[NCAP-Discuss] why enhanced controlled interruption - not legal
Danny McPherson
danny at tcb.net
Sat Feb 26 00:11:49 UTC 2022
On 2022-02-25 18:28, Jeff Schmidt wrote:
>> "Although an installed system may well send traffic over unsecured
>> networks all the time, it shouldn’t be “controlled” into doing so
>> without its consent, especially without demonstrable evidence that no
>> lower-risk mitigation measure is available."
>>
>> That last bit is the operative part, I've seen no demonstrable
>> evidence
>> that suggests that CI is effective.
>
> Agree, the last part is the operative part. Verisign of 2014 and Danny
> of 20* : - ) correctly recognize that a successor to CI must be
> "lower-risk." It doesn't say "generate more data" it says
> "lower-risk." There is no world in which any honeypot approach is
> "lower risk" than CI.
Indeed. CI certainly minimizes the risk to ICANN and the TLD operator,
just not sure it does for end users (i.e., those vulnerable to the
collisions). To that point, it also says "mitigation"...
Even then, the last sentence of S.2 of that comment says: "And in any
case, a qualitative assessment of name collision risk per new gTLD and
SLD, as ICANN set out to accomplish, followed by a targeted mitigation
of the risk, would be much preferable to either of the choices
contemplated in this discussion." That's what Verisign and WK did that
resulted in billions of queries per day going away, and we did with .CBA
and the like prior to that.
I encourage everyone to re-read that comment in it's entirety if you're
actually interested, cherry picking phrases loses context.
And again, I think CI is clever, just not convinced [yet?] of the
efficacy and am pleased to see Casey's analysis - which surely would
have been much easier if there had simply been reporting obligations for
registry operators while the TLD was in CI mode.
-danny
More information about the NCAP-Discuss
mailing list