[NCAP-Discuss] Additional comments on the comments to the Scarfone Draft

[Danny McPherson]

On 2020-05-06 17:42, Rubens Kuhl wrote:

> 
> This is WPAD, which I already mentioned as suggested by then
> applicants as a string to be blocked at the 2nd level and as one of
> the few discovery protocols not using _.

But it's not blocked Ruben and those same queries are still leaking post 
CI and users are at risk that's precisely the point! -- it's not blocked 
in the example domains they have in their attack and exploitation 
blueprint and it's actually being sold as.a premium in some new gTLDs 
and for sale all over the new gTLD retail and secondary market -- this 
precisely illustrates the issue here where users and consumers are at 
risk.

But WPAD is the obvious one, there are thousands of DNS Service 
Discovery protocols and others that are problematic for reasons outlined 
in numerous peer-reviewed research that's been cited here (and that 
ICANN funded early on, even) - you can continue to ignore it for 
whatever reason you choose but these protocols and namespace collisions 
result in billions of queries to the root and can be exploited to enable 
MiTM attacks well after delegation and CI - e.g., precisely the same as 
the corp.com coffee shop example that is an artifact of .CORP and search 
list processing.

I don't believe "Let's let law enforcement solve the problem nothing to 
see here" is an answer the board would want to hear or this working 
group should offer.


-danny