[gnso-rds-pdp-wg] Reputation systems are not just nice to have (was Re: What we want redux)

John Bambenek jcb at bambenekconsulting.com
Fri Sep 29 18:06:06 UTC 2017 

Everything is an option. It's an option to run anti-virus. It's an
option to have a firewall. It's an option to have an unpatched windows
machine sitting on the open internet. It's also an option of not only
what types of services you run but which specific version/application.
Because of the voluntary interconnectional nature of the internet, we
don't say because we can't specificly delineate exactly HOW something is
implemented means we cannot craft policies to support broad use cases.

And we're all aware of Let's Encrypt which allows anyone to request an
SSL cert and identity for almost anyone else on the internet (baring
implementing CAA putting the burden on domain owners to configure DNS
records to prevent you from issuing certificates in their name). It's
precisely the "it's not our job" mentality of various classes providers
that is one of the biggest if not the biggest contributor to not only
cybercrime but the difficulty in fighting it...


On 9/29/2017 12:47 PM, Jeremy Malcolm wrote:
> On 29/9/17 10:29 am, Andrew Sullivan wrote:
>> So, we can't treat reputation service support as something that's nice
>> to have.  It's necessary for the functioning of domain names on the
>> Internet, and therefore we must provide for it.
> Interesting argument, but not convincing to me.  The reputation systems
> that I'm aware of *are* optional to support.  Some mail providers
> subscribe to certain blocklists that others don't, some search engines,
> browsers, and browser plugins will flag particular domains that others
> don't, and so on.  In the similar context of certificate authorities
> that issue SSL certificates for domains, Let's Encrypt (which EFF is a
> sponsor of) is often asked to refuse to issue certificates for
> particular domains based on reputation, but has decided that that's not
> part of its job.  Consider the domain amazonaws.com, which host millions
> of Amazon S3 buckets.  There's a lot of phishing content stored under
> that domain from time to time, but assigning a bad reputation to the
> registered owner of amazonaws.com would be pointless and cause lots of
> collateral damage.  It hardly seems that it's an essential part of the
> domain name system to be able to do that.
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

-- 
--

John Bambenek

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170929/39b7d435/attachment.html>

More information about the gnso-rds-pdp-wg mailing list