ICANN Email Archives: [dssa]

ICANN ICANN Email List Archives

[dssa]

<<< Chronological Index >>> <<< Thread Index >>>

Re: [dssa] Interesting article -- probably out of scope for us, but FYI

To: Patrik Fältström <paf@xxxxxxxxx>
Subject: Re: [dssa] Interesting article -- probably out of scope for us, but FYI
From: Jörg Schweiger <schweiger@xxxxxxxx>
Date: Wed, 14 Sep 2011 17:43:12 +0200

All,
I'd opt for not including  both typosquatting and confusability (as 
described in the Ars Tecnica article).  As it seems to be consensus to 
omit the first, I think even the latter would lead us to a very broad 
definition of the terms stability, security and resiliency (I very well 
realize that this "interpretation" would be in line with the respective 
definition of the SSAC of those terms, but will challenge them for this WG 
as well.)
Confusability is not  targeted at "the DNS per se", and therefore should 
be considered out of scope. I'd agree to Patrick vdW to mention those 
kinds of vulnerabilities in our final report.

regards -J


owner-dssa@xxxxxxxxx schrieb am 14.09.2011 09:50:09:

> Von: Patrik Fältström <paf@xxxxxxxxx>
> An: <patrick@xxxxxxxxxxxxxx>
> Kopie: <dssa@xxxxxxxxx>
> Datum: 14.09.2011 09:51
> Betreff: Re: [dssa] Interesting article -- probably out of scope for us, 
but FYI
> Gesendet von: owner-dssa@xxxxxxxxx
> 
> Just explain what is not included (typosquatting) and what is 
(confusability) [and what the difference is].
> 
> I.e. I think DSSA must explain why ICANN is evaluating confusability 
issues, and what that have to do with stability and security.
> 
>    Patrik
> 
> On 14 sep 2011, at 08:44, Patrick Vande Walle wrote:
> 
> I tend to agree with Jim.
> Clearly, the sort of typosquatting mentioned in the Ars Tecnica is not 
something the ICANN community can do something about.
> We may want to mention in the final report a non-exhaustive list of what 
behaviours we considered being out of scope. At least, 
> that would acknowledge that we looked at them. 
> Patrick Vande Walle
> 
> On Wed, 14 Sep 2011 07:11:35 +0100, James M Galvin wrote:
> This is not a "don't go down too deep issue", it really is out of scope.
> 
> The distinction that I think is important is that we are chartered to 
> consider DNS security and stability issues, not issues for which the 
> DNS can be used for nefarious or malicious purposes.  The fact that one 
> can do bad things with the DNS does not make the DNS bad.  Even DNSSEC 
> does not help the problem being described because it's not a DNS 
> problem.
> 
> It might be worth a short discussion of this distinction in our final 
> report.
> 
> Jim

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: [dssa] Interesting article -- probably out of scope for us, but FYI
  - From: Cheryl Langdon-Orr

References:
- [dssa] Interesting article -- probably out of scope for us, but FYI
  - From: Mike O'Connor
- RE: [dssa] Interesting article -- probably out of scope for us, but FYI
  - From: Greg Aaron
- Re: [dssa] Interesting article -- probably out of scope for us, but FYI
  - From: Mike O'Connor
- Re: [dssa] Interesting article -- probably out of scope for us, but FYI
  - From: James M Galvin
- Re: [dssa] Interesting article -- probably out of scope for us, but FYI
  - From: Patrick Vande Walle
- Re: [dssa] Interesting article -- probably out of scope for us, but FYI
  - From: Patrik Fältström

<<< Chronological Index >>> <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy