Chuck, I agree with that approach. In fact, the
exchange of questions
and the answers below exemplify why such an
approach is necessary.
Tim
-------- Original Message --------
Subject: RE: [council] RE: Fast Flux Report -
questions
Date: Fri, April 18, 2008 2:52 pm
Sorry to sound like a broken record, but the more I
think about the
issue, the more I am convinced that the best thing
we could do as a
Council before initiating a PDP is to develop very
specific list of
questions and form an expert panel that is tasked
with trying to answer
the questions.
The expert panel could be formed from volunteers from
the SSAC, the APWG, and constituencies that have
expertise related to
the use of fast flux. Such a panel could be given a relatively
short
timeline, assuming they can complete the work in
that timeline. It is
possible that, if the right experts are included,
they might be able to
respond to the questions in a month or two.
Chuck
On Behalf Of Liz Gasster
Sent: Friday, April 18, 2008 3:19 PM
Subject: [council] RE: Fast Flux Report -
questions
Kristina and all,
Following are responses below from staff where we
can. I believe some
of your questions highlight the need for further
study (possibly in more
areas than we've identified in the report, as some
of your questions
suggest).
Happy to try to answer further where we can, if you
have more questions.
I just
want to note again too that given the short time frame to
prepare the report, the breadth of sources we were
able to draw upon
were necessarily limited. I really like your idea about noting
sources
and including a bibliography when we prepare issues
reports in the
future, and I'm going to add this as a suggestion
in our GNSO
improvements process so that we capture this idea
to consider in the
development of a new policy development process.
Liz
On Behalf Of Rosette, Kristina
Sent: Thursday, April 17, 2008 7:00 AM
Subject: [council] Fast Flux Report -
questions
All,
Here are some initial questions/requests about the
report. I will
forward additional questions soon.
Page 1:
The report states that staff "consulted other appropriate and
relevant sources of information". In the interest of transparency, I
would appreciate having those sources be
identified. As a general
note, it may be helpful to all readers of the
report if the issues
reports included a bibliography or sources
consulted section.
LG -- staff considered the SAC Advisory (SAC 025)
and I also consulted
extensively with Lyman Chapin. We referred to the email exchanges
on
the SSAC list during the period of time in which
the SSAC folks were
discussing fast flux and preparing SAC 025, the presentations
and
transcripts from the SSAC workshops in Los
Angeles
other sources.
Pages 6, 14:
One interpretation of the reference to "domains in ccTLDs
are targeted as well" is that there is no "lasting
value" to developing
gTLD policy regarding any issue that occurs in both
gTLDs and ccTLDs.
Is this interpretation intended?
LG --
Chuck's comment was right. There
could be a benefit to
coordinating with the ccNSO. Not making a judgment on "no
lasting
value".
Pages 6, 14:
Similarly, one interpretation of the reference to "static
rules through a policy development process might be
quickly undermined
by intrepid cybercriminals" is that there can be
"no lasting value" to
developing gTLD policy regarding any issue that
results from or is
associated with cybercriminals because they move
more quickly than the
PDP and, as interpreted by one IPC member, "are
smarter than we are".
Is this interpretation intended?
LG - That is why we mention the importance of
developing best practices,
which then can be enhanced and upgraded over time
to keep up better with
new techniques developed to undermine existing
deterrent techniques.
Perhaps a policy outcome might point to the need to
adopt rigorous best
practices and refresh on an ongoing basis. But my understanding on fast
flux is that these best practices do not
necessarily exist today, so the
question might be how to encourage their
development in a structured and
focused way, as a necessary precursor to deciding
how to encourage or
require their widespread adoption. Might the GNSO Council take on a
convening role here? Or encourage or direct in some other
way? In this
context, the inference of concern about "lasting
value" of imposing a
specific practice is intended.
Page 8:
For how long and on what scale has proxy redirection been used
to maintain high availability and spread the
network load?
LG - We need to study this more. The key question I was raising is,
"are there valid uses that need to be considered,
that could be
undermined if certain deterrent steps were
imposed?" It is not clear
from our cursory view how broadly this is used -
seems also unlikely
that there would be need for such constant and
frequent fluxing in this
context, but we couldn't determine for sure either
way.
Page 9:
Did more than one person describe evasion of "black holing"
"anecdotally as a possible 'legitimate use'" of
fast flux? Any evidence
or research to suggest that it actually happens?
LG -- This is anecdotal and may only be one entity,
another potential
subject of further study.
Page 10:
How likely is that fast flux hosting "could be significantly
curtailed by changes in the way in which DNS
registries and registrars
currently operate"?
LG - Would need to study further.
Page 11:
Is it technically possible now for registries and registrars
to act in two ways set forth in report? Practically possible? If so,
do they?
If not, have reasons for not doing so been provided and, if
so, what are they?
LG - Would need to study further.
(I have not included a scope clarification question
because I understand
that it has already bee posed.)
Many thanks.
Kristina