nanog mailing list archives
Re: ICANN opens up Pandora's Box of new TLDs
From: "Christopher Morrow" <morrowc.lists () gmail com>
Date: Fri, 27 Jun 2008 22:22:52 -0400
On Fri, Jun 27, 2008 at 4:32 PM, Roger Marquis <marquis () roble com> wrote:
Phil Regnauld wrote: apply even cursory tests for domain name validity. Phishers and spammers will have a field day with the inevitable namespace collisions. It is, however, unfortunately consistent with ICANN's inability to address other security issues such as fast flush DNS, domain tasting (botnets), and requiring valid domain contacts.
Please do not conflate: 1) Fast flux 2) Botnets 3) Domain tasting 4) valid contact info These are separate and distinct issues... I'd point out that FastFlux is actually sort of how Akamai does it's job (inconsistent dns responses), Double-Flux (at least the traditional DF) isn't though certainly Akamai COULD do something similar to Double-Flux (and arguably does with some bits their services. The particular form 'Double-Flux' is certainly troublesome, but arguably TOS/AUP info at Registrars already deals with most of this because #4 in your list would apply... That or use of the domain for clearly illicit ends. Also, perhaps just not having Registrar's that solely deal in criminal activities would make this harder to accomplish... Botnets clearly are bad... I'm not sure they are related to ICANN in any real way though, so that seems like a red herring in the discussion. Domain tasting has solutions on the table (thanks drc for linkages) but was a side effect of some customer-satisfaction/buyers-remorse loopholes placed in the regs... the fact that someone figured out that computers could be used to take advantage of that loophole on a massive scale isn't super surprising. In the end though, it's getting fixed, perhaps slower than we'd all prefer, but still.
I have to conclude that ICANN has failed, simply failed, and should be returned to the US government. Perhaps the DHL would at least solicit for RFCs from the security community.
I'm not sure a shipping company really is the best place to solicit... or did you mean DHS? and why on gods green earth would you want them involved with this? -chris
Current thread:
- Re: ICANN opens up Pandora's Box of new TLDs, (continued)
- Re: ICANN opens up Pandora's Box of new TLDs Brandon Butterworth (Jun 26)
- RE: ICANN opens up Pandora's Box of new TLDs Martin Hannigan (Jun 26)
- RE: ICANN opens up Pandora's Box of new TLDs michael.dillon (Jun 27)
- Re: ICANN opens up Pandora's Box of new TLDs Balazs Laszlo (Jun 27)
- Re: ICANN opens up Pandora's Box of new TLDs Jeroen Massar (Jun 27)
- RE: ICANN opens up Pandora's Box of new TLDs Martin Hannigan (Jun 26)
- Re: ICANN opens up Pandora's Box of new TLDs Brandon Butterworth (Jun 26)
- Re: ICANN opens up Pandora's Box of new TLDs Eric Brunner-Williams (Jun 27)
- Re: ICANN opens up Pandora's Box of new TLDs David Conrad (Jun 27)
- Re: ICANN opens up Pandora's Box of new TLDs Christopher Morrow (Jun 27)
- Re: ICANN opens up Pandora's Box of new TLDs Roger Marquis (Jun 27)
- security relevance [was: ICANN opens up Pandora's Box of new TLDs] Gadi Evron (Jun 27)
- Re: ICANN opens up Pandora's Box of new TLDs Christopher Morrow (Jun 27)
- Re: ICANN opens up Pandora's Box of new TLDs Gadi Evron (Jun 27)
- Re: ICANN opens up Pandora's Box of new TLDs Christopher Morrow (Jun 27)
- TTL settings efficiency [was: ICANN opens up Pandora's Box of new TLDs] Gadi Evron (Jun 27)