WS #280 the DNS Trust Horizon Safeguarding Digital Identity
26 Jun 2025 15:45h - 17:00h
WS #280 the DNS Trust Horizon Safeguarding Digital Identity
Session at a glance
Summary
This workshop at the Internet Governance Forum focused on DNS trust and safeguarding digital identity, examining two key challenges: blockchain identifiers integration with DNS and online harm mitigation. The session was jointly organized by the Dynamic Coalition on DNS Issues and the Dynamic Coalition on Data and Trust, with discussions framed around UN Sustainable Development Goal 9 regarding resilient infrastructure and innovation.
The first topic addressed blockchain identifiers and their responsible integration with the existing DNS system. Speakers emphasized that while blockchain technologies offer potential benefits for digital identity, they present significant challenges including name collisions, governance issues, and threats to the single authoritative root principle that underpins DNS stability. Research revealed actual collisions between blockchain identifiers and existing domain names, with some blockchain providers creating top-level identifiers that conflict with established gTLDs and ccTLDs. Panelists stressed the importance of responsible integration rather than replacement of DNS, advocating for multi-stakeholder collaboration to develop standards and best practices that preserve DNS security while enabling innovation.
The second discussion focused on online harm mitigation, particularly addressing scams, fraud, and DNS abuse. Speakers shared various approaches, including Norway’s .no registry model that requires identity verification and limits domain registrations per holder, which has proven effective in reducing abuse. The Global Signal Exchange was presented as a new initiative to improve threat intelligence sharing across sectors, processing hundreds of millions of threat signals to enable faster response times. Multiple panelists emphasized that combating online harms requires coordinated action across the entire internet infrastructure stack, from registries and registrars to hosting providers and content platforms. The discussion concluded with recognition that these challenges require ongoing multi-stakeholder engagement and innovative approaches to maintain trust in digital infrastructure while supporting legitimate innovation.
Keypoints
## Major Discussion Points:
– **Blockchain Integration with DNS Systems**: The panel extensively discussed the challenges and opportunities of integrating blockchain-based naming systems with the traditional DNS infrastructure. Key concerns included name collisions between blockchain identifiers and existing domain names, the need for responsible integration rather than replacement of DNS, and maintaining the single authoritative root principle that ensures DNS stability.
– **Multi-stakeholder Governance and Coordination**: A recurring theme was the critical need for multi-stakeholder engagement to address both blockchain integration and online harm mitigation. Speakers emphasized that no single entity – whether government, private sector, or civil society – can solve these complex issues alone, and that established forums like ICANN and IGF provide essential venues for this coordination.
– **Online Harm Mitigation and DNS Abuse**: The discussion covered various forms of DNS abuse including phishing, malware, spam, domain spoofing, and cyber-squatting. Panelists shared different approaches to combating these harms, from Norway’s strict identity verification requirements for .no domains to Meta’s efforts to combat brand impersonation and the Global Signal Exchange’s cross-sector threat intelligence sharing platform.
– **Data Sharing and Real-time Threat Detection**: Multiple speakers highlighted the importance of improved data sharing mechanisms for combating online fraud and scams. The discussion covered initiatives like the Global Signal Exchange’s “Quick Factors” (quantity, immediacy, quality) approach and the need for faster mitigation times, currently averaging four days from detection to action.
– **Technical Standards and Best Practices**: The conversation addressed the need for developing technical standards for responsible DNS integration with blockchain systems, including work being done in IETF working groups, and the importance of maintaining DNS security through existing mechanisms like DNSSEC while considering future enhancements.
## Overall Purpose:
The workshop aimed to examine how the Domain Name System needs to evolve to address emerging challenges in digital trust and identity, specifically focusing on blockchain identifier integration and multi-stakeholder approaches to fighting online harms including scams and fraud. The session was designed to initiate multi-stakeholder conversations on these complex issues in the context of the WSIS+20 review and UN Sustainable Development Goal 9 (building resilient infrastructure and fostering innovation).
## Overall Tone:
The discussion maintained a collaborative and constructive tone throughout, with participants demonstrating technical expertise while acknowledging the complexity of the challenges. The atmosphere was professional and solution-oriented, with speakers building on each other’s points rather than engaging in adversarial debate. There was a sense of urgency about addressing these issues, particularly around online harms, but also recognition that sustainable solutions require careful coordination and responsible implementation. The tone remained consistently focused on finding practical, multi-stakeholder approaches to these technical and policy challenges.
Speakers
**Speakers from the provided list:**
– **Emily Taylor** – CEO of Oxford Information Labs and co-founder of the Global Signal Exchange
– **Keith Drazek** – Vice President, Policy and Government Relations at Verisign (session moderator)
– **Benoit Ampeau** – Director of partnerships and innovation at AFNIC, the French internet registry
– **Swapneel Sheth** – Senior director of research engineering at Verisign in the office of the chief technology officer
– **Hilde Thunem** – Managing director of NORID, the Norwegian ccTLD registry (.no)
– **Lucien Taylor** – CTO and founder of the Global Signal Exchange, a global clearinghouse for real-time sharing of scam and fraud signals
– **Rima Amin** – Security policy manager, community protection with Meta
– **Graeme Bunton** – Executive director, NetBeacon Institute (participated online)
– **Edmund Chung** – From .Asia
– **Andrew Campling** – From 419 consultancy
– **Bertrand Lachapelle** – Executive Director of the Internet and Jurisdiction Policy Network
– **Participant** – (Role/title not specified – appears to be Dr. Esther Yarmitsky based on context)
– **Audience** – Individual from Senegal named Yuv (role/title not specified)
**Additional speakers:**
– **Dr. Esther Yarmitsky** – UK Department of Science and Innovation and Technology, has a PhD in internet governance, speaking in personal capacity (mentioned in introduction but appears in transcript as “Participant”)
Full session report
# DNS Trust and Safeguarding Digital Identity: A Comprehensive Workshop Report
## Executive Summary
This workshop at the Internet Governance Forum brought together leading experts from across the DNS ecosystem to examine two critical challenges facing digital infrastructure: the responsible integration of blockchain identifiers with the Domain Name System and the mitigation of online harms through coordinated multi-stakeholder approaches. Jointly organised by the Dynamic Coalition on DNS Issues and the Dynamic Coalition on Data and Trust, the session was framed within the context of UN Sustainable Development Goal 9, which emphasises building resilient infrastructure and fostering innovation.
The discussion revealed consensus amongst participants that both challenges require multi-stakeholder coordination rather than fragmented individual responses. Speakers advocated for integration rather than replacement of existing DNS infrastructure, whilst acknowledging the urgent need for proactive measures to combat the rising scale of cybercrime and online fraud.
## Opening Context and Framework
Keith Drazek, serving as moderator and Vice President of Policy and Government Relations at Verisign, established the session’s framework by connecting the technical discussions to broader policy objectives. He positioned the workshop within the WSIS+20 review process and UN Sustainable Development Goal 9, emphasising how DNS evolution must support sustainable development goals whilst maintaining stability and security.
Emily Taylor, CEO of Oxford Information Labs and co-founder of the Global Signal Exchange, provided brief opening remarks introducing the workshop before handing over to Drazek for the main facilitation.
## Blockchain Identifiers and DNS Integration
### Research Findings on Blockchain-DNS Collisions
Benoit Ampeau, Director of partnerships and innovation at AFNIC, presented research findings revealing actual collisions between blockchain identifiers and existing domain names. Working with the DNS Research Federation, AFNIC identified specific instances where blockchain naming systems have created identifiers that conflict with established generic top-level domains (gTLDs) and country code top-level domains (ccTLDs).
Ampeau provided concrete examples of these collisions, including blockchain identifiers like .wallet, .crypto, .corp, .om, and .mail that conflict with existing or potential DNS namespace usage. He emphasised that these collisions create security risks for users and potential instability for the DNS system.
### Technical Implementation Perspectives
Swapneel Sheth, Senior Director working in Verisign’s office of the chief technology officer, addressed technical challenges facing DNS-blockchain integration. He highlighted critical lifecycle management issues, asking: “How do we think about a domain name that’s transferred or expires after the domain name has been integrated into the blockchain application? How do we avoid risks with inconsistencies, with the security concerns that come along when the same names are used across multiple systems?”
Sheth noted that whilst DNS integrations with blockchain applications have potential, they require responsible implementation to avoid security inconsistencies. He reported encouraging engagement from the blockchain community through collaborative draft development in IETF working groups.
### Strategic Integration Approach
Dr. Esther Yarmitsky from the UK Department of Science and Innovation and Technology, speaking in her personal capacity, argued for integration rather than replacement of DNS infrastructure. She emphasised the importance of answering whether to “integrate this blockchain system into the global domain name system, or do we watch our infrastructure fragment in dangerous ways.”
Yarmitsky advocated for blockchain as a potential secondary security layer that could enhance existing DNSSEC capabilities whilst preserving the single authoritative root principle that ensures DNS stability.
### Industry Questions and Concerns
Edmund Chung from .Asia raised questions about the technical necessity of blockchain enhancements, noting that DNSSEC already provides cryptographic validation and questioning the added value of blockchain for DNS security.
Andrew Campling from 419 consultancy observed that Web3 naming schemes lack mature governance structures and could benefit from DNS governance lessons. He also raised concerns about the environmental and computational costs of implementing dual cryptographic validation systems.
## Online Harm Mitigation: Multi-Stakeholder Approaches
### The Norwegian Model: Identity Verification and Domain Limits
Hilde Thunem, Managing Director of NORID (the Norwegian ccTLD registry for .no), presented a detailed case study of how targeted interventions can effectively reduce DNS abuse. The Norwegian approach requires identity verification for domain registrations, including organization numbers for businesses and national identity numbers for individuals, and limits the number of domains that individual registrants can hold.
Thunem explained that this approach creates friction for scammers whilst maintaining accessibility for legitimate users. She provided a concrete example: “If you want to register santa.no, you have to prove that you are Santa Claus,” illustrating how identity verification prevents impersonation and abuse.
The Norwegian model has proven highly effective in reducing abuse within the .no namespace, demonstrating that well-designed registration policies can significantly impact abuse levels. Thunem also emphasised the importance of robust legal frameworks with clear responsibilities and due process protections.
### Global Signal Exchange: Cross-Sector Threat Intelligence
Lucien Taylor, CTO and founder of the Global Signal Exchange, presented an innovative approach to combating online fraud through cross-sectoral threat intelligence sharing. The Global Signal Exchange operates as a clearinghouse for real-time sharing of scam and fraud signals, processing threat indicators that have grown from 40 million to 270 million, rising by approximately one million per day.
Taylor highlighted a critical asymmetry: “The criminals are moving faster than us. They’re exploiting cross-border legislative tensions and sharing bad things between each other better than we share things.” The platform currently has 160 organisations in its accreditation pipeline, representing significant expansion of cross-sector collaboration.
### Platform Perspectives: Meta’s Approach
Rima Amin, Security Policy Manager for Community Protection at Meta, provided insights into how major platforms address DNS abuse and brand impersonation. She emphasised that DNS abuse accelerates harm across multiple threat areas including domain spoofing, cyber-squatting, and deceptive redirects.
Amin advocated for global solutions and consistent approaches rather than fragmented country-specific responses, noting that the borderless nature of the internet requires coordinated international responses.
### Data-Driven Insights: Concentration of Abuse
Graeme Bunton, Executive Director of the NetBeacon Institute, provided crucial data that reframed understanding of the DNS abuse problem’s scope. His research revealed that “95% of the malicious domains that we see belong to about 50 registrars or less, 80% belongs to less than 20.”
This concentration suggests that targeted interventions could be highly effective. Bunton’s data demonstrated that “the problem space is not huge” and “we can sort of wrap our collective arms around the scope of that problem.” He emphasised that proactive processes and automation are essential given the scale of abuse that reactive reporting cannot handle.
### Governance and Coordination Challenges
Bertrand Lachapelle, Executive Director of the Internet and Jurisdiction Policy Network, provided a systems-level perspective, observing that “this whole thing is a speed and scale challenge and it’s a data challenge. It’s a data sharing challenge.” He noted the emergence of new intermediaries that handle abuse workflow management.
Andrew Campling raised questions about governance gaps, particularly regarding country code top-level domains, noting “the real gap here is the lack of action by some of the ccTLDs” and asking “how do we get governments to also step forward to address this?”
