ICANN ICANN Email List Archives


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [gnso-ff-pdp-may08] Comment References, Interim Conclusions and Next Steps

  • To: <icann@xxxxxxxxxxxxxx>
  • Subject: Re: [gnso-ff-pdp-may08] Comment References, Interim Conclusions and Next Steps
  • From: Rod Rasmussen <rod.rasmussen@xxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 3 Jun 2009 01:43:07 -0700

I think Mike has done a good job of cleaning up some stuff here, but may have some more controversial deletes - nothing I see as a show stopper, but should be discussed.

I have a couple of thoughts to add in here.

In conclusions, I think we had an important consensus that, "any automated technique for detecting fast flux domains requires human interpretation of the results and examination of the evidence to confirm the presence of malicious or proscribed activities."

I would also add this thought to conclusions - perhaps right after Mike's comment about a neutral third party for determination of a malicious FFLUX domain:

Such a process could be devised to detect malicious FFLUX domains, however, those domains would still require some form of mitigation in order to end or prevent the undesired activity. Depending on the nature of the fluxing configuration, many disparate providers could potentially be involved, from a domain registry or registrar, to DNS or hosting service providers. The working group reached no consensus on which party or parties would be best suited to handle such mitigation work, but notes that in practical terms, such mitigations are already occurring in practice, but in an uncoordinated, uneven, or even arbitrary manner. Some proposals do exist for creating a balanced process across-the-board for handling malicious domain registrations in general and merit further consideration for potential solutions to this particular issue. <This last sentence may be better in the recommendations section>.

In the recommendations section, I think we should definitely point out that some domain name registries and registrars have already implemented contractual language that addresses the issue, and that is another way to attack the problem. (no specific text here - just a thought extension that we need to cover, and there are a few places that could be added).

Also, please excuse the bit of APWG self-serving here, but I would point out that a specific mitigation framework has been proposed for .ASIA (and now others) in conjunction with the APWG that would allow for quick mitigation of malicious FFLUX domains and could be looked at as a general model for incident handling.

OK, please don't shoot me for a "new" thought here, but one role that ICANN could take on is the "best practices facilitator". The idea being that ICANN (the formal company) keeps a current list of consensus-based best practices that could be used by various contracted parties, ensures that these are evangelized to those parties, and then does audits of if/how they are being used and reports findings based on those audits. I'm just trying to think of ways to get past the old cliché of "everyone should follow best practices" and put some meaning/incentive to actually doing so. I'm also trying to think of practical roles for ICANN itself to play in this.


Rod Rasmussen
President and CTO
Internet Identity
1 (253) 590-4088

On Jun 2, 2009, at 10:09 AM, Mike Rodenbaugh wrote:

Hi Greg, that may depend on which version of Word you use, and what view you are in. On my copy, my edits are in blue, James' in red. When I mouse over
the edits, it clearly shows who made them.


-----Original Message-----
From: owner-gnso-ff-pdp-may08@xxxxxxxxx
[mailto:owner-gnso-ff-pdp-may08@xxxxxxxxx] On Behalf Of Greg Aaron
Sent: Tuesday, June 02, 2009 9:54 AM
To: icann@xxxxxxxxxxxxxx; 'fast flux fast flux'
Subject: RE: [gnso-ff-pdp-may08] Comment References, Interim Conclusions and
Next Steps

Mike, I am not sure which edits are yours. Can you give me an example of your changes, so I can distinguish them from the others? I think this doc
has edits by two or three hands?

All best,

-----Original Message-----
From: Mike Rodenbaugh [mailto:icann@xxxxxxxxxxxxxx]
Sent: Tuesday, June 02, 2009 12:38 PM
To: 'fast flux fast flux'
Subject: RE: [gnso-ff-pdp-may08] Comment References, Interim Conclusions and
Next Steps

I have suggested edits to James rework of Secs 8/9, on attached.


Mike Rodenbaugh
Rodenbaugh Law
548 Market Street
San Francisco, CA  94104

-----Original Message-----
From: owner-gnso-ff-pdp-may08@xxxxxxxxx
[mailto:owner-gnso-ff-pdp-may08@xxxxxxxxx] On Behalf Of James M. Bladel
Sent: Sunday, May 31, 2009 1:40 PM
To: marika konings; fast flux fast flux
Subject: [gnso-ff-pdp-may08] Comment References, Interim Conclusions and
Next Steps


Apologies for the delay on these materials.My schedule got away from me
beginning on Thursday, and so this task was pushed to the weekend.

In any event, please find attached two separate documents.  The first
(spreadsheet) attaches references for the views of the WG on comments
received in response to the Initial Report. Please note that these are in no way an attempt to re-categorize the comments. Instead, the goal is to find the smallest number of sections / topics that sufficiently address -all- comments. I have included some sample language for each topic (needs further word-smithing), which can be used individually or worked into the
comment analysis summary.

Next, I have made many changes to section 8 ("Interim Conclusions") and section 9 ("Next Steps"). Please note that if you believe the text does not
accurately characterize the WG findings, or if there are significant
omissions, we can work through these on our call next Wednesday.

Thank you,


<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy