="MsoNormal"> <o:p class=""></o:p></p>
<p class="MsoNormal">Have you thought about using TLS with mutual authentication of both clients and servers? That would add an extra layer of protection to ensure that only authorized clients have access to TLD-specific data.<o:p class=""></o:p></p>
<p class="MsoNormal"><o:p class=""> </o:p></p>
<p class="MsoNormal"><span style="color:#002060" class="">[Gustavo Lozano] - </span>
<span style="color:#002060" class="">Thank you for the suggestion, we have it in our to-do list.<o:p class=""></o:p></span></p>
<p class="MsoNormal"> <o:p class=""></o:p></p>
<p class="MsoNormal">It would also be helpful to explicitly state that login credentials are provided by ICANN (how are they requested and delivered?), or at least provide a link to some other document that explains the process.<o:p class=""></o:p></p>
<p class="MsoNormal"> <o:p class=""></o:p></p>
<p class="MsoNormal"><span style="color:#002060" class="">[Gustavo Lozano] - </span>
<span style="color:#002060" class="">OK, I will add text in this regard.<o:p class=""></o:p></span></p>
<p class="MsoNormal"><o:p class=""> </o:p></p>
<p class="MsoNormal">It would also be helpful to note that the client must provide (how?) ICANN with a list of IP addresses to be added to a per-TLD white list. Are both IPv4 and IPv6 addresses acceptable? If not, why?<o:p class=""></o:p></p>
<p class="MsoNormal"><o:p class=""> </o:p></p>
<p class="MsoNormal"><span style="color:#002060" class="">[Gustavo Lozano] - OK, I will add text in this regard. The input mechanism for IP address blocks supports IPv4 and IPv6, however in the beta of the Monitoring System API, we only have IPv4 transport
support.<o:p class=""></o:p></span></p>
<p class="MsoNormal"><i class=""> </i></p>
<p class="MsoNormal"><i class="">@Michele,<o:p class=""></o:p></i></p>
<p class="MsoNormal"><i class=""> </i></p>
<p class="MsoNormal"><span lang="EN-GB" class="">Speaking of IPs .. <o:p class="">
</o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" class="">Ideally being able to provide blocks, rather than lists of IPs ..
<o:p class=""></o:p></span></p>
<p class="MsoNormal"><i class=""> </i></p>
<p class="MsoNormal"><span style="color:#002060" class="">[Gustavo Lozano] - In the GDD Portal, the Registry Operator can set the list of IP address blocks to be allowed to access the RRI (Registry Reporting Interface). The Monitoring System API uses the same
credentials.<o:p class=""></o:p></span></p>
<p class="MsoNormal"><o:p class=""> </o:p></p>
<p class="MsoNormal">Regards,<o:p class=""></o:p></p>
<p class="MsoNormal">Gustavo<o:p class=""></o:p></p>
<p class="MsoNormal"><o:p class=""> </o:p></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt" class="">
<div class="">
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in" class="">
<p class="MsoNormal"><b class="">From:</b> Michele Neylon - Blacknight [<a href="mailto:michele@blacknight.com" class="">mailto:michele@blacknight.com</a>]
<br class="">
<b class="">Sent:</b> Friday, February 17, 2017 5:15 AM<br class="">
<b class="">To:</b> Hollenbeck, Scott <<a href="mailto:shollenbeck@verisign.com" class="">shollenbeck@verisign.com</a>>; Gustavo Lozano <<a href="mailto:gustavo.lozano@icann.org" class="">gustavo.lozano@icann.org</a>>; '<a href="mailto:gtld-tech@icann.org" class="">gtld-tech@icann.org</a>'
<<a href="mailto:gtld-tech@icann.org" class="">gtld-tech@icann.org</a>><br class="">
<b class="">Subject:</b> [Ext] Re: [gtld-tech] ICANN monitoring system API<o:p class=""></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p class=""> </o:p></p>
<p class="MsoNormal"><span lang="EN-GB" class="">Speaking of IPs .. <o:p class="">
</o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" class="">Ideally being able to provide blocks, rather than lists of IPs ..