## Areas of Consensus and Disagreement
### Multi-Stakeholder Collaboration
Throughout both discussions, speakers demonstrated consensus on the importance of multi-stakeholder collaboration. This extended to specific implementation approaches, with speakers advocating for coordination through existing frameworks rather than creating entirely new governance structures.
### Integration Over Replacement
Speakers consistently advocated for integration rather than replacement of existing DNS infrastructure when considering blockchain technologies. This reflects understanding of the DNS ecosystem’s complexity and the risks associated with fundamental architectural changes.
### Technical Value Debate
Despite agreement on integration approaches, speakers disagreed about the technical value that blockchain technologies could add to existing DNS security mechanisms. While some advocated for blockchain as a secondary security layer, others questioned whether blockchain provides meaningful improvements over existing DNSSEC capabilities.
## Emerging Challenges and Questions
### Blockchain Community Engagement
Questions arose about how to incentivise blockchain community participation in responsible integration frameworks, highlighting uncertainty about whether blockchain solution providers will engage meaningfully with DNS governance approaches.
### Scaling and Government Engagement
Multiple speakers acknowledged that current abuse mitigation processes struggle with the scale of modern threats. Questions about government engagement, particularly regarding ccTLD accountability, highlighted governance gaps in current approaches.
### Digital Identity and National Infrastructure
Questions from participants highlighted how many government institutions use generic domains instead of their national ccTLD, potentially creating cybersecurity risks and undermining digital identity frameworks.
## Conclusion
This workshop demonstrated both the complexity of challenges facing DNS infrastructure and the potential for multi-stakeholder approaches to address them. The discussion revealed that both blockchain integration and abuse mitigation require coordination mechanisms that preserve existing infrastructure stability whilst enabling innovation and improved protection.
The speakers’ emphasis on integration rather than replacement, proactive rather than reactive approaches, and coordinated rather than fragmented responses provides a foundation for continued progress. However, unresolved questions about blockchain community participation, scaling abuse mitigation, and addressing governance gaps highlight the need for continued engagement.
The workshop’s connection to UN Sustainable Development Goal 9 underscores that these technical discussions have broader implications for global development and digital inclusion. Success will depend on translating the collaborative approaches demonstrated in this workshop into concrete actions that preserve trust in digital infrastructure whilst enabling necessary innovation.
Session transcript
Emily Taylor: Good afternoon, everybody. Thank you very much for joining us this afternoon. You are at workshop 280, the DNS trust horizon, safeguarding digital identity. My name is Emily Taylor. I’m the CEO of Oxford Information Labs and a co-founder of the Global Signal Exchange. And we were asked to put together this panel this afternoon for two dynamic coalitions, the dynamic coalition on DNS issues and the dynamic coalition on data and trust. And thank you to those organizations for asking us to do it. So this workshop will look at the WSIS-20 and the issues of digital trust and identity through the lenses of blockchain identifiers and emerging namespace and multi-stakeholder voluntary measures to fight online harms including scams and fraud. Now, each of these issues requires the domain name system in some way to evolve, to cope with these emerging issues. And each has been a struggle because they’re complex in nature and they require the coordination of multiple stakeholders. We will hear from a range of speakers on the issues and the sessions will be moderated by my good friend and long-term colleague, Keith Drasek, who is Vice President, Policy and Government Relations at Verisign. So with that, Keith, I hand over to you and thank you very much.
Keith Drazek: Thank you very much, Emily. and welcome everybody to our workshop 280. And as Emily noted, this is a joint workshop proposed by the Dynamic Coalition on DNS Issues and the Dynamic Coalition on Data and Trust. And our view of this session is really in some ways the beginning of a multi-stakeholder conversation on two separate issues that Emily touched on. Blockchain identifiers and the need for responsible integration with the DNS and online harm mitigation up and down and across the stack with different roles and responsibilities and technical capabilities for the various actors in the stack. Each one of these really does require multi-stakeholder engagement and multi-stakeholder input. And we just want to call that, you know, this is sort of the beginning of that part of the conversation. So look for more opportunities in the near future to engage on these issues. So I’m going to go ahead and introduce our panelists here. But before I do, I just want to note that as we are here at IGF in a season of looking ahead to the WSIS Plus 20 review, we thought of this workshop in the context of the UN Sustainable Development Goals. In particular, SDG number nine, which is to build resilient infrastructure, promote inclusive and sustainable industrialization, and foster innovation. And really both of these topics, I think, are tied directly to that. And so we wanted to really demonstrate that those at the table, industry and other actors, are really engaged in trying to advance in this IGF context some work around that specific SDG number nine. So with that, let me go ahead and introduce our panelists. A little bit of housekeeping. We’re going to have probably five to seven minutes for each panelist to make some introductory remarks. And then we really do want this to be an interactive dialogue with you in the audience and you online. So we’re going to try to keep a good chunk of time. at the end here for the dialogue, and then we’ll probably save five minutes at the end for a little bit of a wrap-up stop taking for the rapporteurs. So, first panelist, and not in order of speaking necessarily, but first on my list is Lucien Taylor. Lucien is a CTO and founder of the Global Signal Exchange, a global clearinghouse for real-time sharing of scam and fraud signals. We also have Hilde Thunem, managing director of NORID, the Norwegian ccTLD registry, .no. We’re thrilled to be here in Norway, of course. Online, I believe we have Graeme Bunton, who’s the executive director, NetBeacon Institute, an organization established by PIR, the .org registry, that’s focused on helping the internet community identify and report DNS abuse, establish best practices, fund DNS research, and share data. We also have Benoit Ampeau, director of partnerships and innovation at AFNIC, the French internet registry. We have Swapnil Sheth, a senior director of research engineering at Verisign in the office of our chief technology officer. And we have Rima Amin, security policy manager, community protection with MEDA. And Dr. Esther Yarmitsky, UK Department of Science and Innovation and Technology. Esther has a PhD in internet governance. She’s here speaking in her personal capacity. And we are very, very happy to have each of you. So with that, I’m going to start off, because we have two topics, I’m going to lead off with the first, and that’s going to be the topic of blockchain identifiers and the DNS. And probably stop after the three speakers have had their chance to have an intervention, give their remarks, and give an opportunity for questions or audience engagement, participant engagement, before we move on to the next section. But I’ll be keeping an eye on the time with the help of Emily, make sure we keep to our schedule. And with that, let’s go ahead and kick it off. So, Benoit, I’m gonna turn to you first on the topic of blockchain identifiers and the need for responsible integration in the DNS. From your perspective, what are the main challenges to maintaining trust in DNS systems in the face of emerging technologies like blockchain?
Benoit Ampeau: Thank you. Hello, everyone. Delighted to participate in this session. So yes, I will talk about the importance of trust in the security of digital identities and the challenges posed by the emergence of the new technologies like blockchain in current internet naming system, the DNS. It’s opening discussion and also concerns. It’s a challenging size to present this broad, complex topic in such a short time. So I’ll do my best. The domain name system, as you know, currently constitutes a reference infrastructure for creating and resolving names on the internet. It’s available to all connected internet people for more than 40 years. During this time, we can observe some initiative for alternate naming systems that have emerged on a regular basis. For instance, I can mention Namecoin or even Gdunet, and they are seeking to establish themselves by exploring models other than DNS, but all partially inspired by DNS. Today, we observe a significant number of organizations creating and establishing naming system based on blockchain all over the world. For many years at AFNIC, we have been studying the theme of trust in DNS applied to different use cases and technical environments, and regularly are evaluating sorry, other integration of identifier namespace, such as those used in the Internet of Things industry or in the blockchain ecosystem. By studying both risks, but also potential complementarities of this identifier system with the DNS. We also conducted a study publishing a report last year on the possibility of blockchain actually replacing the DNS. And now we are currently evaluating for a future report on a more technical layer, the security level that a blockchain identifier system based on a public blockchain would offer on both registration and also name resolution services. In addition to that, we established with our partners from DNSRF here a roadmap of work on the current ecosystem and blockchain identifier solution providers. From name collisions, provider mappings, and their economic models to ultimately, later this year, develop a general risk assessment framework. So, very quickly, three outcomes of our studies. The importance of trust. Trust is essential for the security of digital identities. Without it, users and businesses cannot operate effectively online. Integrating new technologies like blockchain into existing DNS infrastructures presents unique challenges. Blockchain has proven to be very robust in the face of alteration of the data associated with identifiers, but it raises also questions about governance and standardizations. Global consistency and the trust of all stakeholders in DNS have yet to be built for blockchain. Second one, uniqueness of names in DNS and blockchain. These are two different methods to safeguard the uniqueness of names in their naming space. DNS, as you know, relies on hierarchical architecture and a system of delegation, which also provides decentralization, by the way. The uniqueness of names is ensured by a governance system coordinated by ICANN, which supervises the root of DNS through its technical function, IANA. And then, registries such as us are managing each TLD, top-level domain. on a delegated basis. The existence of a single rule trusted by all ensures that no name can be registered twice in the same naming space is key. In the case of blockchains, the naming space is generally regulated by smart contracts which defines the rules for registration and realization of blockchain identifiers. In theory, these contracts ensure the uniqueness of all names under a given contract and several smart contracts can exist on the same blockchain. However, the uniqueness of identifiers is not centrally managed and at the global level of all blockchains, they are operating independently. Therefore, it’s possible for the same identifier to be allocated by more than one blockchain, leading to duplication. The DNS RF study revealed collisions between blockchain identifiers and domain names. For example, some TLDs like .wallet and .crypto could pose security issues if adopted without adequate planning. Sorry about that. Remember last GTLD round in 2012? Printer.om, user.corp were used internal suffixes by corporation and I can receive the application for .corp, .om, .mail, so forth and so on. So we, with DNS RF, have examples of ccTLD and gTLD collisions. Of the three providers we found had created top-level identifiers that were the same as existing gTLDs. One with eight direct conflicts, the second one with four and the last one in one. On the ccTLD level, we also had collision with existing ccTLDs and even two other TLDs with two later top-level identifiers, not delegated by either. So, our work with DNS-RF aims to give a concrete view of the situation to better evaluate and provide a risk assessment framework for other concerned stakeholders, which is important here, institutions, policy makers, for their own purpose. As a conclusion, in a nutshell, maintaining trust in DNS is crucial for digital identities, DNS identities and other digital identities that are relying at some point on DNS. The integration of blockchain within the DNS could present opportunities but also significant challenges that could alter this trust. Proliferation of blockchain identifier systems makes them prone to confusion when resolving names. Finally, stakeholders’ involvement is essential to overcome these difficulties and understand the potential benefits but also, very importantly, the risk. Thank you.
Keith Drazek: Thank you very much, Benoit. And I just want to reinforce one of the things that you mentioned, and that is the importance of the fundamental foundation, the importance of the single authoritative route in dealing with matters in the DNS. And one of the challenges and one of the concerns that you’ve correctly flagged is the potential for duplication of records when there should be a single record. And so I think this is important both in today’s context but also looking ahead to the upcoming launch of a next round of new GTLDs in the ICANN space. There’s currently an application window that’s targeted for April of next year with likely delegation of some of those strings applied for perhaps a year after that. So this is a live and active topic when we’re talking about potential implications both at the technical and the policy level when it comes to expectations around these unique identifiers. So with that, let me turn to Swapnil.
