Re: [gnso-ff-pdp-may08] Proposed additional text, section 5, following line 363

["Mike O'Connor" <mike@xxxxxxxxxx>]

i'm going to issue a "possible minority view" tag on this one.  there 
was nothing approaching consensus around these points.
At 01:02 PM 9/2/2008, Joe St Sauver wrote:

> --=======AVGMAIL-48BD85F30000=======
> Content-Type: text/plain; charset=us-ascii
>
>
> Section 5, lines 358-363, PDF pages 16-17, reads:
>
>    "Note:  The WG did not answer the following charter-questions due to
>    the lack of:
>
>       o A robust technical, and process, definition of "fast flux"
>       o Reliable techniques to detect fast flux networks while avoiding
>         false positives,
>       o Reliable information as to the scope and penetration of fast flux
>         networks,
>       o Reliable information as to the financial and non-financial impact
>         of fast flux networks
>
> I would propose the addition of the following text after line 363:
>
>    "Some members of the working group believe that the Mannheim fast flux
>    score formula would provide a robust and mechanically applicable
>    definition of "fast flux" which would minimize false positives, and
>    believe that the use of whitelisting plus manual review can eliminate
>    any remaining potential false positives.
>
>    "The working group received multiple offers of fast flux-related data
>    from <insert list of fastflux data sources here [I'm aware of at least
>    two or three, but I'll defer to the data collection subcommittee for a
>    definitive list]>. The working group accepted [or rejected] data from
>    those sources, and [did what with it?], finding [what?]. Those interested
>    in working with that data can apply to obtain access to it by contacting
>    [who?]
>
>    "While it may not be possible to definitively distinguish the costs of
>    cybercrime associated with fast flux from the costs of cybercrime
>    conducted separate from fast flux, the working group did receive
>    reports on aggregate estimates of cybercrime-related costs, and even
>    if a fraction of 1% of all cybercrime can be tied to fastflux, the
>    costs would be staggering. Moreover, at least in some cases such as
>    the use of fast flux to distribute child pornography, there are
>    substantial non-financial human costs which should also be recognized."
>
> Regards,
>
> Joe
>
> Disclaimer: all opinions strictly my own
> --=======AVGMAIL-48BD85F30000=======
> Content-Type: multipart/alternative;
>         boundary="=======AVGMAIL-48BD85F30000======="
>
> --=======AVGMAIL-48BD85F30000=======
> Content-Type: text/plain; x-avg=cert; charset=us-ascii
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: inline
> Content-Description: "AVG certification"
>
>
> No virus found in this incoming message.
> Checked by AVG - http://www.avg.com
> Version: 8.0.169 / Virus Database: 270.6.14/1647 - Release Date: 9/2/2008 6:=
> 02 AM
>
> --=======AVGMAIL-48BD85F30000=======--
>
> --=======AVGMAIL-48BD85F30000=======--