[NCAP-Discuss] why enhanced controlled interruption - not legal

rubensk at nic.br rubensk at nic.br
Fri Feb 25 18:22:20 UTC 2022 


Matt,

Those ways can be summarized in the famous Sledgehammer catch phrase: "Trust me, I know what I am doing".
When you say other operators, my organization happens to run one such honeypot network of SMTP listeners. But we don't keep sending e-mail to people so they hit our honeypots back, the only ones that get there are those looking for open relays.

You might consult with the author of the Verisign comment that called such mechanism controlled exfiltration, because I agree with him or her.


Rubens





> On 24 Feb 2022, at 22:33, Thomas, Matthew <mthomas at verisign.com> wrote:
> 
> Rubens,
> 
> ECI can be conducted in a variety of technical ways that minimizes or eliminates the majority of data privacy concerns. I would be careful to paint such broad strokes here.  Nor would I say it is not technically feasible - this type of analysis has been going on for the last decade via other operators.  Can you please elaborate as to why this non-technically feasible (disregarding data concerns and purely on a technical point-of-view)?
> 
> Matt
> 
> On 2/21/22, 6:09 PM, "NCAP-Discuss on behalf of Rubens Kuhl via NCAP-Discuss" <ncap-discuss-bounces at icann.org <mailto:ncap-discuss-bounces at icann.org>on behalf of ncap-discuss at icann.org <mailto:ncap-discuss at icann.org>> wrote:
> 
> 
>    Jim,
> 
>    There is one aspect of enhanced controlled interruption that is not business, privacy or liability related, which is the controlled exfiltration aspect of it. This is a serious information security show stopper, and one that a technically-focused group can't ignore.
> 
>    But even on the non-technical feasibility, this won't be the first time the same idea will be suggested, so we at least need a backup plan since the likelihood of this idea not being adopted is known to be very high. If this was the first time we could at least plea that we didn't know if it would be accepted or not, but the new name doesn't make the idea a new one.
> 
> 
> 
>    Rubens
> 
> 
> 
> 
>> On 21 Feb 2022, at 16:45, James Galvin <galvin at elistx.com> wrote:
>> 
>> Speaking as co-Chair:
>> 
>> This discussion of the purpose and value of enhanced controlled interruption is essential.  As a group we need to understand all points of view, make sure to defend any choice we make, and mention relevant counterpoints so the community understands why we made our choice.
>> 
>> Toward that end I want to remind us that this is a technical group and we ultimately will make the best technical choice we can based on the data we have at hand.
>> 
>> There are legal questions associated with the use of enhanced controlled interruption.  There are related business, privacy, and liability questions.  These questions have very limited scope in our work.  It is appropriate for us to note the questions and suggest future study of them, but in general it is not within scope for us to resolve them.
>> 
>> Let’s remind ourselves as to why enhanced controlled interruption (ECI) is part of our currently proposed solution.
>> 
>> We have been asked to provide guidance on how to assess name collisions and consider what mitigation and remediation might be possible.  The data we have tells us the following.
>> 
>> 1. Root servers do not have a full picture of name collisions by themselves.
>> 
>> 2. What we do know from root servers is only from DNS queries and that information is waning as the DNS infrastructure evolves.
