Back

30(a) Security Policy: Summary of the security policy for the proposed registry

gTLDFull Legal NameE-mail suffixDetail
.manMAN SEknipp.deView
Q30 a) - External Technical & Operational Capability

This chapter presents an abstract, high-level description of the security principles governing the operation of the .man TLD by the MAN SE. Since this part of the response is published, detailed information is not included in this part of the answer, however an exhaustive description of the employed security measures is presented in the answer to Question 30 b).

Knipp Medien und Kommunikation GmbH is currently in the process of being certified according to the ISO 27001 standard. The completion of the certification process is estimated for Q4⁄2012.


1. Security Policy

As MAN SE does not perform the technical operation of the registry itself, but has contracted Knipp Medien und Kommunikation GmbH for that purpose, MAN SE defines a general security policy framework that is imposed on itself, Knipp and all further contractors and subcontractors. All participating entities have to ensure that their security policies meet the requirements of the framework.

The security policy framework has the following key objectives:

* confidentiality
* access
* accountability
* availability

These objectives are further explained in the following.


1.1 Confidentiality

Confidentiality means the protection of private, proprietary and other sensitive information from entities that neither have a right or a need to gain access to it. Information includes, but is not limited to, registration data, registrar data, financial data, contracts, human resources data, and other business and technical data. To achieve this, all managed data are categorised into the classes ʺhighly sensitiveʺ, ʺconfidentialʺ and ʺpublicʺ, which then define the base levels for the respective protective measures. With respect to the determined classification, for each set of data it is defined

* where the data is stored,
* how it is backed up,
* what protective measures are taken both for the data itself and its backups,
* how long the data is retained and how it is safely destroyed once the information is no longer required,
* how it is protected from illicit access,
* how legitimate access and modification is controlled,
* to which extent the data has to be auditable and
* which regular audits are performed.


1.2 Access

Access defines the rights, privileges and the mechanisms by which assets of the MAN SE are being protected. Assets may refer to physical items like desktop computers, notebooks, servers, network devices and other equipment, or to logical items like registration data, e-mails and communication logs, passwords or cryptographic key material. For each entity (i.e., person or machine) that is granted access, it is clearly defined

* for which purpose the access is granted,
* to which level the entity can view or change the data, partially or in whole,
* which obligations are imposed on the holder of the access rights,
* at which frequency the grant is revisited, i.e. checked whether it is still required to uphold the grant.


1.3 Accountability

Accountability defines the responsibilities of staff members and management with respect to security aspects. This includes

* handling of passwords and security tokens,
* reviewing audit logs and identifying potential security violations,
* management of security and access control and
* reporting of potential security breaches.

Staff members are made aware of their responsibilities on the assignment of duties and on a regular basis.


1.4 Availability

For each facet of the registry operation, beyond the requirements of ICANN, it is determined which service level is required, i.e.

* the availability requirements, defining the desired relative availability over a period of time (typically one month), including the allowed maximum planned and unplanned outage times,
* the recovery time objective and
* the recovery point objective, if applicable.


1.5 Security Role Concept

For the MAN SE, the considerations above manifest themselves in an exhaustive security role concept, which defines roles carrying certain access privileges and responsibilities. Employees at the MAN SE are assigned one or multiple roles identified by this concept, which clearly defines their duties and access rights.


2. Security Commitments to Users of the .man TLD


2.1 Abuse Prevention and Mitigation

As discussed in detail in the answer to Question 28, the registry has taken various precautions to reduce the probability that the domain names within .man are being used in connection with abusive or criminal activities.


2.2 Reliability and Availability of DNS

Various technical measures ensure a 100% availability of the DNS, as well as reliable, accurate and fast responses. A highly protected DNSSEC infrastructure ensures that the digital signatures contained in the DNS are trustworthy.


2.3 Technical Progress

The MAN SE is committed to employ state-of-the-art security measures on an ongoing basis. This includes, for example, the use of current and secure software, fast patches of security affecting bugs, and the adoption of new security related technologies as they become available.


3. Security Commitments to Registrants


3.1 Protection of Investment

With the commercialisation of the Internet, domain names have become valuable assets. Domain names are no longer simply a more or less convenient handle for cryptic IP addresses, but as brands they have become the base for whole businesses worth millions to billions. Also, with domain names, lifestyles (ʺtwitterʺ, ʺfacebookʺ generations) and communities are associated. Therefore, the loss, abuse or unavailability of a domain name, be it temporary or permanently, may cause significant damage to the domain name registrant.

The MAN SE fully recognises this. With its highly developed technical and administrative security framework, MAN SE has taken the necessary measures to protect the investments of registrants in their names. Due to the domain auto-renew mechanism, a valid domain is never deleted by the registry itself. In addition, the Redemption Grace Period provides extra protection if a request to delete the domain is inadvertently issued by the registrant himself or by the entrusted registrar. Also, if it can be proven that a domain has been illegally moved to a different registrant, this is reverted by the registry to to original state.


3.2 Adherence to Registration Policy

The registration policy clearly defines the conditions by which potential registrants may register domain names. The registrants can rest assured that the registry strictly adheres to these rules. In detail,

* The registry guarantees equal opportunity if multiple registrants meet the registration conditions in the same way.
* The registry applies a clear procedure for handling violations of the registration policy. The registrant has the ability to correct the violations before further actions are taken by the registry; he has also the right to appeal if he believes that the grounds for the registryʹs decisions are invalid.
* The registry maintains its neutrality in conflicts, unless forced by ICANNʹs Uniform Dispute Resolution Policy (UDRP) and Uniform Rapid Suspension (URS).


3.3 Privacy of Registrant Data

While the registry is strongly committed to data protection and privacy, only limited commitments can be made with respect to registrant data. This is owed to various requirements imposed by ICANN for the right to operate the registry.

First, the registry is required to provide so-called Registration Data Directory Services (RDDS). On the one hand, this allows the anonymous public to retrieve information on the registrant of a domain name. The registry tries to mitigate the impact by taking measures against data mining and by fully supporting EPPʹs disclosure settings, which allow the registrant (via the registrar) to restrict the exposure of specific data fields (within the limits of ICANN requirements).

On the other hand, as part of the RDDS, the registry is also required to grant access to the data to eligible users and institutions with legitimate interest, not limited to law enforcement agencies. The registry will monitor the activities of these entities and will withdraw the access if there are indications of excessive or abusive use.

Second, the registry has to give access to the registrant data to ICANN as part of the escrow requirement. While the data is encrypted by a public key of ICANN and thus safe from access by third parties, no guarantees can be given about the data handling by ICANN.

The registry adds a declaration about the data handling to the registration agreement in order to make a potential registrant aware of the limited privacy.

gTLDFull Legal NameE-mail suffixDetail
.eusPuntueus Fundazioapuntueus.orgView

Q30 a) - External Technical & Operational Capability

This chapter presents an abstract, high-level description of the security principles governing the operation of the .eus TLD by the .eus Registry. Since this part of the response is published, detailed information is not included in this part of the answer, however an exhaustive description of the employed security measures is presented in the answer to Question 30 b).

Knipp Medien und Kommunikation GmbH, the technical provider for CORE Internet Council of Registrars, is currently in the process of being certified according to the ISO 27001 standard. The completion of the certification process is estimated for Q4⁄2012.


1. Security Policy

As .eus Registry does not perform the technical operation of the registry itself, but has contracted CORE Internet Council of Registrars for that purpose, .eus Registry defines a general security policy framework that is imposed on itself, CORE and all further contractors and subcontractors. All participating entities have to ensure that their security policies meet the requirements of the framework.

The security policy framework has the following key objectives:

* confidentiality
* access
* accountability
* availability

These objectives are further explained in the following.


1.1 Confidentiality

Confidentiality means the protection of private, proprietary and other sensitive information from entities that neither have a right or a need to gain access to it. Information includes, but is not limited to, registration data, registrar data, financial data, contracts, human resources data, and other business and technical data. To achieve this, all managed data are categorised into the classes ʺhighly sensitiveʺ, ʺconfidentialʺ and ʺpublicʺ, which then define the base levels for the respective protective measures. With respect to the determined classification, for each set of data it is defined

* where the data is stored,
* how it is backed up,
* what protective measures are taken both for the data itself and its backups,
* how long the data is retained and how it is safely destroyed once the information is no longer required,
* how it is protected from illicit access,
* how legitimate access and modification is controlled,
* to which extent the data has to be auditable and
* which regular audits are performed.


1.2 Access

Access defines the rights, privileges and the mechanisms by which assets of the .eus Registry are being protected. Assets may refer to physical items like desktop computers, notebooks, servers, network devices and other equipment, or to logical items like registration data, e-mails and communication logs, passwords or cryptographic key material. For each entity (i.e., person or machine) that is granted access, it is clearly defined

* for which purpose the access is granted,
* to which level the entity can view or change the data, partially or in whole,
* which obligations are imposed on the holder of the access rights,
* at which frequency the grant is revisited, i.e. checked whether it is still required to uphold the grant.


