[NCAP-Discuss] why enhanced controlled interruption - not legal
Matt Larson
matt.larson at icann.org
Fri Feb 25 19:40:35 UTC 2022
> On Feb 25, 2022, at 10:26 AM, Thomas, Matthew via NCAP-Discuss <ncap-discuss at icann.org> wrote:
>
> A server can be configured to have various ports open but nothing would actually be listening on those ports via a set of IPTABLE rules. The connection attempts would be logged but no data would be exchanged besides what is basically in the IP headers - IP address, port, and you would probably add a timestamp. This still enables the identification of clients and understanding of what services/ports they are trying to attempt to reach.
On February 9, Warren gave a presentation to the NCAP DG about CI vs. ECI that included this text:
> Proposed / comparison
> • Returns the address of a "parking page"
> • The user is presented with a page (web) explaining the issue, and mitigations
> • Causes the user to connect to an outside system
> • Collision visibility is the affected nameserves and the actual users
I’m concerned that some in this group have been talking for a long time about proposing ECI but have not actually described its behavior in any detail. Matt and Warren are describing two implementations with significant differences.
The details matter because different solutions would allow more sensitive data to be exfiltrated and would cause varying degrees of disruption to client applications. For TCP-based protocols, silently dropping the SYN vs. actively refusing the connection vs. providing a minimal protocol interaction all produce potentially very different client behavior.
A proposal for ECI without specifying technically how it would work cannot be properly evaluated by the Board.
Matt (L.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/ncap-discuss/attachments/20220225/c33fc433/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2580 bytes
Desc: not available
URL: <https://mm.icann.org/pipermail/ncap-discuss/attachments/20220225/c33fc433/smime.p7s>
More information about the NCAP-Discuss
mailing list