[NCAP-Discuss] Outline of possible phases

Rubens Kuhl rubensk at nic.br
Wed Aug 2 21:42:21 UTC 2023 

Phase 1:
TRT looks into data from DITL, from L-Root and from OSINT about that string.
NPT asks IANA for delegation of string into the root.

Option 1: Delegated zone only contains SOA, dotless NS, dotless DNSKEY, NSEC records and RRSIGs for all the records.
Option 2: Delegated zone contains records for Google Ads and for an ad-network popular in China (Geoff Houston style, expanded to cover countries that block Google).

Duration: no more and no less than 30 days.
Timing: can start right after “Reveal Day”.
Order: follows the application evaluation order (“ICANN Draw”) (even though is done per string, not per application)
Pace: set by IANA to always have spare capacity following RSSAC/OCTO guidance on root zone scaling

Question for the DG: do we pick one of the options above or leave that to TRT discretion to decide based on DITL/L-Root/OSINT ? If the later, we should probably separate these phases.

Phase 2: (optional)
TRT looks into data from phase 1, and if there is concern of possible issues, decides whether to run or not phase 2. The data collection basis for this phase is the phase 1 report showing that there are possible collision issues.

Option 1: Minimal honeypot
Option 1A: Minimal honeypot RSTs all TCP (what about SPDY ?) and returns unreachable for UDP and ICMP
Option 1B: Minimal honeypot just don’t answer anything
Option 2: Controlled Interruption
DNS servers respond with a wildcard with A, AAAA and SRV records (like 2012 CI)
Option 3: Ads-based measurement, if Phase 1 is kept to only be an empty zone

Duration: no more than 90 days, on TRT’s discretion to end it before 90 days.
Timing: if going to be performed, it needs to start no more than 30 days after phase 1, but should start sooner if allowed by TRT workload

Requirement: DNS servers and DS record is unchanged in the root zone from phase 1, to minimize RZM load. Only zone content changes.

Question for the DG: do we pick one of the options above or leave that to TRT discretion to decide based on phase 1 ?




Rubens
PS: PCA and ACA omitted to not harm any feelings. ;-)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <https://mm.icann.org/pipermail/ncap-discuss/attachments/20230802/fb10c344/signature.asc>

More information about the NCAP-Discuss mailing list