I think this survey that's being done now is a really good example of how you really, in this non-profit environment, you really need to kind of take the time to understand what people think and to take advice and to plan over a longer period.
TWNIC shouldn't try to cover everything for everyone. That would be a mistake. But the sort of the challenges or the questions that relate to TWNIC's core business will keep increasing. …they just will need to keep responding to that sort of demand for more engagement with policies in Taiwan.
I think that's an opportunity there as well for things to move forward, maybe even for Taiwan to, and this would be with TWNIC as a participant, for Taiwan to present models of multi-stakeholder internet governance at the Taiwan level that others could also learn from.
So I think TWNIC is already taking that action anyway by actively participating in a lot of these multi-stakeholder model type IG spaces. So I think continuing doing that would be good. Just sharing their voices and input.
And hopefully also, maybe there are opportunities for TWNIC to help internationally where there are countries that are interested in having help in this area from Taiwan, that there would be opportunities on that level if TWNIC wished to increase its international profile in those sorts of cases.
I think the costs of doing that work properly are going to continue increasing, but they only also make TWNIC more important and give it a better profile and a clearer role in Taiwan, I think.
IPv6 as a global trend is continuing to be deployed. It's not going to be done until it reaches 100% of deployment.
So I think we need to continually treat IPv6 as a constant present challenge and not something that just because we've hit 40%, it's going to just keep growing automatically. I think we need to be more smart and kind of careful than that.
So I'd put IPv6 on the priority list and just suggest not to forget the priority that it still is to keep supporting deployment, to keep supporting training and capacity building in Taiwan.
in terms of the technical layer, how we can put in domain names in Chinese language, for all those work, TWNIC is heavily involved, which is great. But I guess promoting the use of IDNs, we can definitely work better together.
there's something called the next round of new gTLD applications. So maybe, I think what I heard is there are Taiwanese community that's interested. So I guess looking out for that progress is also important for the Taiwanese community because in general now we are about two to three years away from the next round of opening. So they would probably want to kind of keep an eye on the progress so that they know roughly when they could look into applications.
那在TWNIC本身,或許就是能夠更專注在他目前現有的業務上面。
所以他們(TWNIC)對這塊,有一定的資安防護機制,所以他們會比較Focus在DN的資安防護,這塊是他們主要要強化的地方。如果他TWCERT/CC如果不做的話,以TWNIC的角度,就DN這塊就一定要顧到。
希望他們能堅守他捐助章程第二條的那個服務宗旨就好了。當然有什麼政策需要TWNIC協助的話,可以在他們做得到的範圍去做協助,就是不要逾越他們的宗旨的範圍。
我很期待就是接下來,TWCERT跟TWNCERT結合之後,它能夠發揮在公私協力上的效益......你手邊有更多的資訊,就越有機會做出對各單位有參考價值的分析去分享出去。
如果對民間宣導,我們可以把訊息透過它來宣導,然後希望把這個品牌可以營造起來,然後大家就信任它。就像防詐騙大家都找165,對不對,以後資安有問題,民間企業就想到CERT/CC。如果你可以把這品牌做出來然後大家有信任度、有公信力,它可以提供很多最新的訊息,甚至它提供一些服務,其實對整個國家資安是有幫助的。
有些機關好像對這個自律機制的限制條件不太清楚。那就譬如說他(RPZ)封是封網域不是封網頁,然後要有什麼標準的法律程序才能處理。可能有的機關覺得這個工具很好用,......想要用這個快速的機制,去請TWNIC走這個RPZ封網......如果他們再多加的對外宣導這個機制,要怎麼啟動,就不會讓外界有錯誤的期待。
之前有域名透過RPZ去停止解析,可是後來好像是封錯了。透過一些管道去請他恢復,過程也蠻複雜......所以說可以請他們建立這個,強化申訴的機制,對於處分相對人提出的申請,他們應該要有個程序去做,讓人家恢復的一個程序。
我看TWNIC其實也會對整個網路的韌性,有一些發表......那在這一部分,能不能夠給政府單位更多的政策建議或是研究。像我記得前幾年有一個類似的議題,我們台灣的 ASN 集合度是相當高的,那這個其實對韌性來講,不見得是一個好事。那像這樣子的議題要怎麼樣讓他們可以提出來,形成政策建議,然後最後可能真的能夠做成一個政策。我覺得這就是非常價值的,就不是讓他只是在一個議題階段。
我真的覺得TWNIC跟CERT/CC在做這件事是非常有價值的。......就是我還是會期待TWNIC在網路安全的宣導跟提升網路安全的意識這件事情上是有一個角色的。
DDoS阻斷式服務工具以往是打網站、打系統,但今年開始打DNS服務,他是打機關自建的DNS服務。但是我們整個國家的DNS服務,是建在TWNIC這邊,如果他自己這DNS服務管得不好,比如說駭客的攻擊,整個DN亂掉,其實系統是連不上去。
協助一些民間組織和機關把DNS,如果是有自建部分,把這個資安防護做好。
那就可能更多人去care這件事情,更多人care,我們的立場才有機會更明確方向。就算我們政府單位有在培養,但是我們有多少人可以出去跟外國人討論或是談判這件事情,在需要越來越多的情況下。