Re: [gnso-ff-pdp-may08] Information based solutions instead of policy based solutions

[Dave Piscitello <dave.piscitello@xxxxxxxxx>]

Now for the second thread you began here.

You ask

      "*Should* ICANN take on this
issue, or should ICANN and the registrar community do nothing
in response to the fastflux problem, leaving any response to
national regulators or local/national/international law
       enforcement agencies?"

I wonder if saying "ICANN and the registrars" limits the choices. What if you 
said "or", and what if the ICANN community were to consider it appropriate for 
registrars to exercise a bit more autonomy in regard to dealing with abuse? 
Should a registrar (or registry) be able to certify "approved responders" and 
take accelerated measures based on the trusted reporting of such parties? This 
is pure speculation on my part, speaking as an individual, not ICANN employee. 
I am simply suggesting that we put all the alternatives on the table and if 
some are horrible ideas, we toss them with the knowledge we've explored as many 
as we were able to imagine.

On 7/13/08 9:17 PM, "Joe St Sauver" <joe@xxxxxxxxxxxxxxxxxx> wrote:



#But I agree with Mike that we ought to clearly describe the problem
#we are trying to solve.

How about:

"Context:

<insert definition of fastflux hosting here>

"Miscreants are using fastflux hosting to support their criminal
activities when more conventional hosting is unavailable or
undesirable.

"Fastflux hosting is based on the systematic abuse and surreptitious
exploitation of 3rd party systems and network resources without the
informed consent of the owner of those resources.

"The software that enables fastflux hosting is surreptitiously
installed on consumer systems because if users or their ISPs were
aware of what was being done to them, and through the use of their
PCs, they would do their best to stop it.

"In most cases, however, only the domain name registrar or
registration service provider can cause a fastflux domain to be
taken down.

"Questions:

"What, if anything, can ICANN or the operational community do
in response to this phenomena? *Should* ICANN take on this
issue, or should ICANN and the registrar community do nothing
in response to the fastflux problem, leaving any response to
national regulators or local/national/international law
enforcement agencies?

"Can effective technical steps be taken to prevent criminal
exploitation of fastflux approaches while not foreclosing
operationally important and non-criminal uses of short TTLs
and other adaptive/less-traditional DNS-based techniques?"

Regards,

Joe

Disclaimer: all opinions strictly my own