Re: [dssa] Interesting article -- probably out of scope for us, but FYI

[Cheryl Langdon-Orr <langdonorr@xxxxxxxxx>]

I agree absolutely with this approach for our WG...  and for the need of a
brief explanatory note regarding this in our Report...

Cheryl Langdon-Orr
(CLO)



2011/9/15 Jörg Schweiger <schweiger@xxxxxxxx>

> All,
> I'd opt for not including  both typosquatting and confusability (as
> described in the Ars Tecnica article).  As it seems to be consensus to
> omit the first, I think even the latter would lead us to a very broad
> definition of the terms stability, security and resiliency (I very well
> realize that this "interpretation" would be in line with the respective
> definition of the SSAC of those terms, but will challenge them for this WG
> as well.)
> Confusability is not  targeted at "the DNS per se", and therefore should
> be considered out of scope. I'd agree to Patrick vdW to mention those
> kinds of vulnerabilities in our final report.
>
> regards -J
>
>
> owner-dssa@xxxxxxxxx schrieb am 14.09.2011 09:50:09:
>
> > Von: Patrik Fältström <paf@xxxxxxxxx>
> > An: <patrick@xxxxxxxxxxxxxx>
> > Kopie: <dssa@xxxxxxxxx>
> > Datum: 14.09.2011 09:51
> > Betreff: Re: [dssa] Interesting article -- probably out of scope for us,
> but FYI
> > Gesendet von: owner-dssa@xxxxxxxxx
> >
> > Just explain what is not included (typosquatting) and what is
> (confusability) [and what the difference is].
> >
> > I.e. I think DSSA must explain why ICANN is evaluating confusability
> issues, and what that have to do with stability and security.
> >
> >    Patrik
> >
> > On 14 sep 2011, at 08:44, Patrick Vande Walle wrote:
> >
> > I tend to agree with Jim.
> > Clearly, the sort of typosquatting mentioned in the Ars Tecnica is not
> something the ICANN community can do something about.
> > We may want to mention in the final report a non-exhaustive list of what
> behaviours we considered being out of scope. At least,
> > that would acknowledge that we looked at them.
> > Patrick Vande Walle
> >
> > On Wed, 14 Sep 2011 07:11:35 +0100, James M Galvin wrote:
> > This is not a "don't go down too deep issue", it really is out of scope.
> >
> > The distinction that I think is important is that we are chartered to
> > consider DNS security and stability issues, not issues for which the
> > DNS can be used for nefarious or malicious purposes.  The fact that one
> > can do bad things with the DNS does not make the DNS bad.  Even DNSSEC
> > does not help the problem being described because it's not a DNS
> > problem.
> >
> > It might be worth a short discussion of this distinction in our final
> > report.
> >
> > Jim
>
>