<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Fast Flux Report - questions</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3132" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=109321514-17042008><FONT face=Arial
color=#0000ff size=2>Please note a few comments below.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=109321514-17042008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=109321514-17042008><FONT face=Arial
color=#0000ff size=2>Chuck</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> owner-council@gnso.icann.org
[mailto:owner-council@gnso.icann.org] <B>On Behalf Of </B>Rosette,
Kristina<BR><B>Sent:</B> Thursday, April 17, 2008 10:00 AM<BR><B>To:</B>
council@gnso.icann.org<BR><B>Subject:</B> [council] Fast Flux Report - questions
<BR></FONT><BR></DIV>
<DIV></DIV><!-- Converted from text/rtf format -->
<P><FONT face=Arial size=2>All,</FONT> </P>
<P><FONT face=Arial size=2>Here are some initial questions/requests about the
report. I will forward additional questions soon.</FONT> </P>
<P><FONT face=Arial size=2>Page 1: The report states that staff "consulted
other appropriate and relevant sources of information". In the interest of
transparency, I would appreciate having those sources be identified.
As a general note, it may be helpful to all readers of the report if the issues
reports included a bibliography or sources consulted section.</FONT></P>
<P><FONT face=Arial><FONT size=2>Pages 6, 14: One interpretation of the
reference to "domains in ccTLDs are targeted as well" is that there is no
"lasting value" to developing gTLD policy regarding any issue that occurs in
both gTLDs and ccTLDs. Is this interpretation intended?<SPAN
class=109321514-17042008><FONT
color=#0000ff> </FONT></SPAN></FONT></FONT></P>
<P><FONT face=Arial><FONT size=2><SPAN class=109321514-17042008><FONT
color=#0000ff>CG: I obviously cannot answer the question about intention but I
do think the point in the report is important for us to
understand. If we develop a GNSO policy, it would be very easy for
'fast fluxers' to avoid the policy by using ccTLDs. That does not mean
that we should not consider policy but, if we decide to pursue a PDP, it
might indicate that this might be an issue for joint work with the
ccNSO.</FONT> </SPAN></FONT></FONT></P>
<P><FONT face=Arial size=2>Pages 6, 14: Similarly, one interpretation of
the reference to "static rules through a policy development process might be
quickly undermined by intrepid cybercriminals" is that there can be "no lasting
value" to developing gTLD policy regarding any issue that results from or is
associated with cybercriminals because they move more quickly than the PDP and,
as interpreted by one IPC member, "are smarter than we are". Is this
interpretation intended?</FONT></P>
<P><FONT face=Arial size=2>Page 8: For how long and on what scale has
proxy redirection been used to maintain high availability and spread the network
load?</FONT></P>
<P><FONT face=Arial size=2>Page 9: Did more than one person describe
evasion of "black holing" "anecdotally as a possible 'legitimate use'" of fast
flux? Any evidence or research to suggest that it actually happens?
</FONT></P>
<P><FONT face=Arial><FONT size=2>Page 10: How likely is that fast flux
hosting "could be significantly curtailed by changes in the way in which DNS
registries and registrars currently operate"?<SPAN
class=109321514-17042008><FONT
color=#0000ff> </FONT></SPAN></FONT></FONT></P>
<P><FONT face=Arial><FONT size=2><SPAN class=109321514-17042008><FONT
color=#0000ff>CG: This seems to be a very important question and one that would
be useful in at least getting a rough response to before iniitiating a
PDP. Why spend significant time on a PDP that may have little
impact.</FONT> </SPAN></FONT></FONT></P>
<P><FONT face=Arial><FONT size=2>Page 11: Is it technically possible now
for registries and registrars to act in two ways set forth in report?
Practically possible? If so, do they? If not, have reasons for not
doing so been provided and, if so, what are they?<SPAN
class=109321514-17042008><FONT
color=#0000ff> </FONT></SPAN></FONT></FONT></P>
<P><FONT face=Arial><FONT size=2><SPAN class=109321514-17042008><FONT
color=#0000ff>CG: It is critical to keep in mind that even if registries and
registrars can take steps as indicated in the report that might reduce fast
fluxing, as the report points out some of those steps could
have significant impact on 'innocent' parties. I can
remember when we only updated TLD zone files (and root servers as well)
only three times a week. I think that fast fluxing would not work
well if that were the case today but there was great demand for much
more frequent updates for legitimate reasons. In fact, beyond the
general demand for more timely updates, we often received special requests
for special zone updates to deal with what customers felt were emergency
issues.</FONT> </SPAN></FONT></FONT></P>
<P><FONT face=Arial size=2>(I have not included a scope clarification question
because I understand that it has already bee posed.)</FONT> </P>
<P><FONT face=Arial size=2>Many thanks.</FONT> </P>
<P><FONT face=Arial size=2>Kristina </FONT></P><BR></BODY></HTML>