ICANN ICANN Email List Archives

[gnso-ff-pdp-may08]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [gnso-ff-pdp-may08] Saturday Harms

  • To: Eric Brunner-Williams <ebw@xxxxxxxxxxxxxxxxxxxx>
  • Subject: Re: [gnso-ff-pdp-may08] Saturday Harms
  • From: RLVaughn <RL_Vaughn@xxxxxxxxxx>
  • Date: Mon, 21 Jul 2008 14:08:25 -0500

Eric Brunner-Williams wrote:
On 01/15/2005 07:27:31 Steve Bellovin wrote the following to NANOG:

   /panix.com has apparently been hijacked. It's now associated with a
   different registrar -- melbourneit instead of dotster -- and a
   different owner. Can anyone suggest appropriate people to contact to
   try to get this straightened out?
   /


Shortly thereafter I replied:

   /I've forwared to Bruce Tonkin, who I know personally, at MIT, and
   Cliff Page, who I don't know as well, at Dotster, Steve's note.
   These are the RC reps for each registrar.
   /


The "harm" to me was that any mail I usually send to users@xxxxxxxxx wouldn't go where I expected. Note, I am not the Registrant of the domain name Panix.COM.
<snip - control list volume>


It is clear that Dave and Joe and Marc have one model for "who is 
harmed" and "how are they harmed", to use Mike's effort at synthesis, 
and I have another, and there isn't a lot a synthesis can do with the 
claim that "A is true" and the claim that "A is false", except to 
examine the basis for the evaluation of each claim (for which each claim 
is correct), and discard the basis for evaluation that leads to a 
conclusion inconsistent with the goal of the Working Group -- something 
consistent with the GNSO process, which as I mentioned in "Sunday 
Benefits", has to be consistent with this -- "ICANN doesn’t control 
content on the Internet. It cannot stop spam and it doesn’t deal with 
access to the Internet" -- so it seems likely to me, subject of course 
to eventual disproof, that "harms" are primarily defined by stakeholder 
relationship to other stakeholders within the multi-stakeholder 
institution.

Suddenly I see a lot of conditional probability hanging around
and once I put on my silly hat there is no end of it.  So, with
apologies,
the fact that the probability of event B is low under the
assumption of event A has occurred does not allow on to
draw the conclusion that the probability of event A occurring
is low.

Now for my risk management observation.  Accessing the risk of
the problem is only part of the process.  One must consider risk
and frequency in order to obtain an expectation of loss.  The
expectation of loss can be useful to determine an action plan.

One can not, however, develop risk assessments without regard
to observations of actual data.  For example,
<http://blogs.zdnet.com/security/?p=1394> describes the
activities of a VCHSN which compromised Playstation.com
via SQL Injection.  Yes, it is collateral damage but damage
none-the-less. Those registrants harmed by this network might be willing
to share their insights as to what harm they have suffered.


<snip>




<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy