[NCAP-Discuss] why enhanced controlled interruption - not legal

[Danny McPherson]

On 2022-02-25 14:55, Matt Larson wrote:
> Danny,
> 
>> On Feb 25, 2022, at 2:14 PM, Danny McPherson <danny at tcb.net> wrote:
>> I suppose the author of those comments would also say that ignoring
>> the plausibility of said exfiltration _until someone has made money
>> off the domain sale (i.e., TLD delegated, traffic analyzed, domain
>> registered, registrant does whatever they want, etc..) might well be
>> convenient, but I'm not sure it's what responsible or good looks
>> like.
> 
> Are you suggesting that the issue of exfiltration via ECI should be
> ignored until there is demonstrated harm?

No, not at all.  I'm saying that unless we can prove CI is effective 
(which I have seen no data to support) then the actual name collision 
risk is never mitigated and could manifest as a newly delegated TLD's 
SLD registrant running their own honeypot.

> Your comments above don’t appear to align with Verisign’s public
> comment submission Additional Comments on “Mitigating the Risk of
> DNS Namespace Collisions” Phase One Report [1], which reads:
> 
>> Verisign maintains its position that directing requesters to an
>> internal address during the controlled interruption period is
>> preferable to an external honeypot, because as previously stated, it
>> avoids “controlled exfiltration” where sensitive traffic from an
>> installed system – without the advance consent of the user or
>> system administrator – may be drawn outside the local network.
> 
> Am I not understanding something?

You should review the full comments, which also states:

"Although an installed system may well send traffic over unsecured 
networks all the time, it shouldn’t be “controlled” into doing so 
without its consent, especially without demonstrable evidence that no 
lower-risk mitigation measure is available."

That last bit is the operative part, I've seen no demonstrable evidence 
that suggests that CI is effective.


-dannyof20*