RE: [gnso-ff-pdp-may08] Comments on Section 6.1, lines 486-516

["Greg Aaron" <gaaron@xxxxxxxxxxxx>]

Lines 508-510 say:
"The RyC points out that some of the solutions discussed by the Working
Group "are currently impossible, or would require significant revisions to
DNS protocols, or would require significant upgrades in deployed resolver
code."

Following that text, Joe suggested adding:
"Contrary to that perspective, working group members have described how
required solutions can be implemented using existing record types and the
existing/deployed resolver code base, so that protocol changes and changes
to installed software is not required. See, for example:
http://forum.icann.org/lists/gnso-ff-pdp-may08/msg00085.html "

Note that the RyC said "some" solutions.
Some of the problematic solutions that were suggested included:
*  limiting TTL lengths (short TTLs are explicitly allowed by the DNS
RFCs...)
*  making registries monitor flux (they can't see single-flux in the
registry, for example...)   
* There was implication in the Issues Paper that registry operators might
increase the TTL on the delegation RRset in order to "thwart fast flux
hosting".  Experimentation would be required to confirm this, but as far as
the DNS protocol standards are concerned that is not, in fact, a viable
approach. Any long TTL specified (for example) in a TLD zone in the NS set
for a domain would be overwritten in resolvers' caches -- unless resolver
code is changed.

So Joe, I guess the sticky parts are:
A.  "Contrary to that perspective" is not needed, since it's not contrary,
and 
B.  I don't think there's consensus that using TXT records is a "required
solution."

All best,
--Greg 





-----Original Message-----
From: owner-gnso-ff-pdp-may08@xxxxxxxxx
[mailto:owner-gnso-ff-pdp-may08@xxxxxxxxx] On Behalf Of Joe St Sauver
Sent: Tuesday, September 02, 2008 3:45 PM
To: gnso-ff-pdp-May08@xxxxxxxxx
Subject: [gnso-ff-pdp-may08] Comments on Section 6.1, lines 486-516


Lines 486-489:

   "The Ryc, NCUC and RC members all recognise that fast flux is being used 
   by miscreantsinvolved in online crime to evade detection, but at the 
   same time question whether ICANN is the appropriate body to deal with 
   this issue. All three emphasize that it is not in ICANN's remit to 
   act as an extension of law enforcement or put registries or registrars
   in this position."

I would suggest the addition of

   "Some members of the working group suggest that ICANN/the registries/
   the registrars are not being asked to act as an extension of law
   enforcement, but rather are merely being asked to facilitate 
   compliance with existing laws and regulation when ICANN/the
   registries/the registrars are uniquely situated to do so."

Lines 495-499:

   "Furthermore, the RyC points out that any GNSO policy initiative 
   would have very limited impact as it would "only be applicable to 
   gTLD registries and registrars, while ccTLD domain names are also used 
   for fast flux hosting, which compromise almost half of the domain 
   names on the Internet". ICANN policy could then simply be circumvented 
   by switching to ccTLD domain names."

Following that text, I would suggest the addition

   "The rejoinder from some members of the working group is that while 
   GNSO is not responsible for administering ccTLD policy, by showing 
   leadership in administration of gTLD domains policies (including 
   policies dealing with fastflux), GNSO actions may indirectly influence 
   the ccTLD policy development process."

Lines 501-503:

   "The RyC, NCUC and RC members all point to the lack of data and the 
   absence of supporting evidence outlining the scope of fast flux which 
   is a necessity in order to balance cost -- benefit of any potential
   solutions."

Following that text I would suggest adding:

   "At least one participant in the working group notes that substantial
   data was offered to the working group, both with respect to fast flux
   usage, and the costs associated with malicious activity facilitated
   by fast flux techniques."

Lines 508-510:

   "The RyC points out that some of the solutions discussed by the 
   Working Group "are currently impossible, or would require significant 
   revisions to DNS protocols, or would require significant upgrades in 
   deployed resolver code."

Following that text, I would suggest adding,

   "Contrary to that perspective, working group members have described
   how required solutions can be implemented using existing record 
   types and the existing/deployed resolver code base, so that protocol
   changes and changes to installed software is not required. See, for 
   example: http://forum.icann.org/lists/gnso-ff-pdp-may08/msg00085.html "

Alternatively, if folks believe that the constituency statements should
not be subject to comment, I'd be okay with the omission of the section
6 recap/summary, allowing the constituency statements to just stand on
their own, unaltered/uncommented, as appendicies.

Regards,

Joe

Disclaimer: all opinions strictly my own