Swapneel Sheth: Hey, thanks, Keith, and thanks for the opportunity for me to be on this stage, part of this conversation. So, domain names, as we know, have been long users’ identifiers, right? In applications, going back all the way, you can think about telnet, FTP servers, email services, and then later, domain names were adapted to be used for the web use case. So, what we’ve seen, though, in the past few years is that there is interest, and blockchain applications and decentralized applications have emerged as a new use case for user-friendly identifiers. So, as an example, blockchain wallets, we’ve all heard of blockchain wallets by now, and so blockchain wallets tend to identify users via a long alphanumeric string, which is human-unfriendly, much like IP addresses are unfriendly. And so, obviously, there is a need for users to be able to use something that’s human-friendly so that they can make their interactions with these blockchain applications easier. And I think that’s one of the reasons why we have seen dozens upon dozens of these alternative namespaces in blockchains, exactly for this use case, which is trying to make interactions much easier with these blockchain applications. What we are also seeing is there’s a lot of interest in using DNS domain names for these use cases in blockchains. and a lot of other people who have been working on this for a long time. So there’s a lot of interest for using DNS domain names in blockchains, and this chain of thought, this line of thought, where you can use a DNS domain name, integrate that with a blockchain application, we call that a DNS integration. So imagine when you’re trying to send cryptocurrency, right, you can use a domain name which you’re familiar with as opposed to using this long alphanumeric blockchain address. Now the thing is, DNS integrations come with their own set of challenges. For example, how do we think about a domain name that’s transferred or expires after the domain name has been integrated into the blockchain application? How do we avoid risks, right, with inconsistencies, with the security concerns that come along when the same names are used across multiple systems? These are really important topics, and without coordination, these systems will fall out of sync, and when they fall out of sync, they will give rise to, you know, unexpected user behavior, inconsistent behavior. And more importantly, these issues will lose or undermine trust that we have built in DNS over the last several decades. Don’t get me wrong, though, ultimately, I think blockchain-based DNS integrations have the potential to enhance the value of DNS domain names, but we believe that the way to get there… is we are responsible DNS integrations, so we can take the well-established benefits of DNS and extend that to these new use cases in blockchains. So safeguarding the stability, security, and reliability of critical internet infrastructure has been at the very core of what VeriZyne does. And alongside keeping the same values in mind, we’re also supporting development of responsible DNS integrations. So what have we been doing? We have published a variety of research papers and measurement studies to raise awareness of SSR issues that exist in today’s DNS integrations. We’ve also, we are actually actively working with the community and encouraging the community to come up with standards and best practices for responsible DNS integrations. I think this is where I see a great opportunity for collaboration. The DNS, along with this long-standing community in ICANN and IGF, have proven to be resilient and adaptable, right? DNS has well-defined standards and practices for transparency, for control, and for domain name lifecycle management. And I think together these principles can inform and should inform how we build and develop these new integrations with DNS. So now the internet success has been rooted in interoperability. Trust and collective ownership. And as we evolve the DNS to these new use cases, as we innovate, we must preserve these values. So here’s my invitation. Let’s work together. Let’s collaborate together so that we can use the existing critical DNS infrastructure for these new use cases, but let’s do so in a manner that supports our collective goals, which is to build a safe, secure, and reliable internet ecosystem. Thank you.
Keith Drazek: Thank you very much, Swapneel. So I’ll turn next to Esther, but I just want to remind everybody that when Esther’s concluding her remarks, we’ll turn to the audience, turn to you for any questions and comments and input that you may have on this particular topic. And of course, our panelists are more than welcome to engage together and compare notes in any conversation that they’d like to have. So thank you. Esther, we’ve heard about various national approaches to digital identity and online safety from the UK’s Online Safety Act to emerging blockchain systems. As AI transforms both the challenges and the potential solutions, what do you think needs to happen at the global level to address the trust and security challenges? Thank you.
Participant: Thank you so much for your question, Keith. I really believe that the choices we will make in the next two years will determine a lot of whether the internet will remain a stable and trustworthy source, or whether it will become a great vulnerability for us. I will explain why in my remarks. Before I begin, just to reiterate, this is not UK government policy, and it is based on my research on AI, but also institutional governance. I think that when Tim Berners-Lee created the World Wide Web, he was probably not expecting how much of our global e-commerce system and our economy would depend on the structures and the protocols that we have in place today. The internet is the backbone for 5.4 billion internet users, which is an incredible number that we hope will grow and reach everyone that hasn’t been connected yet. Living in this type of environment also presents a lot of risks and challenges. I know that we will move to the topic of fraud after this, but I just wanted to highlight… and Rima Amin, and we are here to highlight how important it is that we maintain a secure DNS system as in the United Kingdom alone, fraud accounts for 40% of all crime and 80% of that is cyber. So while all of this is intensifying and we have a lot of issues of fraud in the current DNS system, new naming systems that we are discussing today are emerging in parallel with the global domain name system. So what is happening in the global domain name system is that there is a lot of information, a lot of logic, standards, and their own risks. ICANN, which we respect and love to be the important body that is keeping the internet stable and interoperable, acknowledges that blockchain naming systems are being built outside of the global domain name system. Actually, I just wanted to give you a number that I have been working on for the last couple of years, and it’s a really good time to talk about web 3.0, but also about web 3.0 groups preparing to apply to the next round of GTLDs at ICANN in 2026, and so this is a really good time to discuss these challenges. So the critical choice I want to highlight is that we need to answer the question, and my co-panelists have addressed it, do we integrate this blockchain system into the global domain name system, or do we watch our infrastructure fragment in dangerous ways in which fraud will likely just intensify? And the question that we’re facing today is definitely not whether these systems will emerge and whether this threat will exist, because it already does, and it will, and I think we’ve already moved past that question absolutely. And I am proposing very much a multi-stakeholder approach to really tackling this. And the different stakeholders in the next round will have already been and Rima Ampeau. So, I’m going to talk about the infrastructure that integrates these two systems. Some of the things that I’m thinking about is also connecting it to some of the GDC and SDG lines that we have. So, under the GDC principle 2, it would be very, very smart to integrate cryptographic identity into DNS queries. So, there would be a lot of security, a lot of security, a lot of security, a lot of security, but it would be a very, very smart layer to what you are accessing. GDC principles 3, 4, and 5 would also enable federated AI systems to detect fraud in realtime on top of the structures that we have today. And how does this work? Well, we know that blockchain identifies, they create really strong, secure, secure, secure, secure, secure, secure, secure, secure, secure, secure, secure, secure, secure, secure, secure, secure, secure, secure, secure, secure, secure, secure, secure. So, the GDC principle 3, 4, and 5 would be a great opportunity to combine these two approaches. This would strengthen, actually, the root principle that maintains today’s internet stability and universal connectivity, and that’s why it’s important that ICANN pays attention to this now and really leverages the next round to ensure that AI is not just a tool for the internet, but also a tool for the future, and that’s why we’re here today. So, the GDC principle 3, 4, and 5 would be a great opportunity to combine these two approaches. And how does this work? Well, we know that blockchain identifies, they create strong, This is very important because if we try to soak the points, to succeed, if we try to replace the DNS it will be really bad for the internet. We need to integrate. and the other is that we are trying to integrate any new technology and innovation into the system we have today. And to conclude, being a multi-stakeholder process is the only way forward. No government, no private entity, no civil society group can solve this alone. This needs to be done within the forest that we have today, especially within ICANN, the GAC. It needs to be actively involved to make sure that the next round is successful and integrates these really important thoughts that we are discussing today. Thank you.
Keith Drazek: Thank you very much, Esther. I think this is a really important point to say. Innovation needs to be supported and encouraged, but it needs to be done in a responsible way. So I think each of our speakers so far has really reinforced that issue. I really appreciate your focusing this on the need for the multi-stakeholder engagement around this topic. I think that’s critical and certainly one of the reasons that we’re here today at IGF bringing this to the community’s attention. So with that, let me ask if there’s anybody who would like to come to the microphone or to get – actually, there’s one on each side – or to get in queue, checking to see if we have anybody online. I would say we have five or ten minutes to discuss this topic before moving on if we’d like to, or we could move directly into the online harms discussion and then come back for questions and comments at the end. Edmund, go right ahead. Hello. Welcome.
Edmund Chung: Edmund Chung here from .Asia. I just wanted to pick up on the integrating blockchain and some of the emerging technologies to how we manage the DNS. Two things I want to highlight. One is I thought the question about including cryptographic technologies to the resolution process is quite interesting. I just wonder, currently the DNSSEC protocol – security extensions, do do that. I’m just curious how blockchain would add to the DNSSEC part. The other thing that came to mind is that what about the registration data? I actually personally find the registration data to be quite useful. I mean, blockchain might actually be very useful for registration data, especially for domain transfers, ownership transfers, and authentication of those issues because of the nature of blockchain. See if there are any thoughts on those two things.
Participant: Thank you, thank you so much for your question. And definitely DNSSEC, very good that you brought it up and thank you. I wanted to get into that as well. It’s true that it already provides some form of validations in the DNS responses to prevent that tampering. But this blockchain enhancement really just builds on top of that, I would say. So it would exist as a form of secondary security layer on top of the DNSSEC. And that would be similarly to what would happen when we need to develop quantum resistant data defense processes.
Benoit Ampeau: Yes, I would just add that DNS is secure today. DNS domain names are portable, they’re flexible, and they’re secure. Security is provided by DNSSEC as a means of authentication and otherwise email and web traffic are supported via the encrypted protocols. So I think I want to reinstate that DNS is secure today. Aziz?
Keith Drazek: Okay, thank you very much for that. And Edmund, thank you for that question. We have another speaker. If you could identify yourself please and then go ahead and ask your question.
Andrew Campling: Yep, hi there. Thank you. Andrew Campling. I’m from a consultancy, 419 consultancy, which amongst other things spends time thinking about the DNS. I’d echo the comments about DNSSEC. And yeah, so I’m skeptical that there will be value add on that specific point, doing two lots of the same thing. I think, particularly when I know there’s post-quantum being tested to extend DNSSEC anyway. And we have to think about the compute cost, the environmental cost of doing that twice. So I think we should be cautious heading in that direction. The point I wanted to make, though, some of the, let’s call them the Web3 naming schemes, have as a feature of their creation that they have no governance. So some of the ones that don’t have it as a feature have fairly immature governance, not by design, just because they’re still very early in their evolution. And I think there’s a lot of very useful lessons that could be carried across from the approach to governance in the DNS into those systems. So there will be benefit from integration, at least at the governance level, if not at the technical level. So I don’t know if any panelists want to comment on the governance points.
Swapneel Sheth: So I don’t know if you’ve been following DNSOP, Working Group, and IETF. And so we have a couple of drafts that we’re working on towards responsible DNS integration. And one of the ones was recently, as of early this week, was adopted by the Working Group. And it talks about what are the considerations for integrating DNS domain names into blockchain namespaces or blockchain applications in a responsible manner. So it’s sort of a checklist of things to go through as you’re building your integration. And hopefully, by the end of it, you will have a responsible integration. And that will obviously have the governance of the DNS because it’s it’s routed into the DNS. I can manage DNS route if that helps answer your question. Yeah and going back just a plug-in here for the since you bought a post quantum DNSSEC. If you are interested in that topic we are actively working on it. We will have hackathons and we’ll also have a PQ DNSSEC side meeting at the upcoming IETF meeting. Please join us and feel free to contribute.
Benoit Ampeau: fully agree with what you said but from the blockchain provider solution perspective we do not know yet if they would like to engage in this way in the responsible integration. So basically we know internet it’s complex we all know this. Maintaining, providing consistent user experience for a stable resilient secure internet it’s complex. So we’ll see what the future will be by integrating this kind of factors into the DNS ecosystem at large.
Swapneel Sheth: I’ll make another point while we’re on the topic is the interest from Web3 community. So the draft I just talked about I have co-authors from ENS which is a alternative namespace in the blockchain Ethereum name service and another co-author is Blue Sky which is a decentralized social media namespace that’s trying to use DNS domain names as social media handles. So I just want to say that there is enough interest from the Web3 community to integrate responsibly as long as we have we are willing to work with them.
Participant: And maybe just to add again to emphasize that this is important to think about now because now ICANN has an opportunity to seriously engage with as I mentioned earlier it is a growing industry there is interest but it’s our responsibility coming from kind of the ICANN and traditional DNS system to to engage and that’s also within our hands.
Keith Drazek: Thank you very much and Andrew thank you for the question and the engagement. we have two quick questions I think in the chat that Emily will read and then we’ll probably pivot and move on to the online harms discussion and we can always come back to this at the end so Emily.
Emily Taylor: Yes so we had a comment from Luke Siffer saying okay I’ll sum it up it’s not that complex the entire web 3 4 5 blockchain saga is merely a creatively lazy attempt to monetize the internet by fragmenting DNS with an alternative route nothing revolutionary here just reheated hype time to move along Bevan Wathen did a thumbs up and an agree to Esther’s call for for integration and not replacement of the DNS and a Carolina from Oxhill hello Carolina asked two questions how do we ensure responsible integration happens in a multi-stakeholder manner and also how to get the blockchain community to participate what incentives exist for them to participate I think a lot of those the second question you touched on in in the just the recent remarks thank you.
