[gnso-rds-pdp-wg] Reputation systems are not just nice to have (was Re: What we want redux)

allison nixon elsakoo at gmail.com
Mon Oct 2 05:19:01 UTC 2017


>>Recently the EFF has been worried about malware and phishing attacks
against NGOs, and has been a proponent of patching compromised machines
that are being used to attack other people.  Reputation systems are what
people use to protect themselves and their networks against such things.

"Compromised machines that are being used to attack other people" is an
issue near and dear to my heart since i have spent much of the past couple
years of my life on that mirai/IoT botnet nonsense. There is another aspect
to that problem I want to highlight. The only legal method to patch in most
cases is to contact their owners and they patch. In the case of the massive
IoT botnets, it was a huge population of bots, causing huge amounts of harm
and, due to the fact that IP WHOIS is not specific to the end user unlike
domain WHOIS, we had no way to contact them. The affected ISPs were largely
unhelpful. Some users figured it out when they got their bandwidth bill.

One year in, despite a LOT of ink spilled over this, some of the same
machines still DDOS. If any of those people knew what their CCTV systems
were doing, they would fix them. But no one told them. That system
"protects their privacy" from us, while hackers log into their video feeds
and watch their house, and launch DDOS attacks, and set up proxies to
commit crimes through their home IP.  Some privacy!

At least with domains we can email them when their wordpress blog starts
DDOSing people. But if the EFF really is trying to get abandoned machines
cleaned up, then the EFF should also recognize that domain WHOIS is
critical, and shutting it down will set its own initiative backwards.

On Sat, Sep 30, 2017 at 6:07 PM, Greg Aaron <gca at icginc.com> wrote:

> I assume that the EFF (or its Internet service provider, Unwired) uses
> reputation systems to filter the EFF's email and keep malware, phishing,
> and spam from reaching the EFF staff.  Just like every other enterprise out
> there.
>
> Recently the EFF has been worried about malware and phishing attacks
> against NGOs, and has been a proponent of patching compromised machines
> that are being used to attack other people.  Reputation systems are what
> people use to protect themselves and their networks against such things.
>
> Would the DNS work without reputation systems?  That is the wrong
> question, a reductio ad absurdum.  A DNS without any users is worthless.
> Reputation systems are one of the things that keeps the Internet usable.
>
> Domain names exist in order to enable communication.  And in the DNS,
> people can send you whatever packets they want to, whether you want it or
> not.   Users need to decide what traffic they wish to accept, and part of
> that is understanding what the sender or origin is.  And some of those
> senders want to do us, and the people we wish to protect, great harm.
>
> All best,
> --Greg
>
>
>
> -----Original Message-----
> From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-
> bounces at icann.org] On Behalf Of Jeremy Malcolm
> Sent: Friday, September 29, 2017 2:57 PM
> To: gnso-rds-pdp-wg at icann.org
> Subject: Re: [gnso-rds-pdp-wg] Reputation systems are not just nice to
> have (was Re: What we want redux)
>
> On 29/9/17 11:44 am, Andrew Sullivan wrote:
> > Since we are making policy for a system that is used in support of
> > domain name operation, we need to make that support work for all the
> > parts of the operations in question.  One of the operations in
> > question is various reputation systems, so I think it is not optional
> > for us to support that functionality.
>
> I disagree, I think that a case can be made that reputation systems are
> important, but they're not essential to the operation of the DNS.  You
> might as easily say that because advertising revenue is also used "in
> support of domain name operation", we need to make sure that the DNS
> supports that.  There are lots of different working parts of the Internet
> ecosystem that make our online experience better, including voluntary
> reputation systems, but would the DNS still work without them?  Yes.
>
> --
> Jeremy Malcolm
> Senior Global Policy Analyst
> Electronic Frontier Foundation
> https://eff.org
> jmalcolm at eff.org
>
> Tel: 415.436.9333 ext 161
>
> :: Defending Your Rights in the Digital World ::
>
> Public key: https://www.eff.org/files/2016/11/27/key_jmalcolm.txt
> PGP fingerprint: 75D2 4C0D 35EA EA2F 8CA8 8F79 4911 EC4A EDDF 1122
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>



-- 
_________________________________
Note to self: Pillage BEFORE burning.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171002/d1fc3588/attachment.html>


More information about the gnso-rds-pdp-wg mailing list