GNSO Email Archives: [council]

ICANN/GNSO GNSO Email List Archives

[council]

<<< Chronological Index >>> <<< Thread Index >>>

[council] RE: Fast Flux Report - questions

To: "Rosette, Kristina" <krosette@xxxxxxx>, "council@xxxxxxxxxxxxxx" <council@xxxxxxxxxxxxxx>
Subject: [council] RE: Fast Flux Report - questions
From: Liz Gasster <liz.gasster@xxxxxxxxx>
Date: Fri, 18 Apr 2008 12:18:36 -0700
Accept-language: en-US
Acceptlanguage: en-US
In-reply-to: <3BA081BEFB35144DBD44B2F141C2C72704FDDFF1@cbiexm04dc.cov.com>
List-id: council@xxxxxxxxxxxxxx
References: <3BA081BEFB35144DBD44B2F141C2C72704FDDFF1@cbiexm04dc.cov.com>
Sender: owner-council@xxxxxxxxxxxxxx
Thread-index: Acigk1AZySRhnzE8QCytI/IOgO3ZTQA27XXg
Thread-topic: Fast Flux Report - questions

Kristina and all,

Following are responses below from staff where we can.  I believe some of your 
questions highlight the need for further study (possibly in more areas than 
we've identified in the report, as some of your questions suggest).

Happy to try to answer further where we can, if you have more questions.  I 
just want to note again too that given the short time frame to prepare the 
report, the breadth of sources we were able to draw upon were necessarily 
limited.  I really like your idea about noting sources and including a 
bibliography when we prepare issues reports in the future, and I'm going to add 
this as a suggestion in our GNSO improvements process so that we capture this 
idea to consider in the development of a new policy development process.

Liz

________________________________
From: owner-council@xxxxxxxxxxxxxx [mailto:owner-council@xxxxxxxxxxxxxx] On 
Behalf Of Rosette, Kristina
Sent: Thursday, April 17, 2008 7:00 AM
To: council@xxxxxxxxxxxxxx
Subject: [council] Fast Flux Report - questions


All,

Here are some initial questions/requests about the report.  I will forward 
additional questions soon.

Page 1:  The report states that staff "consulted other appropriate and relevant 
sources of information".  In the interest of transparency, I would appreciate 
having those sources be identified.   As a general note, it may be helpful to 
all readers of the report if the issues reports included a bibliography or 
sources consulted section.
LG -- staff considered the SAC Advisory (SAC 025) and I also consulted 
extensively with Lyman Chapin.  We referred to the email exchanges on the SSAC 
list during the period of time in which the SSAC folks were discussing fast 
flux and  preparing SAC 025, the presentations and transcripts from the SSAC 
workshops in Los Angeles (http://losangeles2007.icann.org/node/78)
and Delhi (http://delhi.icann.org/node/97), and informally with a few other 
sources.

Pages 6, 14:  One interpretation of the reference to "domains in ccTLDs are 
targeted as well" is that there is no "lasting value" to developing gTLD policy 
regarding any issue that occurs in both gTLDs and ccTLDs.  Is this 
interpretation intended?

LG  -- Chuck's comment was right.  There could be a benefit to coordinating 
with the ccNSO.  Not making a judgment on "no lasting value".

Pages 6, 14:  Similarly, one interpretation of the reference to "static rules 
through a policy development process might be quickly undermined by intrepid 
cybercriminals" is that there can be "no lasting value" to developing gTLD 
policy regarding any issue that results from or is associated with 
cybercriminals because they move more quickly than the PDP and, as interpreted 
by one IPC member, "are smarter than we are".  Is this interpretation intended?

LG - That is why we mention the importance of developing best practices, which 
then can be enhanced and upgraded over time to keep up better with new 
techniques developed to undermine existing deterrent techniques.  Perhaps a 
policy outcome might point to the need to adopt rigorous best practices and 
refresh on an ongoing basis.  But my understanding on fast flux is that these 
best practices do not necessarily exist today, so the question might be how to 
encourage their development in a structured and focused way, as a necessary 
precursor to deciding how to encourage or require their widespread adoption.  
Might the GNSO Council take on a convening role here?  Or encourage or direct 
in some other way?  In this context, the inference of concern about "lasting 
value" of imposing a specific practice is intended.

Page 8:  For how long and on what scale has proxy redirection been used to 
maintain high availability and spread the network load?

LG - We need to study this more.  The key question I was raising is, "are there 
valid uses that need to be considered, that could be undermined if certain 
deterrent steps were imposed?"  It is not clear from our cursory view how 
broadly this is used - seems also unlikely that there would be need for such 
constant and frequent fluxing in this context, but we couldn't determine for 
sure either way.

Page 9:  Did more than one person describe evasion of "black holing" 
"anecdotally as a possible 'legitimate use'" of fast flux?  Any evidence or 
research to suggest that it actually happens?
LG -- This is anecdotal and may only be one entity, another potential subject 
of further study.

Page 10:  How likely is that fast flux hosting "could be significantly 
curtailed by changes in the way in which DNS registries and registrars 
currently operate"?

LG - Would need to study further.

Page 11:  Is it technically possible now for registries and registrars to act 
in two ways set forth in report?  Practically possible?  If so, do they?  If 
not, have reasons for not doing so been provided and, if so, what are they?

LG - Would need to study further.

(I have not included a scope clarification question because I understand that 
it has already bee posed.)

Many thanks.

Kristina

Follow-Ups:
- [council] RE: Fast Flux Report - questions
  - From: Rosette, Kristina
- RE: [council] RE: Fast Flux Report - questions
  - From: Gomes, Chuck

References:
- [council] Fast Flux Report - questions
  - From: Rosette, Kristina

<<< Chronological Index >>> <<< Thread Index >>>