Keith Drazek: Yeah thanks very much Emily and I think to Carolina’s question about you know what are the opportunities for engagement I think the dynamic coalitions that are represented here I think our future opportunities for continued engagement in a multi-stakeholder way on this conversation but probably not the only options so we should be creative and think about how to reach out and engage folks from from this particular community but also other multi-stakeholder actors and perspectives to make sure that we have a well-informed and broad sort of understanding of the various concerns and opportunities so thank you for that we will now pivot and move on to our discussion on online harm mitigation I’ll just take a couple of minutes to give some context and maybe frame the discussion over the last five ten years and Benoit Ampeau. The third type of abuse is phishing, farming, malware, botnet, command and control distribution and spam when spam is used as a delivery mechanism for those other four. Obviously, that is just a subset of the broader topic of online harms, right? So that’s, you know, DNS technical abuse. There’s obviously other online harms that are related to content, and there are a number of different actors in the system, and there are a number of different technical capabilities to mitigate abuse at the most appropriate time, the most appropriate level, without disproportionate impact on other actors in the system. So I think what we’re going to talk about today is the broad topic of online harms, and with that, I’m going to turn first to Hilde. Hilde, a question for you. The Norwegian top-level domain .no is an example of a very broad topic of online harms, and I’m wondering if you could talk a little bit about the reasons why online harms are being used for abuse like phishing, malware, and spam. Could you share some insights from your perspective into what could be the reasons, or what could be the reasons behind that? Thank you.
Hilde Thunem: ≫ Thank you for having me here on the panel. I’d like to start by saying that just like in the offline world, I think online abuse rates are a very important part of the world, and I think that the Norwegian model and the Norwegian approach to the .no domain name provides one example of how many different stakeholders can work together and have a positive effect. So all domain registries, people like me that hand out domain names, we operate within a ecosystem of the local law where we’re based and the registration policy. And one of the factors that influence the type of neighborhood that sort of grows under a top-level domain is the requirements that the registry imposes on those wanting to register domain names. So the registration policy for NO is shaped by NUDID, but we do this in consultation with different stakeholders in the Norwegian society and within the domain regulation that provides a sort of framework for the basic principle of this. And one of the requirements we have is that anyone who wants to register a .no domain name must identify themselves by providing either the organization number registered in the Norwegian Register for Business Enterprises, and foreign companies can do this if they have a Norwegian subsidiary, or as an individual to have a national identity number registered in the National Population Register. So if you worked in Norway for a long time you get one of these. And before granting the right of use to a domain to anyone, we verify that they exist in one of these official registers. So we look it up and this ensures that each NO domain name is registered to a real individual or organization who is responsible for how the domain is used. So sad to say, and I hope I’m not breaching any childhood dreams here, but Santa Claus does not have a .no domain name because he does not exist. But of course this is not only a sort of registry only effort, because we don’t talk to the domain holders directly. So it’s the registrars who have the direct contact with their customers that are required to know who they are, and to sort of ensure that the one contacting them actually represents the organization that they are. are trying to register a domain for. But how they do this is left to the registrars, because that varies widely if you’re a small registrar that knows every customer personally, or you’re a large registrar with different control systems. And then we also have a very, I think, fairly unique Norwegian rule that there is a limit to how many domain names each domain holder can have. So if you’re an individual, you get up to five domain names, and if you’re a company, you get up to a hundred. And the rationale behind this is that domain names are a limited resource, or good domain names are that. And sort of in the Norwegian way of, there must be some cake left on the table for the latecomers. We want to keep some domains still there so that early adopters don’t get to take them all. So both of these requirements are there for other reasons than fighting online harm. But they have the happy side effect that they irritate the scammers a lot. Because first of all, someone wanting to register a domain to use it for illegal content, for scams, for spam, they have to either identify themselves or steal somebody else’s credentials. And when they do, and they sneak past the registrar’s control mechanism, they get only a hundred domain names, or five if they stole somebody’s personal credentials. And that’s kind of friction for those that need to burn through a lot of domain names in order to spread their scams. At the same time, the whole point of making it slightly difficult for the criminals is also not to create a big burden on the legitimate domain holders. Because we want people to have domain names. We want them to have their little corner of the internet where they have ownership of the content they produce instead of just… just being at the online large technical social media platforms. And so, this makes NOF a fairly safe space, but of course there are Norwegian criminals and there are other criminals that steal credentials. So, in the cases that domain names are used to commit a crime, then the rest of the regulatory ecosystem comes into play. So, the Supreme Court in Norway established as early as 2009 a principle that it’s the domain holder that holds the responsibility for the use of the domain name. And since that is actually a real person or an organization, there is a place to start if one wants to take action. And this year, the revised Electronic Communication Act provided further clarity by putting this principle into law. So, as a last resort, when proportionate action may be taken against the domain name. But such measures requires a process that safeguards the legal rights of all the involved parties. And this is especially important because for top-level domains like .no with the presence requirements, almost all of the domains that are used for the technical online harms like phishing are compromised domains. So, the domain holder is a victim that has his website or has his domain compromised and not necessarily the perpetrator. But in those rare cases where a domain name needs to be taken down instead of the content acted upon, Norwegian police have a clear mandate in law to seize domain names. Similarly to what they can do in the offline world where they can seize a car or a gun or a dog if it has bitten someone and to keep as part of a case that’s raised. And just like in the offline world, also in the online world, when they seize a domain name, they have to follow the requirements for due. process. And the Consumer Protection Agency have the same sort of power to go and require domain name to either be deleted or transferred in the cases that it’s serious online harm to consumers as a whole. But in those cases, they have to go to court just to prove that they have tried less impactful actions first. So in summary, I think it’s the combined effort of the registry and the registrars as part of the registration process, and then the regulatory framework and the public authorities, both providing official databases we can use, but also acting when illegal content or other online harm is being a problem.
Keith Drazek: Thank you very much, Hilde. And I want to just touch on a point that you raised, and that’s the important distinction between domain names that have been registered with malicious intent or for the explicit purpose of perpetrating fraud or crimes or online harms, and compromised websites or compromised web hosts. And I think you also noted that there could be an instance where a domain name that was registered with perfectly legitimate intent had an account compromise. So it actually could be there’s sort of a range of possibilities there in terms of the use of the domain name. But I think you also reinforced an important point that depending on the nature of the harm or the nature of the abuse, there could be action that’s appropriate at the registry level or the registrar level or in combination somehow, or there’s the need to engage the content layer of the infrastructure stack to make sure that the web hosts, the CDNs, are also involved in instances where a website’s been compromised, because they’re the only actors that can take the surgical act needed to be able to address that particular bit of harm. And so proportionality is important in all of that, but Thank you for all of that. Thank you, Hilde. Okay, I’m gonna turn to Lucian next. Lucian, on day zero, we had, there was a great session, I recommend it to everybody, on online fraud and scams. And so we heard in that session from you about the Global Signal Exchange, your new initiative to address a number of challenges in tackling scams and fraud. So curious what you’d like to share on that and how it’s different from any other initiatives. So, Lucian, thank you.
Lucien Taylor: Thank you very much, Keith. I just wanted to say, I think we’re gonna do our little speeches and then there’ll be questions after that if you wanna take a rest. Okay, thank you very much. Yeah, Keith, thank you for that. And three short answers, and then I’ll extemporize. One is, the first one is that we didn’t just dream up the idea of the GSE ourselves of sort of building a Global Signal Exchange. A number of organizations came together in a multi-stakeholder community and asked for that organization to be created. In other words, that it was missing in the current fight against scams and fraud. And so how are we different? Well, we seek to change the game in the effort to tackle scams and fraud. And finally, in the answer to the… Well, it’s a point that I generally want to say we’re here at the IGF and we really think that this is the ideal sort of space, this multi-stakeholder environment to discuss these sorts of things. But I’ve also been hearing about the Internet Infrastructure Forum and others where these are safe places which are less polemic where we can actually come together and figure out how to solve this without kind of getting into a circular firing squad. So to dig in, my first point, was the creation of a new data signal sharing entity. The need for a cross-sectorial international signal sharing platform was… identified in the Global Anti-Scam Summit in Lisbon in 2023. And the GSE brings together a number of partners to deliver a new service to fight scams and fraud. Currently, we’ve got 160 organizations in the accreditation pipeline. So there is a strict accreditation process. We’ve got the commitment from four big tech, including Meta, thank you, Rima. And we’ve got a huge new opening, proprietary threat intelligence from Google, which is opening, they’re opening up their own in threat intelligence to this new idea, this new venture, and trying to less depend on these sort of lots of threat signal bilaterals and have a single service to go through as a kind of broker. We also have, we’re in negotiations with several governments and law enforcement bodies. So how are we changing the game? Cybercrime is rising relentlessly. I don’t think any of us can argue with that really, seriously. I’ve asked my family to look at their phones and give me some WhatsApp examples. And they’ve just got dozens of, you know, you’ve got to pay a fine, you’ve got to pay for, you’ve got a new bill from some car park or some tax office. We’re under this relentless pressure all the time to reevaluate the things that we’re being presented with. There are a number of initiatives across the internet supply chain, verticals, we call them verticals, that are doing good things. But cybercrime, the vector is still increasing. When I talk about the internet supply chain, I talk about the supply chain that’s available to scammers and fraudsters. That is building their infrastructure. A fraudster will build a domain name, identity, register a company, build a website, benefit from content delivery network. and so on. They will then establish false IDs on social media channels and on email and others. They will then easily engage with the potential victims through chat, through email, through messaging services. And finally, step four, I call it, a banking commitment is made, a crime is registered. And at that point, we know we’re dealing with a criminal. And then they package those fraud services and recycle them and make them available and actually provide a fraud and scamming industry for others to enjoy. So the criminals are moving faster than us. They’re exploiting cross-border legislative tensions and sharing bad things between each other better than we share things. So the GSE aims to deliver new things. First of all, face up to the governance and policy challenges. And they are considerable. We’ve been talking about them in ICANN and IGF for decades now. And secondly, address the technical challenges. Now, in terms of the governance and policy challenges, we are tackling head-on the cross-border international and cross-sectorial challenges. And we’ve hired good lawyers. And I’m not going to even bother to talk about all of that today. Thank you very much, Emily. In terms of the technical challenges, I’ll get back into my comfort zone. We’ve invented our own acronym called Quick Factors, QIQ. You can’t invent a new organization without some new acronyms. First, those quick factors are quantity, immediacy, and quality. In terms of quantity, have we got enough data to reflect the actual problem, to reflect the problem that consumers are suffering? In January, we had 40 million threat signals. Let me put that into context. The action fraud, City of London Police, they’re getting 30,000 threat signals every month. We’ve risen from 40 million threat through the Google stack, up to 270 million threat signals. They’re rising by a million threat signals a day. And we still believe we’re not seeing half of it. Hopefully when Meta and more come on board and start supplying those signals, we’re going to start to see really what the consumer is suffering from. We want those more signals to be provided for the participating organizations. And we call this uplift. Uplift is when all parties share signals and thereby find new information for themselves over and above their own stocks of threat intelligence. We observe uplift. We also want to reduce the cost of signals for the smaller players. Immediacy. We need to make things quicker and reduce the time to live for scams and fraud online. The time between a signal reported and a signal being mitigated needs to be brought down from an average of four days between detection and mitigation. Esther mentioned the need for federated models and quantum big computing power and AI to move towards real-time threat detection to identify these clusters as they’re happening. Finally, quality. To tackle both the quality of the signal and the provider, these are impacted by two things. Confidence scores and feedback. So a signal provider can attach their own confidence score to a signal and this can be improved by what we call overlap. When all parties share signals and simultaneously detect the same signal, we increase confidence. And the second big part of our work is to develop a feedback loop. This is a concept that came from cybernetics. It’s something that I employed in 2023 and started talking about because it’s missing in the game. And the feedback loop is an enormously challenging bit of work. you can’t just provide feedback to threat intelligence signals which are low quality kind of neighborhood watch type things. These are not evidence-based pieces of data that will stand up in court. So the signals are absolutely essential. I’m running out of time so I’ll just summarize. We have a number of pilots with registries, registrars, advertising communities, big tech doing handshakes, and police and law enforcement. Thank you very much.
Keith Drazek: Thank you very much, Lucian. And, you know, I think what you’ve described is a clear need for an intermediary, an aggregator of data, clearinghouse, platform of data sharing between threat reports, threat intelligence, reporters of abuse, and the operators of infrastructure that have the capability to address that abuse, right? So thank you very much. Just time check, we’ve got 18 minutes left. We have two panelists yet to speak and I’m going to try to keep a few minutes, five minutes at the end for any questions and engagement from you. So, Rima, if I could turn it over to you. Thank you.
Rima Amin: Sure. Thank you. So I’ll start by saying that our team in security policy work to counter adversarial threats in a number of different areas. So that tends to cover influence operations, cyber espionage, hacking, and frauds and scams. And throughout all of those different areas, the evidence shows that DNS abuse accelerates the harm to people and businesses across the board. Our teams are really focused on working to prevent, mitigate, and stay ahead of these threat actors that are looking to abuse sort of matters platforms and violate our policies by redirecting users off over to malicious. off-platform links, but I think as everyone has kind of said here today that this is a internet ecosystem problem, so we need to really have that sort of multi-stakeholder approach to be able to responsibly manage and mitigate some of these DNS abuses. Just to touch on a couple of the sort of the key areas that we’re concerned about and that we see, so the first sort of being domain spoofing, where domain names are created closely to resemble legitimate ones in order to deceive the people using our platforms. We also see them being used to sort of phish people online and sort of steal sort of their credentials. The second area relates to sort of cyber-squatting and domain impersonation, and impersonation of things like businesses and sort of well-known brands, again created to lure people into thinking they’re into a safe space that they sort of know, and sort of commit harms towards those people. The third is relating to deceptive sort of redirects, so adversarial actors may attempt to route users to malicious websites by making them think that they’re visiting a legitimate one, and then they get thrown over to a harmful website potentially with sort of malware and other harmful things. One emerging area that we are seeing is the use of link aggregators and shortners, so we’re seeing threat actors really sort of leverage those in order to sort of evade URL impersonation that might be sort of easier to detect, so that’s one sort of area that is emerging. Just to dive a little bit more into the frauds and scams space and how the DNS and Rima Ampeau. So, I’m going to start with the accounts side. So, if you are a fraudster, you’re most likely to use a fake account or a compromised account. Compromised accounts are particularly lucrative because they have legitimacy and sort of history behind them. And those accounts may also be used to sort of manage sort of different business profiles, et cetera. So, for example, if you are a fraudster, you’re most likely to use a fake account. So, one way that they might try to gain access to that account is, again, through sort of malicious links, which would sort of install malware and steal credentials and a bunch of other different things there. Once identities are created to sort of Lucien’s point earlier, the actor will try to engage with their victim. So, for example, if the victim is trying to engage with a bank, they try to engage with a bank and they get a message from a bank and they add a message and whatnot, then the victim is often taken over to a website. Now, that website might be sort of impersonating a particular shop. They try to buy a product. They no longer receive a product. They try to go back to the website. They don’t get any recourse. And then they go over to the banks. And then they try to go back to the website. So, that’s one example of how the victim is trying to get out of a platform and make sure it doesn’t reemerge. But to Lucian’s point about how long they stay on the internet, they still continue and continue to exist on other platforms and cause harm. A couple of things that we’ve been doing also to protect the misuse of sort of Meta’s brand, we hope we can continue to use that. In summer we started in 2024 last URLs that came from sort of Vietnam. We’ve also been able to take down 9,000 URLs that were impersonating sort of WhatsApp, Facebook, Meta, Instagram, threads and reality labs. So we are able to take some action, but we do think more is needed. To go back to the point about these websites existing on the internet, we take efforts to share the intelligence and signals that we have. So we do that through sort of existing signal sharing programs that we have with industry. And we also think GSE has a lot of potential, especially because it’s not just industry focused, but because there’s sort of cross sector sharing that is happening there. In terms of sort of moving forward here, a couple of things that we think would be really helpful. I think the first is having sort of global solutions. We’ve seen some really good sort of practice here today. And I think bringing those into sort of global context would be helpful because of the nature of sort of the internet. We see a lot of countries trying to tackle this sort of in their own way. And so if there was a consistent approach, we think that would be incredibly helpful. We also sort of advocate for sort of transparency and accountability policies to navigate DNS abuse, including sort of areas to help with authentic engagement online. The sort of remediation side, so making sure that abuse is mitigated sort of as promptly as possible. And we also support the whole of sort of community cooperation here because we do understand that it is a complex problem. We all only see different parts of it. And so we actually just need to be pulling these pieces together.
Keith Drazek: Okay. Thank you very much, Rima. I think that last point is really critical, and that’s collaboration, cooperation, information sharing up and down and across the stack, and also to both of your points about the need for cross-sector engagement. For example, the financial processing transactions industry, you know, they have information that would be very helpful to other parts of the Internet stack. That’s just one example. So thank you very much for that. Appreciate it. Graeme, I’m going to turn to you next, and then we’ll probably try to keep five minutes at the end for questions and answers and community engagement. So Graeme, over to you.
Graeme Bunton: Thank you, Keith. I will try and be brief. First of all, apologies that I couldn’t be there in person. I’ve got a pretty small kid at home and have been traveling a bunch, and it turns out that generates some difficulty sometimes. And really appreciate being able to participate in this panel. I’d like to share here a bit today on some of the work that we’ve been doing to try and disrupt online harms and what we’ve learned in that process and how we think that can contribute to further work within this community. So first, a little bit about the NetBeacon Institute. It was created by Public Interest Registry in 2021. PIR is the operator of the .org TLD and is a not-for-profit and needs to do good works in service of that not-for-profit mission, and really felt like there was a gap within the ecosystem around issues of DNS abuse, that there wasn’t someone in the middle of that focused on this issue, working across the community within ICANN and outwards to try and educate, collaborate, build tools and resources to try and disrupt DNS abuse. And so the institute was created to try and fulfill that need. We’re not commercial as a part of the not-for-profit. I’ll talk a little bit about the services that we offer, but we don’t do anything for fee or cost recovery. All of what we do is free. And so as we began this work with the mission of trying to make the internet safer for everybody, we first needed to understand the landscape of DNS abuse. And so we created a project called NetBeaconMap, Measurement and Analytics Platform, which is a free and transparent, academically robust attempt to measure the prevalence of DNS abuse across the ecosystem, as well as things like concentration, mitigation rates, and median time to mitigation. And we do all of that work in partnership with CoreLabs out of the University of Grenoble, an academic there named Professor Maciej Korczynski. And so we’ve been providing this data publicly to the ecosystem for three years, I’ve lost some sense of time being stuck in this room, and really trying to enable the multi-stakeholder community to try and do data-driven policy discussion and development, as well as really drive industry action based on rigorous data. And so what have we learned from that? Well, a couple of things. One is that 95% of the malicious domains that we see belong to about 50 registrars or less, 80% belongs to less than 20. And so on a malicious domain front, in a way, that’s good news. The problem space is not huge. There’s differences between the registrars and TLDs also in that data. But we can sort of wrap our collective arms around the scope of that problem. There are changes that we can make. There’s ways that we can bring all of these parties together and improve the situation. We can see now the changes within the industry based on the ICANN contract amendments that came into effect last year, where we begin to see the larger, more active players getting and Benoit Ampeau. The DNS abuse rate is incrementally better, but they are close to diminishing returns, I think, on issues of DNS abuse for the sort of large, more engaged registrars in the space, and we can see abuse concentrating now in a smaller number of more highly abused registrars and TLDs. Right now, we see a really acute issue with two registrars, with very large abusive campaigns happening, and we’ll publish more on that in a moment, but I think the DNS abuse rate has begun to influence how we begin to approach this problem and think about it, and that really led us to how can we begin to disrupt these things, and so we built NetBeacon Reporter, which is a conduit for abuse reporting that anyone can use via web form or API, and use it to submit abuse reports to any gTLD registrar or participating ccTLD or registry, as well as we distribute to hosting companies and CDNs, so what we’re trying to do is take abuse reports in, we standardize them, we enrich them, we make them better, we reduce the technical burden on the reporter, and we distribute those abuse reports to multiple layers of the internet stack to try and disrupt those harms. That work was directly responsive to some multi-stakeholder outputs, SSR2 and SSEC 115, which is a multi-stakeholder report, and we also have a multi-stakeholder report on SSR2 and SSEC 115, if you speak ICANN, most specifically, and so we’ve been running that now since 2020, and doing somewhere around the realm of about 20,000 abuse reports a month, and we learn an awful lot from that sort of volume. We’re getting a lot of feedback from the hosts and registrars that we’re reporting to on the quality of those reports, and we can see who’s taking action, when, and why. And going back to some of the points made by the other panelists, especially around the Thank you, Luchin, for that. Boy, it seems very clear that improving reactive processes around abuse, there’s still some room there. We can do better at evidence gathering and we can do better at getting abuse reports to registries, registrars, and hosts in a timely fashion, and we can get better at helping them respond quicker. And all of those, I think, are interconnected. Lastly, it seems really clear that we need improved, reliable, and accessible proactive processes. Abuse is happening at such a scale that trying to react all the time isn’t sufficient. There are days where we have sent 6,000 abuse reports out, 7,000 abuse reports out to individual registries or registrars, and that just doesn’t work. It just doesn’t scale that way without some form of automation, but really it’s about getting in front. And so how do we think collectively about getting in front of some of these issues? And lastly, a point I want to make about trust and users is that I think we can rely a little bit on trust based on behavior within these systems rather than identity, because behavior on that platform, how many domains have you registered? How many, how long, how old is your hosting account? Those attributes can’t be faked and feel like a really good place to begin building trust on as we begin to think about who has access to these tools and resources. I’ll stop there. I know we only have a few minutes. Thank you very much for the time.
Keith Drazek: Thank you. Thank you very much. Thank you very much, Graham. Really appreciate it. We have like three minutes left, so I’ve got two people at the microphone, if we could be brief. Oh, and I’m sorry, we have three, yes. So let’s try to fit in at least the three interventions. So go right ahead. Thank you so much.
Audience: Hello. Thank you for these wonderful interventions. My name is Yuv, I’m from Senegal. I really appreciate the topic, especially the digital identity, the DNS. Senegal has had a DNS since the 80s, but in 2025, some ethnic institutions send emails, not with the .sn, but with a .ya or a .go, a .ya or a .gmail, which even constitutes a risk, since the question of cybersecurity arises. And recently, the State of Senegal was the victim of two cyber attacks. So, as an expert, what would you propose to the State, so that we can use the .sn in administrative services, so that there is a digital identity, but also to strengthen security?
Keith Drazek: Thank you very much for the translation. So, good question. Maybe we can take that offline, since we have a couple of others in queue. So, is that Andrew again?
Andrew Campling: It is. I’ll be real quick. Two very quick points. Firstly, ICANN have done some great work to tighten up the contracts to address some of the DNS abuse issues. The real gap here is the lack of action by some of the ccTLDs. So, how do we get governments to also step forward to address this? So, maybe this is the right forum for that, as some of them are here. despite the good work in ICANN, the definition of DNS abuse that ICANN uses is incredibly narrow. And for example, that doesn’t address things like CSAM, although it does cover phishing. So, how can we get more work done to broaden the definition so it has even more impact than it already has?
Keith Drazek: So, thank you very much, Andrew. I can respond to that very briefly. As far as the the definition of DNS abuse, one of the bright lines is when you get into content-related matters, ICANN’s bylaws prohibit it from getting involved into content. So, the definition of DNS abuse is relatively narrow by necessity of ICANN’s bylaws. But there are other venues for discussing content-related harms that are sort of being discussed and developed. And Bertrand, I’m going to turn to you as the shepherd of the Internet Infrastructure Forum. That’s one of the areas where some of these content-related discussions are going to take place. Thanks.
