[council] Fast Flux Report - questions

Gomes, Chuck cgomes at verisign.com
Thu Apr 17 14:28:30 UTC 2008

Please note a few comments below.


From: owner-council at gnso.icann.org [mailto:owner-council at gnso.icann.org]
On Behalf Of Rosette, Kristina
Sent: Thursday, April 17, 2008 10:00 AM
To: council at gnso.icann.org
Subject: [council] Fast Flux Report - questions 


Here are some initial questions/requests about the report.  I will
forward additional questions soon. 

Page 1:  The report states that staff "consulted other appropriate and
relevant sources of information".  In the interest of transparency, I
would appreciate having those sources be identified.   As a general
note, it may be helpful to all readers of the report if the issues
reports included a bibliography or sources consulted section.

Pages 6, 14:  One interpretation of the reference to "domains in ccTLDs
are targeted as well" is that there is no "lasting value" to developing
gTLD policy regarding any issue that occurs in both gTLDs and ccTLDs.
Is this interpretation intended? 

CG: I obviously cannot answer the question about intention but I do
think the point in the report is important for us to understand.  If we
develop a GNSO policy, it would be very easy for 'fast fluxers' to avoid
the policy by using ccTLDs.  That does not mean that we should not
consider policy but, if we decide to pursue a PDP, it might indicate
that this might be an issue for joint work with the ccNSO. 

Pages 6, 14:  Similarly, one interpretation of the reference to "static
rules through a policy development process might be quickly undermined
by intrepid cybercriminals" is that there can be "no lasting value" to
developing gTLD policy regarding any issue that results from or is
associated with cybercriminals because they move more quickly than the
PDP and, as interpreted by one IPC member, "are smarter than we are".
Is this interpretation intended?

Page 8:  For how long and on what scale has proxy redirection been used
to maintain high availability and spread the network load?

Page 9:  Did more than one person describe evasion of "black holing"
"anecdotally as a possible 'legitimate use'" of fast flux?  Any evidence
or research to suggest that it actually happens?  

Page 10:  How likely is that fast flux hosting "could be significantly
curtailed by changes in the way in which DNS registries and registrars
currently operate"? 

CG: This seems to be a very important question and one that would be
useful in at least getting a rough response to before iniitiating a PDP.
Why spend significant time on a PDP that may have little impact. 

Page 11:  Is it technically possible now for registries and registrars
to act in two ways set forth in report?  Practically possible?  If so,
do they?  If not, have reasons for not doing so been provided and, if
so, what are they? 

CG: It is critical to keep in mind that even if registries and
registrars can take steps as indicated in the report that might reduce
fast fluxing, as the report points out some of those steps could have
significant impact on 'innocent' parties.  I can remember when we only
updated TLD zone files (and root servers as well) only three times a
week. I think that fast fluxing would not work well if that were the
case today but there was great demand for much more frequent updates for
legitimate reasons.  In fact, beyond the general demand for more timely
updates, we often received special requests for special zone updates to
deal with what customers felt were emergency issues. 

(I have not included a scope clarification question because I understand
that it has already bee posed.) 

Many thanks. 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/council/attachments/20080417/aeee56c5/attachment.html>

More information about the council mailing list