1.3 Accountability

Accountability defines the responsibilities of staff members and management with respect to security aspects. This includes

* handling of passwords and security tokens,
* reviewing audit logs and identifying potential security violations,
* management of security and access control and
* reporting of potential security breaches.

Staff members are made aware of their responsibilities on the assignment of duties and on a regular basis.


1.4 Availability

For each facet of the registry operation, beyond the requirements of ICANN, it is determined which service level is required, i.e.

* the availability requirements, defining the desired relative availability over a period of time (typically one month), including the allowed maximum planned and unplanned outage times,
* the recovery time objective and
* the recovery point objective, if applicable.


1.5 Security Role Concept

For the .eus Registry, the considerations above manifest themselves in an exhaustive security role concept, which defines roles carrying certain access privileges and responsibilities. Employees at the .eus Registry are assigned one or multiple roles identified by this concept, which clearly defines their duties and access rights.


2. Security Commitments to Users of the .eus TLD


2.1 Abuse Prevention and Mitigation

As discussed in detail in the answer to Question 28, the registry has taken various precautions to reduce the probability that the domain names within .eus are being used in connection with abusive or criminal activities.


2.2 Reliability and Availability of DNS

Various technical measures ensure a 100% availability of the DNS, as well as reliable, accurate and fast responses. A highly protected DNSSEC infrastructure ensures that the digital signatures contained in the DNS are trustworthy.


2.3 Technical Progress

The .eus Registry is committed to employ state-of-the-art security measures on an ongoing basis. This includes, for example, the use of current and secure software, fast patches of security affecting bugs, and the adoption of new security related technologies as they become available.


3. Security Commitments to Registrants


3.1 Protection of Investment

With the commercialisation of the Internet, domain names have become valuable assets. Domain names are no longer simply a more or less convenient handle for cryptic IP addresses, but as brands they have become the base for whole businesses worth millions to billions. Also, with domain names, lifestyles (ʺtwitterʺ, ʺfacebookʺ generations) and communities are associated. Therefore, the loss, abuse or unavailability of a domain name, be it temporary or permanently, may cause significant damage to the domain name registrant.

The .eus Registry fully recognises this. With its highly developed technical and administrative security framework, .eus Registry has taken the necessary measures to protect the investments of registrants in their names. Due to the domain auto-renew mechanism, a valid domain is never deleted by the registry itself. In addition, the Redemption Grace Period provides extra protection if a request to delete the domain is inadvertently issued by the registrant himself or by the entrusted registrar. Also, if it can be proven that a domain has been illegally moved to a different registrant, this is reverted by the registry to original state.


3.2 Adherence to Registration Policy

The registration policy clearly defines the conditions by which potential registrants may register domain names. The registrants can rest assured that the registry strictly adheres to these rules. In detail,

* The registry guarantees equal opportunity if multiple registrants meet the registration conditions in the same way.
* The registry applies a clear procedure for handling violations of the registration policy. The registrant has the ability to correct the violations before further actions are taken by the registry; he has also the right to appeal if he believes that the grounds for the registryʹs decisions are invalid.
* The registry maintains its neutrality in conflicts, unless forced by ICANNʹs Uniform Dispute Resolution Policy (UDRP), Uniform Rapid Suspension (URS) and Registry Restrictions Dispute Resolution Procedure (RRDRP).


3.3 Privacy of Registrant Data

While the registry is strongly committed to data protection and privacy, only limited commitments can be made with respect to registrant data. This is owed to various requirements imposed by ICANN for the right to operate the registry.

First, the registry is required to provide so-called Registration Data Directory Services (RDDS). On the one hand, this allows the anonymous public to retrieve information on the registrant of a domain name. The registry tries to mitigate the impact by taking measures against data mining and by fully supporting EPPʹs disclosure settings, which allow the registrant (via the registrar) to restrict the exposure of specific data fields (within the limits of ICANN requirements).

On the other hand, as part of the RDDS, the registry is also required to grant access to the data to eligible users and institutions with legitimate interest, not limited to law enforcement agencies. The registry will monitor the activities of these entities and will withdraw the access if there are indications of excessive or abusive use.

Second, the registry has to give access to the registrant data to ICANN as part of the escrow requirement. While the data is encrypted by a public key of ICANN and thus safe from access by third parties, no guarantees can be given about the data handling by ICANN.

The registry adds a declaration about the data handling to the registration agreement in order to make a potential registrant aware of the limited privacy.