Bertrand Lachapelle: Yeah, thank you. Thank you, Keith. So, in a nutshell, I’m Bertrand Lachapelle. I’m the Executive Director of the Internet and Jurisdiction Policy Network. As Keith mentioned, we have been asked to organize a space to address a certain number of the abuses that do not, that cannot be addressed within the ICANN environment and also to engage other actors than just the DNS operators. I want just to make, and this is the Internet Infrastructure Forum, which is a new thing that started basically in February this year. I want to very quickly mention, in light of what you’ve been saying, this whole thing is a speed and scale challenge and it’s a data challenge. It’s a data sharing challenge. The second thing is that scams, frauds and so on, there is a concept that is evolving that we’ve been discussing in the IIF, which is the notion of theft by deception. This is a category of problems that require or would really benefit from Coordinated Action by the different actors along the stack. The next thing is what I love about what has been presented here, what we do with the IIF, is that these are bottom-up, spontaneous self-organizations, just like the ITF emerged, just like the other organizations emerged. This is multi-stakeholder, bottom-up initiatives in action. It actually is what is needed because the governments are hobbled by the jurisdictional challenges that prevent them from addressing cross-border issues. And the last thing is what is really interesting is that we see the emergence, and Graeme was here. Lucien, you’re talking about what you’re doing with the signal exchange. There are layers here. The IIF is a space for the discussion of what could be done by the different actors. We see the emergence of new intermediaries that handle the abuse workflow problem, management, and what you’re doing is contributing to the platforms for exchanging signals. And I think this is building the ecosystem that, at last, will allow later on to engage law enforcement and other actors so that the whole number of actors can, in a network fashion, address those abuses.
Keith Drazek: Thank you very much, Bertrand. And with that, we are two-plus minutes over time, so I think we probably need to move to wrap up. I just want to say thank you all very much. Thanks to the panelists. Thanks to everybody online. Thanks to you in the room. And we look forward to carrying this on. I wish we had another hour, but we need to close the session. So thank you very much.
Benoit Ampeau
Speech speed
141 words per minute
Speech length
1000 words
Speech time
423 seconds
Trust is essential for digital identities and blockchain integration presents unique governance and standardization challenges
Explanation
Trust is fundamental for the security of digital identities, and without it, users and businesses cannot operate effectively online. Integrating blockchain into existing DNS infrastructures raises questions about governance and standardizations, as global consistency and trust of all stakeholders in DNS have yet to be built for blockchain.
Evidence
AFNIC has been studying trust in DNS for many years and published a report on blockchain potentially replacing DNS, with ongoing evaluation of security levels in blockchain identifier systems
Major discussion point
Blockchain Identifiers and DNS Integration
Topics
Infrastructure | Cybersecurity | Legal and regulatory
Agreed with
– Swapneel Sheth
– Participant
Agreed on
Integration rather than replacement of DNS is the preferred approach for blockchain technologies
Disagreed with
– Participant
– Edmund Chung
Disagreed on
Value of blockchain enhancement to existing DNS security
Name collisions exist between blockchain identifiers and existing DNS domains, creating security risks
Explanation
The DNS RF study revealed collisions between blockchain identifiers and domain names, where the same identifier can be allocated by more than one blockchain, leading to duplication. This creates security issues similar to the problems encountered in the 2012 GTLD round with internal corporate suffixes.
Evidence
Examples include TLDs like .wallet and .crypto posing security issues, and findings of three providers with direct conflicts – one with eight conflicts, another with four, and one with one conflict with existing gTLDs and ccTLDs
Major discussion point
Blockchain Identifiers and DNS Integration
Topics
Infrastructure | Cybersecurity | Legal and regulatory
Swapneel Sheth
Speech speed
132 words per minute
Speech length
995 words
Speech time
451 seconds
DNS integrations with blockchain applications have potential but require responsible implementation to avoid security inconsistencies
Explanation
While there’s interest in using DNS domain names for blockchain applications like cryptocurrency transactions, these integrations come with challenges around domain transfers, expiration, and security risks. Without coordination, these systems will fall out of sync and undermine trust built in DNS over decades.
Evidence
Examples include blockchain wallets using long alphanumeric strings that are human-unfriendly, and the emergence of dozens of alternative namespaces trying to make blockchain interactions easier
Major discussion point
Blockchain Identifiers and DNS Integration
Topics
Infrastructure | Cybersecurity | Economic
Agreed with
– Benoit Ampeau
– Participant
Agreed on
Integration rather than replacement of DNS is the preferred approach for blockchain technologies
Multi-stakeholder collaboration is needed to develop standards and best practices for responsible DNS integrations
Explanation
The DNS community has proven resilient and adaptable with well-defined standards for transparency, control, and domain lifecycle management. These principles should inform how new blockchain integrations are built, requiring collective collaboration to preserve internet values of interoperability, trust, and collective ownership.
Evidence
VeriSign has published research papers and measurement studies on SSR issues in DNS integrations and is working with the community on standards development
Major discussion point
Blockchain Identifiers and DNS Integration
Topics
Infrastructure | Legal and regulatory | Cybersecurity
Agreed with
– Emily Taylor
– Participant
– Rima Amin
Agreed on
Multi-stakeholder collaboration is essential for addressing DNS challenges
Web3 community shows interest in responsible integration through collaborative draft development
Explanation
There is sufficient interest from the Web3 community to integrate responsibly with DNS, as evidenced by collaborative work on standards. A draft on responsible DNS integration considerations was recently adopted by the DNSOP Working Group at IETF.
Evidence
Co-authors include representatives from ENS (Ethereum Name Service) and Blue Sky (decentralized social media namespace), and there are ongoing hackathons and PQ DNSSEC side meetings at IETF
Major discussion point
Blockchain Identifiers and DNS Integration
Topics
Infrastructure | Digital standards | Legal and regulatory
Participant
Speech speed
180 words per minute
Speech length
1042 words
Speech time
345 seconds
Integration rather than replacement of DNS is crucial, with blockchain enhancing security as a secondary layer
Explanation
The critical choice is whether to integrate blockchain systems into the global domain name system or watch infrastructure fragment dangerously. Blockchain enhancement would build on top of existing DNSSEC as a secondary security layer, similar to quantum-resistant defense processes.
Evidence
Reference to GDC principles 2, 3, 4, and 5 for integrating cryptographic identity into DNS queries and enabling federated AI systems to detect fraud in real-time
Major discussion point
Blockchain Identifiers and DNS Integration
Topics
Infrastructure | Cybersecurity | Legal and regulatory
Agreed with
– Benoit Ampeau
– Swapneel Sheth
Agreed on
Integration rather than replacement of DNS is the preferred approach for blockchain technologies
Disagreed with
– Benoit Ampeau
– Edmund Chung
Disagreed on
Value of blockchain enhancement to existing DNS security
Multi-stakeholder processes within existing frameworks like ICANN are the only way forward for successful integration
Explanation
No single government, private entity, or civil society group can solve blockchain-DNS integration challenges alone. This requires multi-stakeholder engagement within existing frameworks, particularly ICANN and the GAC, to ensure successful integration in the next round.
Evidence
Reference to the upcoming ICANN new gTLD round in 2026 and the growing Web3 industry interest in applying for gTLDs
Major discussion point
Blockchain Identifiers and DNS Integration
Topics
Legal and regulatory | Infrastructure | Digital standards
Agreed with
– Emily Taylor
– Swapneel Sheth
– Rima Amin
Agreed on
Multi-stakeholder collaboration is essential for addressing DNS challenges
Edmund Chung
Speech speed
119 words per minute
Speech length
137 words
Speech time
68 seconds
DNSSEC already provides cryptographic validation, questioning the added value of blockchain for DNS security
Explanation
DNSSEC security extensions already provide cryptographic validation to prevent tampering with DNS responses. The question arises about how blockchain would add value beyond existing DNSSEC capabilities, and whether blockchain might be useful for registration data management.
Evidence
Mention of blockchain’s potential utility for registration data, domain transfers, ownership transfers, and authentication due to blockchain’s inherent characteristics
Major discussion point
Blockchain Identifiers and DNS Integration
Topics
Infrastructure | Cybersecurity | Digital standards
Disagreed with
– Participant
– Benoit Ampeau
Disagreed on
Value of blockchain enhancement to existing DNS security
Andrew Campling
Speech speed
148 words per minute
Speech length
333 words
Speech time
134 seconds
Web3 naming schemes lack mature governance structures and could benefit from DNS governance lessons
Explanation
Some Web3 naming schemes are designed with no governance as a feature, while others have immature governance simply due to their early stage of evolution. There are valuable governance lessons from the DNS approach that could be applied to these systems.
Evidence
Concerns about compute and environmental costs of doing cryptographic validation twice, and the need for caution in that direction
Major discussion point
Blockchain Identifiers and DNS Integration
Topics
Legal and regulatory | Infrastructure | Digital standards
Government action is needed to address DNS abuse gaps in ccTLD operations
Explanation
While ICANN has done great work tightening contracts to address DNS abuse issues, there’s a real gap in the lack of action by some ccTLDs. Governments need to step forward to address this gap in DNS abuse mitigation.
Major discussion point
Online Harm Mitigation and DNS Abuse
Topics
Legal and regulatory | Cybersecurity | Infrastructure
Disagreed with
– Keith Drazek
Disagreed on
Scope of DNS abuse definition and responsibility
Hilde Thunem
Speech speed
158 words per minute
Speech length
1119 words
Speech time
423 seconds
Identity verification requirements and domain limits create friction for scammers while maintaining accessibility for legitimate users
Explanation
The Norwegian .no domain requires identity verification through official registers and limits domain registrations (5 for individuals, 100 for companies). These requirements irritate scammers who need to either identify themselves or steal credentials, and get limited domain quantities, while not creating excessive burden for legitimate users.
Evidence
Requirements include Norwegian organization numbers or national identity numbers, verification through official registers, and the example that Santa Claus cannot get a .no domain because he doesn’t exist in official registers
Major discussion point
Online Harm Mitigation and DNS Abuse
Topics
Legal and regulatory | Cybersecurity | Digital identities
Legal frameworks with clear responsibilities and due process are essential for addressing compromised domains
Explanation
Norwegian law establishes that domain holders are responsible for domain use, with clear legal processes for authorities to act when domains are used for crimes. This includes police powers to seize domains and Consumer Protection Agency authority to require domain deletion or transfer, all with due process requirements.
Evidence
Supreme Court principle from 2009, revised Electronic Communication Act providing legal clarity, and distinction between compromised domains (where holders are victims) versus maliciously registered domains
Major discussion point
Online Harm Mitigation and DNS Abuse
Topics
Legal and regulatory | Cybersecurity | Jurisdiction
Lucien Taylor
Speech speed
146 words per minute
Speech length
1186 words
Speech time
485 seconds
Cross-sectoral international signal sharing is needed to combat the rising scale of cybercrime
Explanation
The Global Signal Exchange was created in response to multi-stakeholder community demand for a missing organization in the fight against scams and fraud. Cybercrime is rising relentlessly, and criminals are moving faster than defenders, exploiting cross-border legislative tensions and sharing bad intelligence better than legitimate actors share good intelligence.
Evidence
160 organizations in accreditation pipeline, commitment from big tech including Meta and Google, negotiations with governments and law enforcement, and examples of relentless scam messages on family phones
Major discussion point
Online Harm Mitigation and DNS Abuse
Topics
Cybersecurity | Legal and regulatory | Jurisdiction
Real-time threat detection and improved feedback loops are necessary to reduce time-to-mitigation for scams
Explanation
The GSE focuses on ‘Quick Factors’ – quantity, immediacy, and quality of threat signals. Current systems take an average of four days between detection and mitigation, which needs to be reduced through real-time detection, federated AI models, and improved feedback loops between signal providers and mitigators.
Evidence
Growth from 40 million to 270 million threat signals (rising by 1 million daily), comparison with Action Fraud receiving only 30,000 monthly signals, and development of confidence scores and overlap detection
Major discussion point
Online Harm Mitigation and DNS Abuse
Topics
Cybersecurity | Infrastructure | Economic
Agreed with
– Graeme Bunton
– Rima Amin
Agreed on
Proactive and automated approaches are necessary to address the scale of online abuse
Rima Amin
Speech speed
164 words per minute
Speech length
980 words
Speech time
356 seconds
DNS abuse accelerates harm across multiple threat areas including domain spoofing, cyber-squatting, and deceptive redirects
Explanation
Meta’s security policy team sees DNS abuse accelerating harm across influence operations, cyber espionage, hacking, and fraud/scams. Key areas include domain spoofing that resembles legitimate domains, cyber-squatting that impersonates businesses and brands, and deceptive redirects that route users to malicious websites.
