ICANN/GNSO GNSO Email List Archives

[council]


<<< Chronological Index >>>    <<< Thread Index >>>

[council] RE: Fast Flux Report - questions

  • To: "Liz Gasster" <liz.gasster@xxxxxxxxx>, <council@xxxxxxxxxxxxxx>
  • Subject: [council] RE: Fast Flux Report - questions
  • From: "Rosette, Kristina" <krosette@xxxxxxx>
  • Date: Mon, 21 Apr 2008 12:09:42 -0400
  • In-reply-to: <5751D739B8779944939698FBC816B7CE3549EE3763@EXVMBX016-2.exch016.msoutlookonline.net>
  • List-id: council@xxxxxxxxxxxxxx
  • Sender: owner-council@xxxxxxxxxxxxxx
  • Thread-index: Acigk1AZySRhnzE8QCytI/IOgO3ZTQA27XXgAJZWDpA=
  • Thread-topic: Fast Flux Report - questions

Liz,
 
Many thanks for the speedy response.   I have some additional follow up
questions, which I've inserted in my original message below.
 
Kristina 


________________________________

        From: Liz Gasster [mailto:liz.gasster@xxxxxxxxx] 
        Sent: Friday, April 18, 2008 3:19 PM
        To: Rosette, Kristina; council@xxxxxxxxxxxxxx
        Subject: RE: Fast Flux Report - questions
        
        

        Kristina and all,

         

        Following are responses below from staff where we can.  I
believe some of your questions highlight the need for further study
(possibly in more areas than we've identified in the report, as some of
your questions suggest).  

         

        Happy to try to answer further where we can, if you have more
questions.  I just want to note again too that given the short time
frame to prepare the report, the breadth of sources we were able to draw
upon were necessarily limited.  I really like your idea about noting
sources and including a bibliography when we prepare issues reports in
the future, and I'm going to add this as a suggestion in our GNSO
improvements process so that we capture this idea to consider in the
development of a new policy development process.  

         

        Liz

         

        
________________________________


        From: owner-council@xxxxxxxxxxxxxx
[mailto:owner-council@xxxxxxxxxxxxxx] On Behalf Of Rosette, Kristina
        Sent: Thursday, April 17, 2008 7:00 AM
        To: council@xxxxxxxxxxxxxx
        Subject: [council] Fast Flux Report - questions 

         

        All, 

        Here are some initial questions/requests about the report.  I
will forward additional questions soon. 

        Page 1:  The report states that staff "consulted other
appropriate and relevant sources of information".  In the interest of
transparency, I would appreciate having those sources be identified.
As a general note, it may be helpful to all readers of the report if the
issues reports included a bibliography or sources consulted section.

        LG -- staff considered the SAC Advisory (SAC 025) and I also
consulted extensively with Lyman Chapin.  We referred to the email
exchanges on the SSAC list during the period of time in which the SSAC
folks were discussing fast flux and  preparing SAC 025, the
presentations and transcripts from the SSAC workshops in Los Angeles
(http://losangeles2007.icann.org/node/78
<http://losangeles2007.icann.org/node/78> )

        and Delhi (http://delhi.icann.org/node/97
<http://delhi.icann.org/node/97> ), and informally with a few other
sources.

        Pages 6, 14:  One interpretation of the reference to "domains in
ccTLDs are targeted as well" is that there is no "lasting value" to
developing gTLD policy regarding any issue that occurs in both gTLDs and
ccTLDs.  Is this interpretation intended?

        LG  -- Chuck's comment was right.  There could be a benefit to
coordinating with the ccNSO.  Not making a judgment on "no lasting
value". 

        KR - The referenced statement appears in a paragraph that begins
with reference to the General Counsel's opinion.  I will direct my
question to that office.  

         Pages 6, 14:  Similarly, one interpretation of the reference to
"static rules through a policy development process might be quickly
undermined by intrepid cybercriminals" is that there can be "no lasting
value" to developing gTLD policy regarding any issue that results from
or is associated with cybercriminals because they move more quickly than
the PDP and, as interpreted by one IPC member, "are smarter than we
are".  Is this interpretation intended?

        LG - That is why we mention the importance of developing best
practices, which then can be enhanced and upgraded over time to keep up
better with new techniques developed to undermine existing deterrent
techniques.  Perhaps a policy outcome might point to the need to adopt
rigorous best practices and refresh on an ongoing basis.  But my
understanding on fast flux is that these best practices do not
necessarily exist today, so the question might be how to encourage their
development in a structured and focused way, as a necessary precursor to
deciding how to encourage or require their widespread adoption.  Might
the GNSO Council take on a convening role here?  Or encourage or direct
in some other way?  In this context, the inference of concern about
"lasting value" of imposing a specific practice is intended.  

        KR - same comment as above.  

        Page 8:  For how long and on what scale has proxy redirection
been used to maintain high availability and spread the network load?

        LG - We need to study this more.  The key question I was raising
is, "are there valid uses that need to be considered, that could be
undermined if certain deterrent steps were imposed?"  It is not clear
from our cursory view how broadly this is used - seems also unlikely
that there would be need for such constant and frequent fluxing in this
context, but we couldn't determine for sure either way.   

        KR - I am confused. Are you saying that it couldn't be
determined for sure (a) how widely proxy redirection has been used in
this way; and (b) whether there is a need for fast flux in the context
of proxy redirection?  

        Page 9:  Did more than one person describe evasion of "black
holing" "anecdotally as a possible 'legitimate use'" of fast flux?  Any
evidence or research to suggest that it actually happens?  

        LG -- This is anecdotal and may only be one entity, another
potential subject of further study. 

         

        KR - I understand your answers to be "No, only one person
described evasion of black holing anecdotally as a possible legitimate
use of fast flux.  No, there is no evidence or research to suggest that
it actually happens."  Is my understanding incorrect?

        Page 10:  How likely is that fast flux hosting "could be
significantly curtailed by changes in the way in which DNS registries
and registrars currently operate"?

        LG - Would need to study further.

        Page 11:  Is it technically possible now for registries and
registrars to act in two ways set forth in report?  Practically
possible?  If so, do they?  If not, have reasons for not doing so been
provided and, if so, what are they?

        LG - Would need to study further. 

        KR - I am confused.  If the answers to these questions require
further study, what is the factual basis for the statement in the report
that " Registries and registrars can curb the practice in two ways . .
.. "?
        

         

        (I have not included a scope clarification question because I
understand that it has already bee posed.) 

        Many thanks. 

        Kristina 

         



<<< Chronological Index >>>    <<< Thread Index >>>