The CENTR Association, which includes European country code top-level domain name registries, held its CENTR Members' Days on June 1−3, a conference for association members and registrars from other countries in the region that traditionally participate in the event.
Experts from the Coordination Center for TLD .RU/.РФ took an active part in the conference. On the second day of the conference The session “Meetings with Registrars: tips and tricks for meetings during and post-pandemic” was held. Different registries presented their best practices in terms of formats before and during the pandemic, content covered and lessons learned. Deputy Director of the Coordination Center Irina Danelia participated in the discussion and shared the Coordination Center’s positive experience in holding online meetings of working groups to discuss amendments to the Terms and Conditions of Domain Name Registration. Thanks to videoconferencing, registrars from other Russian regions aside from Moscow could join the working group; the working group could also meet more often than usual, which made its work more efficient and expeditious.
Other registries also shared their experiences. NIC.AT regularly hosts roundtable discussions with registrars to talk about innovations. The discussions are attended by several representatives from the registrars they elect for a specific term. Also, registries conduct individual consultations with registrars and working groups with registrars to receive feedback on various issues. They also hold seminars for registrars on various subjects – seminars with new registrars, seminars on administrative and marketing issues, and meetings with technical specialists.
During the pandemic, all events were held online. On the one hand, in-person participation certainly provides more opportunities for person-to-person contact and registrars feel valued in this way; on the other hand, online meetings enable broader participation, and people from different geographic locations can join the discussions. Online meetings also tend to be more frequent and shorter in duration. Registries continue to plan regular meetings with registrars for the post-pandemic period, alternating and combining online and offline formats. On June 3, Registrar's Day, representatives of the registrars joined the registries. Participants in a joint session, Supply Chain Security and Marketing: More Security and Still Being Friends, discussed the risks associated with the security and stable domain operation that emerge on the registrar's end, and considered steps the registries can take to minimize registrar risk and better protect end users, the domain name administrators. Ultimately, such measures should help build up trust between registries, registrars and users.
One of the risk-mitigation measures discussed was registries offering the Registry Lock service (setting a lock on actions with a domain in the registry). A number of country registries are already offering this service, and a special working group at CENTR has developed a document describing several standardized options for this service. Using one of the proposed options should be helpfup to registrars if they interact with multiple registries, because this way all registries will use the same format for providing the Registry Lock service.
CENTR analyst Patrick Miles, who spoke at the session, presented brief preliminary results of the Security Requirements for Registrars survey that canvassed 18 registries, including the Coordination Center for TLD .RU/.РФ. He said the final results would be published later, in the final report, but that he could share a few figures: 80 percent of registries plan to include mandatory sections on security in their agreements with registrars; more than half of registries occasionally experience resistance from registrars to implement security improvements; almost 90 percent of registries conduct internal audits and information security audits.
Security, as one of the most important aspects of the stable and reliable operation of domain zones, was discussed throughout the event. On the first day, Kristof Tuyteleers from DNS Belgium, Co-Chair of the CENTR Security Working Group, presented the Sector-Specific Security Guidelines Project, which was initiated in August 2019 and aimed at addressing the requirements of the EU standardization policy with regard to developing possible information security standards for TLDs. The speaker described the current status of the project and the materials being developed. The purpose of the recommendations being developed is not to replace any standards that are currently in use, he stressed; they concern creating standards for those areas that have not yet been standardized, or where the current standards are not applicable. The areas in question include brand monitoring; security mechanisms for various services (DNSSEC, registry/registrar locking, etc.) and for the DNS system in general; and the improvement of other services (RDAP/WHOIS, EBERO, DataEscrow, EPP, DoT, RPKI, etc.). At the end of his presentation, the speaker called on the community to join the project as volunteers and shared a preliminary schedule of works for the next 18 months.
On the second day, a heated discussion took place about the implications of openly publishing DNS zone files. Representatives from three ccTLD registries (.NU, .EE, and .CH) shared their experiences and answered questions from the community about their experience in disclosing and publishing their domain zone file records. The participants highlighted such risks as the potential misuse of zone file records, the possible increase in phishing and spamming, loss of certain market advantages as a result of free publication of valuable data, and restrictions from government regulators. As for the pros, participants in the session cited support for various research initiatives, support for organizations fighting cybercrime, simplifying a number of technical processes, and reducing zone file security costs.