Evidence
Examples include compromised accounts being used to manage business profiles, link aggregators and shorteners being used to evade detection, and taking down 9,000 URLs impersonating Meta brands
Major discussion point
Online Harm Mitigation and DNS Abuse
Topics
Cybersecurity | Consumer protection | Digital identities
Agreed with
– Lucien Taylor
– Graeme Bunton
Agreed on
Proactive and automated approaches are necessary to address the scale of online abuse
Global solutions and consistent approaches are needed rather than fragmented country-specific responses
Explanation
Due to the global nature of the internet, fragmented country-specific approaches to DNS abuse are insufficient. Global solutions with consistent approaches would be more effective than the current situation where many countries try to tackle abuse in their own way.
Evidence
Meta’s efforts to share intelligence through existing industry signal sharing programs and participation in GSE for cross-sector sharing
Major discussion point
Online Harm Mitigation and DNS Abuse
Topics
Legal and regulatory | Jurisdiction | Cybersecurity
Agreed with
– Emily Taylor
– Swapneel Sheth
– Participant
Agreed on
Multi-stakeholder collaboration is essential for addressing DNS challenges
Graeme Bunton
Speech speed
186 words per minute
Speech length
1108 words
Speech time
356 seconds
DNS abuse is concentrated among a small number of registrars, making the problem manageable through targeted action
Explanation
NetBeacon’s measurement data shows that 95% of malicious domains belong to about 50 registrars or less, with 80% belonging to less than 20 registrars. This concentration means the problem space is manageable and collective action can be effective.
Evidence
Three years of public data from NetBeacon Map showing concentration patterns, and observation of abuse concentrating in smaller numbers of highly abused registrars following ICANN contract amendments
Major discussion point
Online Harm Mitigation and DNS Abuse
Topics
Cybersecurity | Infrastructure | Legal and regulatory
Proactive processes and automation are essential given the scale of abuse that reactive reporting cannot handle
Explanation
NetBeacon processes around 20,000 abuse reports monthly, with peak days of 6,000-7,000 reports to individual registries or registrars. This scale demonstrates that reactive abuse reporting alone is insufficient and proactive, automated processes are necessary.
Evidence
NetBeacon Reporter handling 20,000 monthly reports, standardizing and enriching reports, distributing to multiple internet stack layers, and receiving feedback on report quality and response times
Major discussion point
Online Harm Mitigation and DNS Abuse
Topics
Cybersecurity | Infrastructure | Digital standards
Agreed with
– Lucien Taylor
– Rima Amin
Agreed on
Proactive and automated approaches are necessary to address the scale of online abuse
Keith Drazek
Speech speed
165 words per minute
Speech length
2362 words
Speech time
856 seconds
ICANN’s DNS abuse definition is necessarily narrow due to content restrictions in bylaws
Explanation
ICANN’s definition of DNS abuse is relatively narrow by necessity because ICANN’s bylaws prohibit involvement in content-related matters. When discussions move into content-related harms, there’s a bright line that ICANN cannot cross.
Evidence
Reference to other venues like the Internet Infrastructure Forum where content-related discussions can take place outside ICANN’s constraints
Major discussion point
Online Harm Mitigation and DNS Abuse
Topics
Legal and regulatory | Content policy | Infrastructure
Disagreed with
– Andrew Campling
Disagreed on
Scope of DNS abuse definition and responsibility
Bertrand Lachapelle
Speech speed
159 words per minute
Speech length
355 words
Speech time
133 seconds
Coordinated action across the internet stack is needed for ‘theft by deception’ categories of abuse
Explanation
The Internet Infrastructure Forum addresses abuses that cannot be handled within ICANN’s environment by engaging actors beyond DNS operators. Scams and fraud represent ‘theft by deception’ categories that require coordinated action by different actors along the internet stack.
Evidence
The IIF as a bottom-up, multi-stakeholder initiative that started in February, emergence of new intermediaries handling abuse workflow management, and platforms for exchanging signals
Major discussion point
Online Harm Mitigation and DNS Abuse
Topics
Legal and regulatory | Cybersecurity | Jurisdiction
Emily Taylor
Speech speed
133 words per minute
Speech length
346 words
Speech time
155 seconds
Multi-stakeholder coordination is essential for addressing complex DNS evolution challenges
Explanation
The workshop addresses issues requiring the domain name system to evolve to cope with emerging challenges like blockchain identifiers and online harms mitigation. Each of these issues is complex in nature and requires coordination of multiple stakeholders to be effectively addressed.
Evidence
The workshop was organized jointly by the Dynamic Coalition on DNS Issues and the Dynamic Coalition on Data and Trust, bringing together various stakeholders
Major discussion point
Blockchain Identifiers and DNS Integration
Topics
Infrastructure | Legal and regulatory | Digital standards
Agreed with
– Swapneel Sheth
– Participant
– Rima Amin
Agreed on
Multi-stakeholder collaboration is essential for addressing DNS challenges
Audience
Speech speed
130 words per minute
Speech length
114 words
Speech time
52 seconds
Government institutions should adopt national domain extensions to strengthen digital identity and cybersecurity
Explanation
A participant from Senegal highlighted that despite having a .sn domain since the 1980s, government institutions still use generic domains like .gmail for official communications, which creates cybersecurity risks. The speaker asked for expert recommendations on how to encourage government use of national domains to establish proper digital identity and strengthen security.
Evidence
Senegal has had DNS since the 1980s but institutions use .gmail instead of .sn, and the State of Senegal was recently victim of two cyber attacks
Major discussion point
Online Harm Mitigation and DNS Abuse
Topics
Digital identities | Cybersecurity | Legal and regulatory
Agreements
Agreement points
Multi-stakeholder collaboration is essential for addressing DNS challenges
Speakers
– Emily Taylor
– Swapneel Sheth
– Participant
– Rima Amin
Arguments
Multi-stakeholder coordination is essential for addressing complex DNS evolution challenges
Multi-stakeholder collaboration is needed to develop standards and best practices for responsible DNS integrations
Multi-stakeholder processes within existing frameworks like ICANN are the only way forward for successful integration
Global solutions and consistent approaches are needed rather than fragmented country-specific responses
Summary
All speakers agree that the complex challenges facing DNS – whether from blockchain integration or online harms – require coordinated multi-stakeholder approaches rather than fragmented individual efforts
Topics
Infrastructure | Legal and regulatory | Digital standards
Integration rather than replacement of DNS is the preferred approach for blockchain technologies
Speakers
– Benoit Ampeau
– Swapneel Sheth
– Participant
Arguments
Trust is essential for digital identities and blockchain integration presents unique governance and standardization challenges
DNS integrations with blockchain applications have potential but require responsible implementation to avoid security inconsistencies
Integration rather than replacement of DNS is crucial, with blockchain enhancing security as a secondary layer
Summary
Speakers consistently advocate for responsible integration of blockchain technologies with existing DNS infrastructure rather than attempting to replace the established system
Topics
Infrastructure | Cybersecurity | Legal and regulatory
Proactive and automated approaches are necessary to address the scale of online abuse
Speakers
– Lucien Taylor
– Graeme Bunton
– Rima Amin
Arguments
Real-time threat detection and improved feedback loops are necessary to reduce time-to-mitigation for scams
Proactive processes and automation are essential given the scale of abuse that reactive reporting cannot handle
DNS abuse accelerates harm across multiple threat areas including domain spoofing, cyber-squatting, and deceptive redirects
Summary
All speakers working on abuse mitigation agree that the current scale of online abuse requires moving beyond reactive approaches to proactive, automated, and real-time detection and response systems
Topics
Cybersecurity | Infrastructure | Digital standards
Similar viewpoints
These speakers share skepticism about the technical necessity and governance maturity of blockchain naming systems, emphasizing that existing DNS security mechanisms may already address many concerns
Speakers
– Benoit Ampeau
– Edmund Chung
– Andrew Campling
Arguments
Name collisions exist between blockchain identifiers and existing DNS domains, creating security risks
DNSSEC already provides cryptographic validation, questioning the added value of blockchain for DNS security
Web3 naming schemes lack mature governance structures and could benefit from DNS governance lessons
Topics
Infrastructure | Cybersecurity | Digital standards
Both speakers demonstrate that DNS abuse problems are manageable through targeted interventions – whether through registration requirements or focusing on high-abuse registrars
Speakers
– Hilde Thunem
– Graeme Bunton
Arguments
Identity verification requirements and domain limits create friction for scammers while maintaining accessibility for legitimate users
DNS abuse is concentrated among a small number of registrars, making the problem manageable through targeted action
Topics
Legal and regulatory | Cybersecurity | Infrastructure
These speakers advocate for coordinated, cross-sector approaches to combat online abuse, emphasizing that fragmented national or sector-specific responses are insufficient
Speakers
– Lucien Taylor
– Rima Amin
– Bertrand Lachapelle
Arguments
Cross-sectoral international signal sharing is needed to combat the rising scale of cybercrime
Global solutions and consistent approaches are needed rather than fragmented country-specific responses
Coordinated action across the internet stack is needed for ‘theft by deception’ categories of abuse
Topics
Legal and regulatory | Jurisdiction | Cybersecurity
Unexpected consensus
Web3 community willingness to engage in responsible integration
Speakers
– Swapneel Sheth
– Participant
Arguments
Web3 community shows interest in responsible integration through collaborative draft development
Multi-stakeholder processes within existing frameworks like ICANN are the only way forward for successful integration
Explanation
Despite potential tensions between traditional DNS governance and decentralized blockchain philosophies, there appears to be unexpected willingness from Web3 communities to work within existing multi-stakeholder frameworks and develop responsible integration standards
Topics
Infrastructure | Digital standards | Legal and regulatory
Concentration of DNS abuse making the problem manageable
Speakers
– Graeme Bunton
– Hilde Thunem
Arguments
DNS abuse is concentrated among a small number of registrars, making the problem manageable through targeted action
Identity verification requirements and domain limits create friction for scammers while maintaining accessibility for legitimate users
Explanation
Rather than DNS abuse being an overwhelming distributed problem, there’s consensus that it’s actually concentrated and manageable through targeted interventions, which is more optimistic than might be expected
Topics
Cybersecurity | Infrastructure | Legal and regulatory
Overall assessment
Summary
The speakers demonstrate strong consensus on the need for multi-stakeholder collaboration, responsible integration of new technologies with existing DNS infrastructure, and coordinated approaches to combat online abuse. There’s agreement that both blockchain integration and abuse mitigation require proactive, systematic approaches rather than fragmented responses.
Consensus level
High level of consensus with significant implications for policy development. The agreement suggests that the DNS community is aligned on fundamental principles of responsible innovation and coordinated abuse mitigation, providing a strong foundation for developing concrete standards and implementation frameworks. The consensus spans technical, policy, and operational perspectives, indicating mature understanding of the challenges and viable paths forward.
Differences
Different viewpoints
Value of blockchain enhancement to existing DNS security
Speakers
– Participant
– Benoit Ampeau
– Edmund Chung
Arguments
Integration rather than replacement of DNS is crucial, with blockchain enhancing security as a secondary layer
Trust is essential for digital identities and blockchain integration presents unique governance and standardization challenges
DNSSEC already provides cryptographic validation, questioning the added value of blockchain for DNS security
Summary
While the Participant advocates for blockchain as a secondary security layer on top of DNSSEC, Edmund Chung questions whether blockchain adds value beyond existing DNSSEC capabilities, and Benoit Ampeau emphasizes the governance and standardization challenges that blockchain integration presents.
Topics
Infrastructure | Cybersecurity | Digital standards
Scope of DNS abuse definition and responsibility
Speakers
– Keith Drazek
– Andrew Campling
Arguments
ICANN’s DNS abuse definition is necessarily narrow due to content restrictions in bylaws
Government action is needed to address DNS abuse gaps in ccTLD operations
Summary
Keith Drazek defends ICANN’s narrow definition of DNS abuse as necessary due to bylaw restrictions on content matters, while Andrew Campling argues for broadening the definition and criticizes the lack of action by ccTLDs, suggesting governments should step forward.
Topics
Legal and regulatory | Cybersecurity | Infrastructure
Unexpected differences
Environmental and computational costs of dual cryptographic validation
Speakers
– Andrew Campling
– Participant
Arguments
Web3 naming schemes lack mature governance structures and could benefit from DNS governance lessons
Integration rather than replacement of DNS is crucial, with blockchain enhancing security as a secondary layer
Explanation
Andrew Campling raised an unexpected concern about the environmental and computational costs of doing cryptographic validation twice (both DNSSEC and blockchain), which wasn’t anticipated in a discussion primarily focused on technical integration challenges. This practical sustainability concern contrasts with the Participant’s focus on security enhancement benefits.
