[council] RE: Fast Flux Report - questions
liz.gasster at icann.org
Fri Apr 18 19:18:36 UTC 2008
Kristina and all,
Following are responses below from staff where we can. I believe some of your questions highlight the need for further study (possibly in more areas than we've identified in the report, as some of your questions suggest).
Happy to try to answer further where we can, if you have more questions. I just want to note again too that given the short time frame to prepare the report, the breadth of sources we were able to draw upon were necessarily limited. I really like your idea about noting sources and including a bibliography when we prepare issues reports in the future, and I'm going to add this as a suggestion in our GNSO improvements process so that we capture this idea to consider in the development of a new policy development process.
From: owner-council at gnso.icann.org [mailto:owner-council at gnso.icann.org] On Behalf Of Rosette, Kristina
Sent: Thursday, April 17, 2008 7:00 AM
To: council at gnso.icann.org
Subject: [council] Fast Flux Report - questions
Here are some initial questions/requests about the report. I will forward additional questions soon.
Page 1: The report states that staff "consulted other appropriate and relevant sources of information". In the interest of transparency, I would appreciate having those sources be identified. As a general note, it may be helpful to all readers of the report if the issues reports included a bibliography or sources consulted section.
LG -- staff considered the SAC Advisory (SAC 025) and I also consulted extensively with Lyman Chapin. We referred to the email exchanges on the SSAC list during the period of time in which the SSAC folks were discussing fast flux and preparing SAC 025, the presentations and transcripts from the SSAC workshops in Los Angeles (http://losangeles2007.icann.org/node/78)
and Delhi (http://delhi.icann.org/node/97), and informally with a few other sources.
Pages 6, 14: One interpretation of the reference to "domains in ccTLDs are targeted as well" is that there is no "lasting value" to developing gTLD policy regarding any issue that occurs in both gTLDs and ccTLDs. Is this interpretation intended?
LG -- Chuck's comment was right. There could be a benefit to coordinating with the ccNSO. Not making a judgment on "no lasting value".
Pages 6, 14: Similarly, one interpretation of the reference to "static rules through a policy development process might be quickly undermined by intrepid cybercriminals" is that there can be "no lasting value" to developing gTLD policy regarding any issue that results from or is associated with cybercriminals because they move more quickly than the PDP and, as interpreted by one IPC member, "are smarter than we are". Is this interpretation intended?
LG - That is why we mention the importance of developing best practices, which then can be enhanced and upgraded over time to keep up better with new techniques developed to undermine existing deterrent techniques. Perhaps a policy outcome might point to the need to adopt rigorous best practices and refresh on an ongoing basis. But my understanding on fast flux is that these best practices do not necessarily exist today, so the question might be how to encourage their development in a structured and focused way, as a necessary precursor to deciding how to encourage or require their widespread adoption. Might the GNSO Council take on a convening role here? Or encourage or direct in some other way? In this context, the inference of concern about "lasting value" of imposing a specific practice is intended.
Page 8: For how long and on what scale has proxy redirection been used to maintain high availability and spread the network load?
LG - We need to study this more. The key question I was raising is, "are there valid uses that need to be considered, that could be undermined if certain deterrent steps were imposed?" It is not clear from our cursory view how broadly this is used - seems also unlikely that there would be need for such constant and frequent fluxing in this context, but we couldn't determine for sure either way.
Page 9: Did more than one person describe evasion of "black holing" "anecdotally as a possible 'legitimate use'" of fast flux? Any evidence or research to suggest that it actually happens?
LG -- This is anecdotal and may only be one entity, another potential subject of further study.
Page 10: How likely is that fast flux hosting "could be significantly curtailed by changes in the way in which DNS registries and registrars currently operate"?
LG - Would need to study further.
Page 11: Is it technically possible now for registries and registrars to act in two ways set forth in report? Practically possible? If so, do they? If not, have reasons for not doing so been provided and, if so, what are they?
LG - Would need to study further.
(I have not included a scope clarification question because I understand that it has already bee posed.)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the council