<o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" class=""> </span></p>
<div class="">
<p class="MsoNormal"><span lang="EN-GB" style="" class="">--<o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="" class="">Mr Michele Neylon<o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="" class="">Blacknight Solutions<o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="" class="">Hosting, Colocation & Domains<o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="" class=""><a href="https://www.blacknight.com/" class="">https://www.blacknight.com/</a><o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="" class=""><a href="http://blacknight.blog/" class="">http://blacknight.blog/</a><o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="" class="">Intl. +353 (0) 59 9183072<o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="" class="">Direct Dial: +353 (0)59 9183090<o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="" class="">Personal blog: <a href="https://michele.blog/" class="">
https://michele.blog/</a><o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="" class="">Some thoughts: <a href="https://ceo.hosting/" class="">
https://ceo.hosting/</a> <o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="" class="">-------------------------------<o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="" class="">Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty<o:p class=""></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-GB" style="" class="">Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845</span><span lang="EN-GB" class=""><o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" class=""> </span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in" class="">
<p class="MsoNormal"><b class=""><span lang="EN-GB" style="" class="">From: </span>
</b><span lang="EN-GB" style="" class=""><<a href="mailto:gtld-tech-bounces@icann.org" class="">gtld-tech-bounces@icann.org</a>> on behalf of Scott Hollenbeck <<a href="mailto:shollenbeck@verisign.com" class="">shollenbeck@verisign.com</a>><br class="">
<b class="">Date: </b>Friday 17 February 2017 at 13:05<br class="">
<b class="">To: </b>"'<a href="mailto:gustavo.lozano@icann.org" class="">gustavo.lozano@icann.org</a>'" <<a href="mailto:gustavo.lozano@icann.org" class="">gustavo.lozano@icann.org</a>>, "'<a href="mailto:gtld-tech@icann.org" class="">gtld-tech@icann.org</a>'"
<<a href="mailto:gtld-tech@icann.org" class="">gtld-tech@icann.org</a>><br class="">
<b class="">Subject: </b>Re: [gtld-tech] ICANN monitoring system API</span><span lang="EN-GB" style="font-size: 12pt;" class=""><o:p class=""></o:p></span></p>
</div>
<div class="">
<p class="MsoNormal"><span lang="EN-GB" style="font-family:"Times New Roman",serif" class=""> </span></p>
</div>
<p class="MsoNormal"><a name="_MailEndCompose" class=""><span lang="EN-GB" style="color:#1F497D" class="">Thanks for the opportunity to provide comments, Gustavo. It would be helpful to add more introductory text (perhaps in a section titled something like
“Operational Assumptions”) to explicitly note several implied functional points. Here are a few that I found:</span></a><span style="mso-bookmark:_MailEndCompose" class=""></span><span lang="EN-GB" class=""><o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D" class=""> </span><span lang="EN-GB" class=""><o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D" class="">In Section 3, the document says that HTTP Basic authentication is used. Without additional information, that means that credentials are exchanged in plaintext form. Encryption service is
hidden in the description of the base URL mentioned in Section 2. I think it would be helpful to note somewhere that TLS protection is required, and that the credentials are protected using TLS.</span><span lang="EN-GB" class=""><o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D" class=""> </span><span lang="EN-GB" class=""><o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D" class="">Have you thought about using TLS with mutual authentication of both clients and servers? That would add an extra layer of protection to ensure that only authorized clients have access to
TLD-specific data.</span><span lang="EN-GB" class=""><o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D" class=""> </span><span lang="EN-GB" class=""><o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D" class="">It would also be helpful to explicitly state that login credentials are provided by ICANN (how are they requested and delivered?), or at least provide a link to some other document that
explains the process.</span><span lang="EN-GB" class=""><o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D" class=""> </span><span lang="EN-GB" class=""><o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D" class="">It would also be helpful to note that the client must provide (how?) ICANN with a list of IP addresses to be added to a per-TLD white list. Are both IPv4 and IPv6 addresses acceptable?
If not, why?</span><span lang="EN-GB" class=""><o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D" class=""> </span><span lang="EN-GB" class=""><o:p class=""></o:p></span></p>
<div class="">
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D" class="">Scott</span><span lang="EN-GB" class=""><o:p class=""></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D" class=""> </span><span lang="EN-GB" class=""><o:p class=""></o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt" class="">
<div class="">
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in" class="">
<p class="MsoNormal"><b class=""><span lang="EN-GB" class="">From:</span></b><span lang="EN-GB" class="">
<a href="mailto:gtld-tech-bounces@icann.org" class="">gtld-tech-bounces@icann.org</a> [<a href="mailto:gtld-tech-bounces@icann.org" class="">mailto:gtld-tech-bounces@icann.org</a>]
<b class="">On Behalf Of </b>Gustavo Lozano<br class="">
<b class="">Sent:</b> Saturday, February 11, 2017 12:17 AM<br class="">
<b class="">To:</b> <a href="mailto:gtld-tech@icann.org" class="">gtld-tech@icann.org</a><br class="">
<b class="">Subject:</b> [EXTERNAL] [gtld-tech] ICANN monitoring system API<o:p class=""></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-GB" class=""> <o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" class="">Hello Colleagues,<o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" class=""> <o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" class="">Specification 10 of the base registry agreement (<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__newgtlds.icann.org_sites_default_files_agreements_agreement-2Dapproved-2D09jan14-2Den.htm&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=VbweciUcwYQpIOZDSxl0ezGd1hGDtd-0BvgAgfmwfE0&m=cTdHSr5Ru2vE9oxoRasvA_FP8b5lxG_LgBzPtUN6cuc&s=cN9Uyg3mU-hTu7dDU3f-oCpzmJG_1sKiAvIoKReQo28&e=" class="">https://newgtlds.icann.org/sites/default/files/agreements/agreement-approved-09jan14-en.htm[newgtlds.icann.org]</a>)
describes the Service Level Requirements and emergency thresholds that a Registry Operator has to comply related to the Registry Services.<o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" class=""> <o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" class="">ICANN has been monitoring compliance of new gTLDs following the algorithms defined in this specification.<o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" class=""> <o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" class="">ICANN provides access to Registry Operators to the incident information of its TLDs through an API currently in beta, and we are planning on releasing the production version in the future.<o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" class=""> <o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" class="">The Registry Operators using the beta API had provided valuable feedback, and the specification to be implemented in the production version has been modified accordingly.<o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" class=""> <o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" class="">Attached you will find the latest draft of this specification. I appreciate your feedback no later than February 24, 2017.<o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" class=""> <o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" class="">Regards,<o:p class=""></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" class="">Gustavo<o:p class=""></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
</body>
</html>