Topics
Infrastructure | Cybersecurity | Development
Overall assessment
Summary
The discussion revealed relatively low levels of fundamental disagreement, with most speakers sharing common goals around maintaining DNS security and stability while enabling innovation. The main disagreements centered on technical approaches (blockchain value-add vs. existing DNSSEC) and governance scope (narrow vs. broad DNS abuse definitions).
Disagreement level
Low to moderate disagreement level. The speakers generally aligned on core principles but differed on implementation approaches and technical solutions. This suggests that while there are legitimate concerns to address, the multi-stakeholder community has sufficient common ground to work toward collaborative solutions for both blockchain integration and DNS abuse mitigation.
Partial agreements
Partial agreements
Similar viewpoints
These speakers share skepticism about the technical necessity and governance maturity of blockchain naming systems, emphasizing that existing DNS security mechanisms may already address many concerns
Speakers
– Benoit Ampeau
– Edmund Chung
– Andrew Campling
Arguments
Name collisions exist between blockchain identifiers and existing DNS domains, creating security risks
DNSSEC already provides cryptographic validation, questioning the added value of blockchain for DNS security
Web3 naming schemes lack mature governance structures and could benefit from DNS governance lessons
Topics
Infrastructure | Cybersecurity | Digital standards
Both speakers demonstrate that DNS abuse problems are manageable through targeted interventions – whether through registration requirements or focusing on high-abuse registrars
Speakers
– Hilde Thunem
– Graeme Bunton
Arguments
Identity verification requirements and domain limits create friction for scammers while maintaining accessibility for legitimate users
DNS abuse is concentrated among a small number of registrars, making the problem manageable through targeted action
Topics
Legal and regulatory | Cybersecurity | Infrastructure
These speakers advocate for coordinated, cross-sector approaches to combat online abuse, emphasizing that fragmented national or sector-specific responses are insufficient
Speakers
– Lucien Taylor
– Rima Amin
– Bertrand Lachapelle
Arguments
Cross-sectoral international signal sharing is needed to combat the rising scale of cybercrime
Global solutions and consistent approaches are needed rather than fragmented country-specific responses
Coordinated action across the internet stack is needed for ‘theft by deception’ categories of abuse
Topics
Legal and regulatory | Jurisdiction | Cybersecurity
Takeaways
Key takeaways
Trust is fundamental for digital identities and DNS systems, requiring careful integration of new technologies like blockchain rather than replacement
Name collisions between blockchain identifiers and existing DNS domains create security risks that need proactive management
Multi-stakeholder collaboration is essential for developing responsible DNS-blockchain integration standards and addressing online harms
DNS abuse is concentrated among a small number of registrars (95% from ~50 registrars), making targeted action feasible
Cross-sectoral international signal sharing and real-time threat detection are critical for combating the rising scale of cybercrime
Identity verification requirements and domain limits can create effective friction for scammers while maintaining legitimate user access
Proactive processes and automation are necessary given the scale of abuse that reactive reporting alone cannot handle
Legal frameworks with clear responsibilities and due process are essential for addressing compromised domains
The internet infrastructure requires coordinated action across the entire stack to effectively combat ‘theft by deception’ categories of abuse
Resolutions and action items
Continue multi-stakeholder engagement through Dynamic Coalitions on DNS Issues and Data and Trust
Develop risk assessment framework for blockchain identifier systems (AFNIC and DNSRF collaboration)
Advance responsible DNS integration standards through IETF DNSOP Working Group drafts
Expand Global Signal Exchange participation with 160 organizations in accreditation pipeline
Utilize Internet Infrastructure Forum as a space for discussing cross-border abuse coordination
Engage ICANN GAC and other stakeholders in next GTLD round to address blockchain integration concerns
Continue development of NetBeacon tools for abuse reporting and mitigation
Promote post-quantum DNSSEC development through hackathons and IETF meetings
Unresolved issues
How to ensure blockchain community participation in responsible integration efforts and what incentives exist for their engagement
Whether blockchain provides meaningful security enhancement over existing DNSSEC given computational and environmental costs
How to address DNS abuse gaps in ccTLD operations and encourage government action
How to broaden ICANN’s narrow DNS abuse definition while respecting content restrictions in bylaws
How to scale abuse mitigation processes to handle millions of daily threat signals effectively
How to develop global consistent approaches for DNS abuse rather than fragmented country-specific responses
How to improve feedback loops and evidence quality in threat intelligence sharing
How to encourage government institutions to use national ccTLDs for digital identity and security purposes
Suggested compromises
Integration rather than replacement of DNS with blockchain technologies, using blockchain as a secondary security layer
Responsible DNS integration that preserves existing DNS governance while enabling new blockchain use cases
Behavior-based trust systems rather than purely identity-based systems for platform access
Coordinated multi-layer approach involving registries, registrars, hosting providers, and content delivery networks
Bottom-up, multi-stakeholder self-organization initiatives to address cross-border jurisdictional challenges
Balanced approach between creating friction for bad actors while maintaining accessibility for legitimate users
Combination of reactive abuse reporting with proactive automated detection and prevention systems
Thought provoking comments
The critical choice I want to highlight is that we need to answer the question… do we integrate this blockchain system into the global domain name system, or do we watch our infrastructure fragment in dangerous ways in which fraud will likely just intensify?
Speaker
Esther Yarmitsky
Reason
This comment reframed the entire blockchain-DNS discussion from a technical implementation question to a fundamental strategic choice about internet infrastructure integrity. It elevated the conversation beyond technical details to existential concerns about internet fragmentation and security.
Impact
This shifted the discussion from ‘how to integrate’ to ‘why we must integrate responsibly.’ It connected the blockchain naming discussion directly to fraud prevention, creating a bridge between the two main topics of the workshop and emphasizing urgency in decision-making.
DNS integrations come with their own set of challenges. For example, how do we think about a domain name that’s transferred or expires after the domain name has been integrated into the blockchain application? How do we avoid risks… with inconsistencies, with the security concerns that come along when the same names are used across multiple systems?
Speaker
Swapneel Sheth
Reason
This comment introduced concrete technical challenges that hadn’t been fully articulated, moving beyond theoretical concerns to practical implementation issues. It highlighted the lifecycle management problems that could undermine trust in both systems.
Impact
This grounded the discussion in practical realities and led to more detailed technical exchanges about DNSSEC, governance models, and the need for standards. It prompted Andrew Campling’s intervention about governance lessons from DNS that could benefit blockchain systems.
The criminals are moving faster than us. They’re exploiting cross-border legislative tensions and sharing bad things between each other better than we share things.
Speaker
Lucien Taylor
Reason
This stark observation highlighted a fundamental asymmetry in the fight against online harms – that criminal networks are more agile and collaborative than legitimate defense systems. It challenged the assumption that current approaches are adequate.
Impact
This comment shifted the tone from technical solutions to strategic urgency, emphasizing the need for speed and coordination. It provided context for why initiatives like the Global Signal Exchange are necessary and influenced subsequent discussions about real-time threat detection and cross-sector collaboration.
95% of the malicious domains that we see belong to about 50 registrars or less, 80% belongs to less than 20… The problem space is not huge. There’s differences between the registrars and TLDs also in that data. But we can sort of wrap our collective arms around the scope of that problem.
Speaker
Graeme Bunton
Reason
This data-driven insight fundamentally reframed the scale of the DNS abuse problem from seemingly overwhelming to manageable, while also pinpointing where efforts should be concentrated. It provided concrete evidence that targeted interventions could be highly effective.
Impact
This shifted the discussion from broad, systemic concerns to focused, actionable solutions. It influenced Andrew Campling’s follow-up question about ccTLD accountability and reinforced the importance of data-driven approaches that other speakers had mentioned.
The real gap here is the lack of action by some of the ccTLDs. So, how do we get governments to also step forward to address this? So, maybe this is the right forum for that, as some of them are here.
Speaker
Andrew Campling
Reason
This comment identified a critical governance gap in the multi-stakeholder approach to DNS abuse, pointing out that while ICANN has tightened gTLD contracts, ccTLDs operate under different governance models that may not be addressing abuse adequately.
Impact
This intervention highlighted the limitations of current policy approaches and the need for government engagement, connecting technical solutions to policy and governance challenges. It demonstrated how the multi-stakeholder model itself has gaps that need addressing.
This whole thing is a speed and scale challenge and it’s a data challenge. It’s a data sharing challenge… we see the emergence of new intermediaries that handle the abuse workflow problem, management… this is building the ecosystem that, at last, will allow later on to engage law enforcement and other actors.
Speaker
Bertrand Lachapelle
Reason
This synthesized the entire discussion by identifying the core challenges (speed, scale, data sharing) and recognizing the emergence of new institutional forms to address these challenges. It provided a systems-level view of how various initiatives fit together.
Impact
This comment served as a capstone that tied together the various threads of discussion, showing how technical solutions, policy initiatives, and new organizational forms are part of an evolving ecosystem response to online harms.
Overall assessment
These key comments fundamentally shaped the discussion by elevating it from technical implementation details to strategic infrastructure decisions, introducing concrete data that reframed problem scope, and highlighting critical governance gaps. Esther’s framing of integration versus fragmentation set the stakes, while Swapneel’s technical challenges grounded the discussion in practical realities. Lucien’s observation about criminal agility created urgency, Graeme’s data provided actionable focus, Andrew’s governance critique exposed policy gaps, and Bertrand’s synthesis showed how various initiatives form an emerging ecosystem response. Together, these interventions transformed what could have been separate technical and policy discussions into a coherent analysis of how internet infrastructure must evolve to address emerging threats while maintaining trust and stability.
Follow-up questions
How do we ensure responsible integration happens in a multi-stakeholder manner?
Speaker
Carolina from Oxhill
Explanation
This addresses the governance challenge of coordinating multiple stakeholders in blockchain-DNS integration while maintaining security and trust
How to get the blockchain community to participate – what incentives exist for them to participate?
Speaker
Carolina from Oxhill
Explanation
Understanding motivation and incentive structures is crucial for successful multi-stakeholder engagement in responsible DNS integration
How can we get more work done to broaden the definition of DNS abuse so it has even more impact?
Speaker
Andrew Campling
Explanation
Current ICANN definition of DNS abuse is narrow and doesn’t address issues like CSAM, limiting the scope of mitigation efforts
How do we get governments to step forward to address DNS abuse issues, particularly regarding ccTLD action?
Speaker
Andrew Campling
Explanation
There’s a gap in enforcement where some ccTLDs are not taking adequate action against DNS abuse, requiring government intervention
What would experts propose to help states use their ccTLD in administrative services for digital identity and security strengthening?
Speaker
Yuv from Senegal
Explanation
Many government institutions use generic domains instead of their national ccTLD, creating cybersecurity risks and undermining digital identity
Will blockchain identifier solution providers engage in responsible integration with DNS?
Speaker
Benoit Ampeau
Explanation
Uncertainty exists about whether blockchain providers will participate in responsible integration frameworks being developed
How can federated AI systems be effectively integrated to detect fraud in real-time on top of existing DNS structures?
Speaker
Esther Yarmitsky
Explanation
This represents a technical challenge for implementing AI-powered fraud detection while maintaining DNS stability and performance
How can we develop improved, reliable, and accessible proactive processes for DNS abuse mitigation?
Speaker
Graeme Bunton
Explanation
Current reactive approaches don’t scale effectively – proactive measures are needed to get ahead of abuse at the scale it’s occurring
How can we improve the feedback loop mechanism for threat intelligence signals?
Speaker
Lucien Taylor
Explanation
Developing effective feedback loops is challenging but essential for improving signal quality and creating evidence-based data for enforcement
How can we achieve global consistency in approaches to online harm mitigation across different jurisdictions?
Speaker
Rima Amin
Explanation
Different countries are tackling online harms in their own ways – a consistent global approach would be more effective given the internet’s borderless nature
Disclaimer: This is not an official session record. DiploAI generates these resources from audiovisual recordings, and they are presented as-is, including potential errors. Due to logistical challenges, such as discrepancies in audio/video or transcripts, names may be misspelled. We strive for accuracy to the best of our ability.
Related event
