RE: [ga] Most Popular Invalid TLDs Should Be Reserved/SSAC not secure

["Ram Mohan" <rmohan@xxxxxxxxxxxx>]

Mr. Dierker,

Disparaging volunteers based on their affiliations is not constructive.  It
would help if you contributed to solutions rather than making clever points
at the cost of individuals' reputations.

 

SSAC is an advisory body.  It does not get to make policy or set rules -
those are up to the bodies who are constituted to do so.  No systemic
evidence was discovered in the study; that does not mean that no problem
exists, but that it was not apparent in the study.

 

Shooting the messenger instead of questioning the message is a mighty poor
way of contributing to this dialog.

 

-Ram

--------------------------------------------------------------------------

Ram Mohan

e: rmohan@xxxxxxxxxxxx | m: +1.215.431.0958
--------------------------------------------------------------------------

From: Hugh Dierker [mailto:hdierker2204@xxxxxxxxx] 
Sent: Saturday, June 20, 2009 8:29 AM
To: 'George Kirikos'; 'GNSO GA Mailing List'; rmohan@xxxxxxxxxxxx
Cc: dave.piscitello@xxxxxxxxx; steve@xxxxxxxxxxxxxxxx; Ram Mohan; Jeff
Williams; joe Babtista
Subject: RE: [ga] Most Popular Invalid TLDs Should Be Reserved/SSAC not
secure

 


Ram,

 

You stated interest is very hopeful here.  Is SSAC really interested in the
policies regarding curtailing corporate abuse by insiders in the industry?
In this case we are talking reserving, in another you addressed corporate
frontrunning.  http://www.icann.org/en/committees/security/sac022.pdf 

 

Here were your major contributors to the research and conclusions;

 

Bruce Tonkin, Chief Technology Officer, Melbourne IT

Ross Rader, Director, Innovation & Research Company, Tucows

Steve Miholovich, Director of Product Marketing, Network Solutions

Tim Ruiz Vice President of Corporate Development and Policy, GoDaddy

Jay Westerdal, CEO and President, Name Intelligence

Jonathan Nevett, Vice President and Chief Policy Counsel, Network Solutions

Paul Stahura, President & COO, Demand Media

 

But after all the evidence your committee could not determine if corporate
insider trading on names was a good or bad thing. Clearly SSAC should be
honest and disclose that they are there for the security and stability of
the large entrenched multinational corporations and not users.

 

Call for Policy Consideration

SSAC suggests that the domain name community (including registries,
registrars,

registrants, civil society and academic study groups) examine the existing
rules to

determine if the practice of domain name front running is consistent with
the core values

of the community, and if not, to consider implementing measures (including
new

policies, regulations and codes) to restrict domain name front running It
would be useful

if other organizations such as the ccNSO, APTLD, LACTLD, RALOs, and others
were

able to conduct surveys of their members, and contribute to the SSAC
analysis.



--- On Fri, 6/19/09, Ram Mohan <rmohan@xxxxxxxxxxxx> wrote:


From: Ram Mohan <rmohan@xxxxxxxxxxxx>
Subject: RE: [ga] Most Popular Invalid TLDs Should Be Reserved
To: "'George Kirikos'" <gkirikos@xxxxxxxxx>, "'GNSO GA Mailing List'"
<ga@xxxxxxxxxxxxxx>
Cc: dave.piscitello@xxxxxxxxx, steve@xxxxxxxxxxxxxxxx, "Ram Mohan"
<rmohan@xxxxxxxxxxxx>
Date: Friday, June 19, 2009, 3:15 PM


George,
I write as SSAC's Liaison to the Board.  I will take your suggestion forward
regarding a study on invalid TLDs into the SSAC's planning session at the
Sydney meeting.

Regarding lack of prohibition for wildcarding for new gTLDs, may I refer you
to SSAC's recent publication of an advisory regarding the prohibition of
redirection and synthesis of DNS responses[SAC041 -
http://www.icann.org/en/committees/security/sac041.pdf].

It may also interest you that SSAC has requested that this topic & SSAC's
recommendations on the matter be executed via a formal Board resolution at
the upcoming Sydney board meeting.

Regards,
Ram
--------------------------------------------------------------------------
Ram Mohan
e: rmohan@xxxxxxxxxxxx
<http://us.mc529.mail.yahoo.com/mc/compose?to=rmohan@xxxxxxxxxxxx>  | m:
+1.215.431.0958
--------------------------------------------------------------------------


-----Original Message-----
From: George Kirikos [mailto:gkirikos@xxxxxxxxx
<http://us.mc529.mail.yahoo.com/mc/compose?to=gkirikos@xxxxxxxxx> ] 
Sent: Thursday, June 18, 2009 2:21 PM
To: GNSO GA Mailing List
Cc: dave.piscitello@xxxxxxxxx
<http://us.mc529.mail.yahoo.com/mc/compose?to=dave.piscitello@xxxxxxxxx> ;
steve@xxxxxxxxxxxxxxxx
<http://us.mc529.mail.yahoo.com/mc/compose?to=steve@xxxxxxxxxxxxxxxx> 
Subject: [ga] Most Popular Invalid TLDs Should Be Reserved



Hi folks,

Some of the root server operators post public statistics for their domain
name traffic at the top-level. For example, the graph (which can take a bit
of time to generate, given ICANN's slow servers) for the L-root server's
most popular TLD queries:

http://stats.l.root-servers.org/cgi-bin/dsc-grapher.pl?window=604800
<http://stats.l.root-servers.org/cgi-bin/dsc-grapher.pl?window=604800&plot=q
t> &plot=qt
ype_vs_valid_tld&server=L-root

demonstrates, to no one's surprise, that .com is king. What's more
interesting, though, especially given the new gTLD debate, is to look at the
most popular invalid (non-existent) TLDs:

"http://stats.l.root-servers.org/cgi-bin/dsc-grapher.pl?window=604800
<http://stats.l.root-servers.org/cgi-bin/dsc-grapher.pl?window=604800&plot=q
> &plot=q
type_vs_invalid_tld&server=L-root

This list will vary depending on caching and the geographical location of
the root server, but for the L-root, .local, .belkin, .home, .lan, .invalid
.domain, .localdomain, .wpad, .corp, .maps, .html, .router, .host, .mshome,
.htm and so on show popularity in the past week.

Given what transpired with the wildcarding of .cm

http://www.circleid.com/posts/nation_of_cameroon_typosquats_com_space/

and the current lack of a prohibition of wildcarding for new gTLDs (despite
our own input into the public comment periods), it's clear that these TLDs
will be in demand by those who hope to take advantage of the built-in DNS
traffic hardcoded into routers, LANs and other private networks, and from
typos of existing TLDs.

I recommend that the Security and Stability Advisory Committee compile
statistics on invalid TLD queries across all root servers, and from popular
ISP-run DNS servers, in order to create a Reserve List. The list of at least
the top 1000 invalid TLDs should be made public to ensure transparency, and
be pruned only with the consensus support of the community.

Sincerely,

George Kirikos
http://www.leap.com/