Re: [dssa] Interesting article -- probably out of scope for us, but FYI

[James M Galvin <jgalvin@xxxxxxxxxxxx>]

This is not a "don't go down too deep issue", it really is out of scope.

The distinction that I think is important is that we are chartered to 
consider DNS security and stability issues, not issues for which the 
DNS can be used for nefarious or malicious purposes.  The fact that one 
can do bad things with the DNS does not make the DNS bad.  Even DNSSEC 
does not help the problem being described because it's not a DNS 
problem.
It might be worth a short discussion of this distinction in our final 
report.
Jim



-- On September 13, 2011 3:31:31 PM -0500 Mike O'Connor 
<mike@xxxxxxxxxx> wrote regarding Re: [dssa] Interesting article -- 
probably out of scope for us, but FYI --
> yep,  i get that.
>
> i think one thing we might want to consider is building out a list of
> attack vectors that infrastructure-providers might want to apply
> best-practices to.  this fits with Cheryl's "not following
> best-practices" bucket that we created in the Vulnerabilities draft a
> few calls back.  it also kinda takes me back to the best-practices
> discussion we had on the RAP working group and the notion that ICANN
> might be a good place to call attention to these sorts of things, and
> keep track of good resources/standards/models etc.
>
> but i agree -- we don't want to go too deep down these issues or
> we'll never finish.
>
> mikey
>
> On Sep 13, 2011, at 11:22 AM, Greg Aaron wrote:
>
> >
> > Hi, Mikey.  I think typosquatting's out of scope, full stop.  By
> > allowing that example in, we'd be allowing virtually any kind
> > security problem or threat vector back into scope again, simply if
> > it was directed against a registry operator.  That is too much; a
> > rabbit hole we'd never emerge from.
> >
> > A lot of things come down to following good IT and administrative
> > practices, like: having a fundamentally sound network architecture,
> > not losing one's passwords, and using the UDRP or legal mechanisms
> > when you need to.  There are bodies who do IT best practices better
> > than we do, and ICANN's not in a position to explore all that kind
> > of stuff.
> >
> > All best,
> > --Greg
> >
> >
> >
> >
> > -----Original Message-----
> > From: Mike O'Connor [mailto:mike@xxxxxxxxxx]
> > Sent: Tuesday, September 13, 2011 8:31 AM
> > To: dssa@xxxxxxxxx
> > Subject: [dssa] Interesting article -- probably out of scope for
> > us, but FYI
> >
> >
> > hi all,
> >
> > i thought some of you (being that we're a gaggle of security type
> > people) might be interested in this article about typosquatting
> > domain names as a way to passively harvest sensitive email.
> >
> >    
> > http://arstechnica.com/business/news/2011/09/researchers-typosquatt
> > ing-sna rfed-20gb-worth-of-fortune-500-e-mails.ars
> >
> > given that we're testing our "scope" rules this week, i thought i'd
> > also use this as a test case.  i would think that the general
> > use-case of this would be out of scope (malicious use of a domain
> > name).  but it would be in scope if it were used as an attack
> > vector on a registry or registrar. right?
> >
> > so does that mean that we should build a section of our report that
> > collects these attack-vectors for possible inclusion in a "best
> > practices" section?
> >
> > food for thought, low priority.
> >
> > mikey
> >
> > PS -- i have the corp.com domain, which started getting masses of
> > this kind of email as soon as i registered it in the mid-'90's.  i
> > didn't realize it until i wildcarded the MX for the domain one day
> > and immediately crashed my server.  for example, somebody would
> > mis-address mail to HRDept@xxxxxxxxxxxx rather than the correct
> > HRDept@xxxxxxxxxxxx. so there are other variants of this
> > vulnerability and perhaps an opportunity for somebody to do a great
> > good deed by educating folks about this.  btw, i immediately
> > dropped the MX record out of that domain.  :-)
> >
> > - - - - - - - - -
> > phone      651-647-6109
> > fax                866-280-2356
> > web        http://www.haven2.com
> > handle     OConnorStP (ID for public places like Twitter, Facebook,
> > Google, etc.)
>
> - - - - - - - - -
> phone   651-647-6109
> fax             866-280-2356
> web     http://www.haven2.com
> handle  OConnorStP (ID for public places like Twitter, Facebook,
> Google, etc.)