nanog mailing list archives

Re: On-going Internet Emergency and Domain Names

From: Paul Vixie <paul () vix com>
Date: Sun, 01 Apr 2007 15:39:32 +0000

From: Dave Crocker <dcrocker () bbiw net>
To: Paul Vixie <paul () vix com>, nanog () merit edu, Gadi Evron <ge () linuxbox org>
Subject: Re: On-going Internet Emergency and Domain Names

offlist.


actually, not, according to the headers shown above.

Paul Vixie wrote:

a push-pull.  first, advance the current effort to get registrars and
dynamic-dns providers to share information about bad CC#'s, bad customers,
bad domains, whatever.  arrange things so that a self-vetting society of
both in-industry and ombudsmen have the communications fabric they need to
behave responsibly.  push hard on this, make sure everybody hears about it
and that the newspapers are full of success stories about it.


IP Address blacklists are a sufficiently solid staple of email anti-abuse
effort, that I suspect similar approaches, for other information tidbits,
would be quite useful.


as the inventor of the internet's first ip address blackhole list (not
"blacklist"), i agree that it's a solid staple, but i'm not sure it was
the most effective 10-year plan we could have made at the time, had we
been making 10-year plans.

This is less about "shaming" and more about filtering.  In this case,
filtering at DNS registration time, ISP account setup, or the like.


agreed.  i'd be happy to see the DNS registration "front end" (one of its
"edges") gain some kind of reputation filtering.  i just don't want to see
"core"-level filtering like we did in e-mail, unless it's at the customer-
facing ("edge") level, like Trend ICSS offers.

The difficulties, here, are to a) establish a credible organization for
creating and maintaining the list(s), b) getting folks to submit data to
it, and c) getting folks to use it.


those are Gadi's three areas of strength and i'd help him if he did this.

Since there is quite a lot of track-record on doing this -- both well and
poorly -- the challenge here is all about implementation, rather than
design, of the service.


having designed a reputation system inadequately once upon a time, i think
it's important to get both the design and implementation right.

Current thread:

Re: ICANNs role [was: Re: On-going ...], (continued)
- - - Re: ICANNs role [was: Re: On-going ...] Joe Greco (Apr 03)
    - RE: ICANNs role [was: Re: On-going ...] michael.dillon (Apr 03)
    - Re: ICANNs role [was: Re: On-going ...] Donald Stahl (Apr 03)
    - Re: ICANNs role [was: Re: On-going ...] Simon Waters (Apr 03)
    - Re: On-going Internet Emergency and Domain Names Douglas Otis (Apr 02)
    - Re: On-going Internet Emergency and Domain Names Patrick Giagnocavo (Apr 02)
    - Re: On-going Internet Emergency and Domain Names Tony Finch (Apr 02)
    - Re: On-going Internet Emergency and Domain Names Adrian Chadd (Apr 02)
    - Re: On-going Internet Emergency and Domain Names Gadi Evron (Apr 03)
    - Re: On-going Internet Emergency and Domain Names John Levine (Apr 03)
- Re: On-going Internet Emergency and Domain Names Paul Vixie (Apr 01)
- Re: On-going Internet Emergency and Domain Names David Conrad (Apr 01)
  - Re: On-going Internet Emergency and Domain Names Douglas Otis (Apr 01)
    - Re: On-going Internet Emergency and Domain Names Roland Dobbins (Apr 01)
    - Re: On-going Internet Emergency and Domain Names Douglas Otis (Apr 01)
    - Re: On-going Internet Emergency and Domain Names Roland Dobbins (Apr 01)
    - Re: On-going Internet Emergency and Domain Names Douglas Otis (Apr 01)
    - Re: On-going Internet Emergency and Domain Names Cat Okita (Apr 01)
    - Re: On-going Internet Emergency and Domain Names Gadi Evron (Apr 01)
    - Re: On-going Internet Emergency and Domain Names Roland Dobbins (Apr 01)
    - Re: On-going Internet Emergency and Domain Names Chris L. Morrow (Apr 01)

(Thread continues...)