<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: The Registrants question (was: Re: [gnso-ff-pdp-may08] Draft - How are registrants affected by fast flux hosting?)
- To: joe@xxxxxxxxxxxxxxxxxx
- Subject: Re: The Registrants question (was: Re: [gnso-ff-pdp-may08] Draft - How are registrants affected by fast flux hosting?)
- From: Eric Brunner-Williams <ebw@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 17 Jul 2008 20:12:34 -0400
Joe,
If I wanted to write about spam, I would have. Instead I wrote about
"the registrants" from the perspective of a registry, and registrar.
They are our customers, and the claim that they are affected -- in their
capacity as registrants -- and in no other -- is the (possibly poorly
posed) question. We registrars do get the hijack reports, the registrant
complaints, and to the best of my knowledge, there is very very very
weak correlation between domains associated with the (still murky)
definition of "fastflux" and loss by any means of customer domains
(customer error and misunderstaing included).
So, for the record, I claim a the correct probability is wicked close to
zero. Your claim is _exactly_ what, other than wicked bigger?
There is another (also possibly poorly posed) question about the affect
upon "internet users" (I'm writing this from memory). Perhaps you could
make the case that all or a statistically significant subset of
"internet users" (or whatever) are affected by spam which is associated
with the (still murky) definition of "fastflux", but who were not
affected by spam not associated with the (still murky) definition of
"fastflux". Personally I think that will shake out the same, but its
your spam, so run with it.
Eric
Joe St Sauver wrote:
Eric mentioned:
#So when we chat about the harm to registrants, meaning somehow the
#direct harm to registrants by the operations of third-parties who's
#activities meet the (still murky) definition of "fastflux", it would be
#helpful to distinguish direct harm which appears so statistically small
#as to be difficult to detect by even very large random samples, and
#indirect or conjectured harm.
#
#Harmful, but wicked rare. As a motivation for policy development, I
#don't think it is compelling. Of course, there may be better (smaller)
#estimates of the size of the universe of registrants, and better
#(larger) estimates of the number of domain names used by activities
#which meet the (still murky) definition of "fastflux", and correction is
#welcome.
Let's consider another abuse phenomenon: spam.
Spamhaus estimates that just 100 known spam operations are responsible
for 80% of the world's spam (see http://www.spamhaus.org/rokso/index.lasso ).
But if there are "only" 100 spam operations, then from a "risk management"
perspective, obviously we should just ignore/absorb/deny/deflect/spin doctor
the abuse resulting from "just" those 100 spam operations -- surely the
damage from "just" those 100 spam operations must be minimal, right? <cough>
I don't think so when it comes to spam, or when it comes to fastflux. We
as a community have a problem, and we should focus on properly describing
it and looking at ways to fix it.
Regards,
Joe
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|