Fast Flux Report - questions

Please note a few comments below.

Chuck

From: owner-council@gnso.icann.org [mailto:owner-council@gnso.icann.org] On Behalf Of Rosette, Kristina
Sent: Thursday, April 17, 2008 10:00 AM
To: council@gnso.icann.org
Subject: [council] Fast Flux Report - questions

All,

Here are some initial questions/requests about the report. I will forward additional questions soon.

Page 1: The report states that staff "consulted other appropriate and relevant sources of information". In the interest of transparency, I would appreciate having those sources be identified. As a general note, it may be helpful to all readers of the report if the issues reports included a bibliography or sources consulted section.

Pages 6, 14: One interpretation of the reference to "domains in ccTLDs are targeted as well" is that there is no "lasting value" to developing gTLD policy regarding any issue that occurs in both gTLDs and ccTLDs. Is this interpretation intended?

CG: I obviously cannot answer the question about intention but I do think the point in the report is important for us to understand. If we develop a GNSO policy, it would be very easy for 'fast fluxers' to avoid the policy by using ccTLDs. That does not mean that we should not consider policy but, if we decide to pursue a PDP, it might indicate that this might be an issue for joint work with the ccNSO.

Pages 6, 14: Similarly, one interpretation of the reference to "static rules through a policy development process might be quickly undermined by intrepid cybercriminals" is that there can be "no lasting value" to developing gTLD policy regarding any issue that results from or is associated with cybercriminals because they move more quickly than the PDP and, as interpreted by one IPC member, "are smarter than we are". Is this interpretation intended?

Page 8: For how long and on what scale has proxy redirection been used to maintain high availability and spread the network load?

Page 9: Did more than one person describe evasion of "black holing" "anecdotally as a possible 'legitimate use'" of fast flux? Any evidence or research to suggest that it actually happens?

Page 10: How likely is that fast flux hosting "could be significantly curtailed by changes in the way in which DNS registries and registrars currently operate"?

CG: This seems to be a very important question and one that would be useful in at least getting a rough response to before iniitiating a PDP. Why spend significant time on a PDP that may have little impact.

Page 11: Is it technically possible now for registries and registrars to act in two ways set forth in report? Practically possible? If so, do they? If not, have reasons for not doing so been provided and, if so, what are they?

CG: It is critical to keep in mind that even if registries and registrars can take steps as indicated in the report that might reduce fast fluxing, as the report points out some of those steps could have significant impact on 'innocent' parties. I can remember when we only updated TLD zone files (and root servers as well) only three times a week. I think that fast fluxing would not work well if that were the case today but there was great demand for much more frequent updates for legitimate reasons. In fact, beyond the general demand for more timely updates, we often received special requests for special zone updates to deal with what customers felt were emergency issues.

(I have not included a scope clarification question because I understand that it has already bee posed.)

Many thanks.

Kristina