>> 
>> Those two facts alone tell us the development of a mitigation and remediation plan is problematic at best.
>> 
>> ECI exists because it is currently the only mechanism that has been proposed to obtain sufficient information to develop a mitigation or remediation plan.  We can certainly note the additional risks that the ICANN Board will need to consider, that are outside the technical scope of our work.
>> 
>> Or, if another mechanism or procedure manifests in our discussions, then we’ll certainly consider that.
>> 
>> I don’t want to repeat discussion we’ve already had.  As we develop text for our final work product all of this will get discussed again and captured appropriately.  Please do continue the discussion on the list as it will inform our final work product.
>> 
>> Thanks,
>> 
>> Jim
>> _______________________________________________
>> NCAP-Discuss mailing list
>> NCAP-Discuss at icann.org
>> https://secure-web.cisco.com/1P4Dp2Sc9OPZVocMuZV4eUr4QhKrx4RCJtIYFMaAby2EIQ-4f3uzTV72acUoDPP9ABTcZ_Ptf3W8e_JWSZat9JcYkirfwIgITdnPogmTOtdgluGqVewET-9XwmPmg3IA72nhSWLxj8Er8rZWNVxCAkeAFX09ISJByh6ubs1H44HA-NIS24TBMp2QG-UmotADfFpsvGjAi9f0NYene5nGmwzIfzNxJiIM5UQo4dmMXvnhx7Iw0R_MS4LwEKxiF2dij/https%3A%2F%2Fmm.icann.org%2Fmailman%2Flistinfo%2Fncap-discuss <https://secure-web.cisco.com/1P4Dp2Sc9OPZVocMuZV4eUr4QhKrx4RCJtIYFMaAby2EIQ-4f3uzTV72acUoDPP9ABTcZ_Ptf3W8e_JWSZat9JcYkirfwIgITdnPogmTOtdgluGqVewET-9XwmPmg3IA72nhSWLxj8Er8rZWNVxCAkeAFX09ISJByh6ubs1H44HA-NIS24TBMp2QG-UmotADfFpsvGjAi9f0NYene5nGmwzIfzNxJiIM5UQo4dmMXvnhx7Iw0R_MS4LwEKxiF2dij/https%3A%2F%2Fmm.icann.org%2Fmailman%2Flistinfo%2Fncap-discuss>
>> 
>> _______________________________________________
>> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://secure-web.cisco.com/1_UTSzm1ByKwHFs5SDrJJ9o0g0FlF3hVs_41gBB5mAhbAr76FxMPO7xpByU3nZz4ekjF4gnvS4P8NcYd9FfCrhe1bKb_2dKe7obYfmKfTe8VO8-pWPICJK33_230I2PbCzFpJWanAjLACV4AvvcKk_0iReflXlOvapwoAUyPzfpuKJ7R9yGTBvokGRMfD81VP-CAIzvGIADn9-rtiTL-SE0F0HK8BFyKll6BJBWhZ98OH_mzBF0r3cmbjcioLxvAU/https%3A%2F%2Fwww.icann.org%2Fprivacy%2Fpolicy <https://secure-web.cisco.com/1_UTSzm1ByKwHFs5SDrJJ9o0g0FlF3hVs_41gBB5mAhbAr76FxMPO7xpByU3nZz4ekjF4gnvS4P8NcYd9FfCrhe1bKb_2dKe7obYfmKfTe8VO8-pWPICJK33_230I2PbCzFpJWanAjLACV4AvvcKk_0iReflXlOvapwoAUyPzfpuKJ7R9yGTBvokGRMfD81VP-CAIzvGIADn9-rtiTL-SE0F0HK8BFyKll6BJBWhZ98OH_mzBF0r3cmbjcioLxvAU/https%3A%2F%2Fwww.icann.org%2Fprivacy%2Fpolicy>) and the website Terms of Service (https://secure-web.cisco.com/1P8se2tAgB_LhShz82zwzc2pbJI9bYJGDuVr7CXfssLTqFG4h_4AWptue4EbKUAWKeWayrhPO5c7Im1f_5q3IaDOgkLPedwv4zHjAaPt26AHK2ieyU9XwedNNTHVl0grxz1AxjuKpzQdh4P8KI_vHokOSlGZlFtXOZUi07xfkupmLMuzwej3DywRn20d-z-uA1zo1cv8nO-Y9xdua7zqYIZyW89lrwPcBtpC7GNvjcsxsWQFficMKrG7rKpXyJl7c/https%3A%2F%2Fwww.icann.org%2Fprivacy%2Ftos <https://secure-web.cisco.com/1P8se2tAgB_LhShz82zwzc2pbJI9bYJGDuVr7CXfssLTqFG4h_4AWptue4EbKUAWKeWayrhPO5c7Im1f_5q3IaDOgkLPedwv4zHjAaPt26AHK2ieyU9XwedNNTHVl0grxz1AxjuKpzQdh4P8KI_vHokOSlGZlFtXOZUi07xfkupmLMuzwej3DywRn20d-z-uA1zo1cv8nO-Y9xdua7zqYIZyW89lrwPcBtpC7GNvjcsxsWQFficMKrG7rKpXyJl7c/https%3A%2F%2Fwww.icann.org%2Fprivacy%2Ftos> You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/ncap-discuss/attachments/20220225/688885d6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 529 bytes
Desc: Message signed with OpenPGP
URL: <https://mm.icann.org/pipermail/ncap-discuss/attachments/20220225/688885d6/signature-0001.asc>

More information about the NCAP-Discuss mailing list