-----Original Message-----
From: Christopher Morrow [mailto:[email protected]]
Sent: Friday, June 27, 2008 7:23 PM
To: Roger Marquis
Cc: [email protected]
Subject: Re: ICANN opens up Pandora's Box of new TLDs
On Fri, Jun 27, 2008 at 4:32 PM, Roger Marquis
<[email protected]> wrote:
Phil Regnauld wrote:
apply even cursory tests for domain name validity. Phishers and
spammers will have a field day with the inevitable namespace
collisions. It is, however, unfortunately consistent with ICANN's
inability to address other security issues such as fast flush DNS,
domain tasting (botnets), and requiring valid domain contacts.
Please do not conflate:
1) Fast flux
2) Botnets
3) Domain tasting
4) valid contact info
These are separate and distinct issues... I'd point out that
FastFlux is actually sort of how Akamai does it's job
(inconsistent dns responses), Double-Flux (at least the
traditional DF) isn't though certainly Akamai COULD do
something similar to Double-Flux (and arguably does with some
bits their services. The particular form 'Double-Flux' is
certainly troublesome, but arguably TOS/AUP info at
Registrars already deals with most of this because #4 in your
list would apply... That or use of the domain for clearly
illicit ends.
Also, perhaps just not having Registrar's that solely deal in
criminal activities would make this harder to accomplish...
Botnets clearly are bad... I'm not sure they are related to
ICANN in any real way though, so that seems like a red
herring in the discussion.
Domain tasting has solutions on the table (thanks drc for
linkages) but was a side effect of some
customer-satisfaction/buyers-remorse
loopholes placed in the regs... the fact that someone figured
out that computers could be used to take advantage of that
loophole on a massive scale isn't super surprising. In the
end though, it's getting fixed, perhaps slower than we'd all
prefer, but still.
I have to conclude that ICANN has failed, simply failed,
and should be
returned to the US government. Perhaps the DHL would at
least solicit
for RFCs from the security community.
I'm not sure a shipping company really is the best place to solicit...
or did you mean DHS? and why on gods green earth would you
want them involved with this?
-chris