Re: [gnso-ff-pdp-may08] Proposed solutions

[Dave Piscitello <dave.piscitello@xxxxxxxxx>]

Paul,

You questions are appropriate and are familiar to those of us who work with the 
APWG on the Accelerated Suspension Plan.

Let's assume that it is possible to create an accreditation program, that it 
can be paid for, that credentials can be issued, and that the program has an 
indemnification/liability component. Such programs have been created many times 
before. There are many models, and if we were to recommend such a program, I 
suspect a different and perhaps more appropriately qualified working group than 
ours could be formed to develop one.

Now, who enforces? I think Joe's correct that the registrar is (currently) the 
sweet spot but I also think that the solution must consider the possibility of 
a non-responsive registrar. So I think an "escalation" model is appropriate, 
where an accredited party can demonstrate a registrar is non-responsive and the 
registry can take action.

[As an aside, I do think that the liability worry, while present, will prove in 
practice to be a non-issue. In fact, having accredited responders could further 
reduce the likelihood of a false positive. But this is a bar conversation so 
I'll set it aside.]

On 7/31/08 4:11 PM, "Diaz, Paul" <pdiaz@xxxxxxxxxxxxxxxxxxxx> wrote:

Joe's proposal may seem straight forward, but it actually raises several
concerns:

Should such enforcement be handled at the registrar or the registry
level?

How will the recipient of a complaint verify the bona fides of the
complainer?

What information will be required to put a "documented" domain on
(Registrar or Registry) Hold status?

Besides the WDPRS model, have you considered something like the APWG's
proposed Accelerated Suspension Plan?  If so, what will the
accreditation criteria look like?

Who pays for any of this?  How?

Who will indemnify the enforcer for any liabilities?


The list could go on.  I am not trying to be obstructionist, and realize
that we're supposed to be discussing proposed solutions.  I just think
that we need to more fully develop any suggestions that would target a
single entity in this process when they are posted to the list.

Regards, P

-----Original Message-----
From: owner-gnso-ff-pdp-may08@xxxxxxxxx
[mailto:owner-gnso-ff-pdp-may08@xxxxxxxxx] On Behalf Of Joe St Sauver
Sent: Thursday, July 31, 2008 2:23 PM
To: dave.piscitello@xxxxxxxxx
Cc: gnso-ff-pdp-May08@xxxxxxxxx
Subject: Re: [gnso-ff-pdp-may08] Proposed solutions


Dave mentioned:

#Can we agree at the outset of this discussion that there is no single
#security measure that defeats fast flux and that the solution, like the

#definition, is multi-faceted, each measure contributing in some way to
#reducing the threat?
#
#I'll be frank. I want to preempt another long discussion of TTLs. I am
#happy to include a bullet item "TTL monitoring and analysis" as item 1
#on the list but let's go through the discipline of enumerating all the
#measures we can think of, as we did with the definition.

In my painfully direct sort of way, I believe that what's ultimately
needed will be for registrars to accept complaints about fastflux
domains, acting on documented evidence supplied by the complainant
to "HOLD" documented fastflux domains. (Envision something like
http://wdprs.internic.net/ but for reporting fastflux domain names)
Procedurally, as part of that, I believe a domain name owner should have

a mechanism or channel for appealing a fastflux determination, although
I strongly suspect that appeals would be likely be quite rare. :-;

Regards,

Joe