All, Here are some initial questions/requests about the report. I will forward additional questions soon. Page 1: The report states that staff "consulted other appropriate and relevant sources of information". In the interest of transparency, I would appreciate having those sources be identified. As a general note, it may be helpful to all readers of the report if the issues reports included a bibliography or sources consulted section. Pages 6, 14: One interpretation of the reference to "domains in ccTLDs are targeted as well" is that there is no "lasting value" to developing gTLD policy regarding any issue that occurs in both gTLDs and ccTLDs. Is this interpretation intended? Pages 6, 14: Similarly, one interpretation of the reference to "static rules through a policy development process might be quickly undermined by intrepid cybercriminals" is that there can be "no lasting value" to developing gTLD policy regarding any issue that results from or is associated with cybercriminals because they move more quickly than the PDP and, as interpreted by one IPC member, "are smarter than we are". Is this interpretation intended? Page 8: For how long and on what scale has proxy redirection been used to maintain high availability and spread the network load? Page 9: Did more than one person describe evasion of "black holing" "anecdotally as a possible 'legitimate use'" of fast flux? Any evidence or research to suggest that it actually happens? Page 10: How likely is that fast flux hosting "could be significantly curtailed by changes in the way in which DNS registries and registrars currently operate"? Page 11: Is it technically possible now for registries and registrars to act in two ways set forth in report? Practically possible? If so, do they? If not, have reasons for not doing so been provided and, if so, what are they? (I have not included a scope clarification question because I understand that it has already bee posed.) Many thanks. Kristina
Please note a few comments below. Chuck ________________________________ From: owner-council@gnso.icann.org [mailto:owner-council@gnso.icann.org] On Behalf Of Rosette, Kristina Sent: Thursday, April 17, 2008 10:00 AM To: council@gnso.icann.org Subject: [council] Fast Flux Report - questions All, Here are some initial questions/requests about the report. I will forward additional questions soon. Page 1: The report states that staff "consulted other appropriate and relevant sources of information". In the interest of transparency, I would appreciate having those sources be identified. As a general note, it may be helpful to all readers of the report if the issues reports included a bibliography or sources consulted section. Pages 6, 14: One interpretation of the reference to "domains in ccTLDs are targeted as well" is that there is no "lasting value" to developing gTLD policy regarding any issue that occurs in both gTLDs and ccTLDs. Is this interpretation intended? CG: I obviously cannot answer the question about intention but I do think the point in the report is important for us to understand. If we develop a GNSO policy, it would be very easy for 'fast fluxers' to avoid the policy by using ccTLDs. That does not mean that we should not consider policy but, if we decide to pursue a PDP, it might indicate that this might be an issue for joint work with the ccNSO. Pages 6, 14: Similarly, one interpretation of the reference to "static rules through a policy development process might be quickly undermined by intrepid cybercriminals" is that there can be "no lasting value" to developing gTLD policy regarding any issue that results from or is associated with cybercriminals because they move more quickly than the PDP and, as interpreted by one IPC member, "are smarter than we are". Is this interpretation intended? Page 8: For how long and on what scale has proxy redirection been used to maintain high availability and spread the network load? Page 9: Did more than one person describe evasion of "black holing" "anecdotally as a possible 'legitimate use'" of fast flux? Any evidence or research to suggest that it actually happens? Page 10: How likely is that fast flux hosting "could be significantly curtailed by changes in the way in which DNS registries and registrars currently operate"? CG: This seems to be a very important question and one that would be useful in at least getting a rough response to before iniitiating a PDP. Why spend significant time on a PDP that may have little impact. Page 11: Is it technically possible now for registries and registrars to act in two ways set forth in report? Practically possible? If so, do they? If not, have reasons for not doing so been provided and, if so, what are they? CG: It is critical to keep in mind that even if registries and registrars can take steps as indicated in the report that might reduce fast fluxing, as the report points out some of those steps could have significant impact on 'innocent' parties. I can remember when we only updated TLD zone files (and root servers as well) only three times a week. I think that fast fluxing would not work well if that were the case today but there was great demand for much more frequent updates for legitimate reasons. In fact, beyond the general demand for more timely updates, we often received special requests for special zone updates to deal with what customers felt were emergency issues. (I have not included a scope clarification question because I understand that it has already bee posed.) Many thanks. Kristina
Kristina and all, Following are responses below from staff where we can. I believe some of your questions highlight the need for further study (possibly in more areas than we've identified in the report, as some of your questions suggest). Happy to try to answer further where we can, if you have more questions. I just want to note again too that given the short time frame to prepare the report, the breadth of sources we were able to draw upon were necessarily limited. I really like your idea about noting sources and including a bibliography when we prepare issues reports in the future, and I'm going to add this as a suggestion in our GNSO improvements process so that we capture this idea to consider in the development of a new policy development process. Liz ________________________________ From: owner-council@gnso.icann.org [mailto:owner-council@gnso.icann.org] On Behalf Of Rosette, Kristina Sent: Thursday, April 17, 2008 7:00 AM To: council@gnso.icann.org Subject: [council] Fast Flux Report - questions All, Here are some initial questions/requests about the report. I will forward additional questions soon. Page 1: The report states that staff "consulted other appropriate and relevant sources of information". In the interest of transparency, I would appreciate having those sources be identified. As a general note, it may be helpful to all readers of the report if the issues reports included a bibliography or sources consulted section. LG -- staff considered the SAC Advisory (SAC 025) and I also consulted extensively with Lyman Chapin. We referred to the email exchanges on the SSAC list during the period of time in which the SSAC folks were discussing fast flux and preparing SAC 025, the presentations and transcripts from the SSAC workshops in Los Angeles (http://losangeles2007.icann.org/node/78) and Delhi (http://delhi.icann.org/node/97), and informally with a few other sources. Pages 6, 14: One interpretation of the reference to "domains in ccTLDs are targeted as well" is that there is no "lasting value" to developing gTLD policy regarding any issue that occurs in both gTLDs and ccTLDs. Is this interpretation intended? LG -- Chuck's comment was right. There could be a benefit to coordinating with the ccNSO. Not making a judgment on "no lasting value". Pages 6, 14: Similarly, one interpretation of the reference to "static rules through a policy development process might be quickly undermined by intrepid cybercriminals" is that there can be "no lasting value" to developing gTLD policy regarding any issue that results from or is associated with cybercriminals because they move more quickly than the PDP and, as interpreted by one IPC member, "are smarter than we are". Is this interpretation intended? LG - That is why we mention the importance of developing best practices, which then can be enhanced and upgraded over time to keep up better with new techniques developed to undermine existing deterrent techniques. Perhaps a policy outcome might point to the need to adopt rigorous best practices and refresh on an ongoing basis. But my understanding on fast flux is that these best practices do not necessarily exist today, so the question might be how to encourage their development in a structured and focused way, as a necessary precursor to deciding how to encourage or require their widespread adoption. Might the GNSO Council take on a convening role here? Or encourage or direct in some other way? In this context, the inference of concern about "lasting value" of imposing a specific practice is intended. Page 8: For how long and on what scale has proxy redirection been used to maintain high availability and spread the network load? LG - We need to study this more. The key question I was raising is, "are there valid uses that need to be considered, that could be undermined if certain deterrent steps were imposed?" It is not clear from our cursory view how broadly this is used - seems also unlikely that there would be need for such constant and frequent fluxing in this context, but we couldn't determine for sure either way. Page 9: Did more than one person describe evasion of "black holing" "anecdotally as a possible 'legitimate use'" of fast flux? Any evidence or research to suggest that it actually happens? LG -- This is anecdotal and may only be one entity, another potential subject of further study. Page 10: How likely is that fast flux hosting "could be significantly curtailed by changes in the way in which DNS registries and registrars currently operate"? LG - Would need to study further. Page 11: Is it technically possible now for registries and registrars to act in two ways set forth in report? Practically possible? If so, do they? If not, have reasons for not doing so been provided and, if so, what are they? LG - Would need to study further. (I have not included a scope clarification question because I understand that it has already bee posed.) Many thanks. Kristina
Sorry to sound like a broken record, but the more I think about the issue, the more I am convinced that the best thing we could do as a Council before initiating a PDP is to develop very specific list of questions and form an expert panel that is tasked with trying to answer the questions. The expert panel could be formed from volunteers from the SSAC, the APWG, and constituencies that have expertise related to the use of fast flux. Such a panel could be given a relatively short timeline, assuming they can complete the work in that timeline. It is possible that, if the right experts are included, they might be able to respond to the questions in a month or two. Chuck ________________________________ From: owner-council@gnso.icann.org [mailto:owner-council@gnso.icann.org] On Behalf Of Liz Gasster Sent: Friday, April 18, 2008 3:19 PM To: Rosette, Kristina; council@gnso.icann.org Subject: [council] RE: Fast Flux Report - questions Kristina and all, Following are responses below from staff where we can. I believe some of your questions highlight the need for further study (possibly in more areas than we've identified in the report, as some of your questions suggest). Happy to try to answer further where we can, if you have more questions. I just want to note again too that given the short time frame to prepare the report, the breadth of sources we were able to draw upon were necessarily limited. I really like your idea about noting sources and including a bibliography when we prepare issues reports in the future, and I'm going to add this as a suggestion in our GNSO improvements process so that we capture this idea to consider in the development of a new policy development process. Liz ________________________________ From: owner-council@gnso.icann.org [mailto:owner-council@gnso.icann.org] On Behalf Of Rosette, Kristina Sent: Thursday, April 17, 2008 7:00 AM To: council@gnso.icann.org Subject: [council] Fast Flux Report - questions All, Here are some initial questions/requests about the report. I will forward additional questions soon. Page 1: The report states that staff "consulted other appropriate and relevant sources of information". In the interest of transparency, I would appreciate having those sources be identified. As a general note, it may be helpful to all readers of the report if the issues reports included a bibliography or sources consulted section. LG -- staff considered the SAC Advisory (SAC 025) and I also consulted extensively with Lyman Chapin. We referred to the email exchanges on the SSAC list during the period of time in which the SSAC folks were discussing fast flux and preparing SAC 025, the presentations and transcripts from the SSAC workshops in Los Angeles (http://losangeles2007.icann.org/node/78 <http://losangeles2007.icann.org/node/78> ) and Delhi (http://delhi.icann.org/node/97 <http://delhi.icann.org/node/97> ), and informally with a few other sources. Pages 6, 14: One interpretation of the reference to "domains in ccTLDs are targeted as well" is that there is no "lasting value" to developing gTLD policy regarding any issue that occurs in both gTLDs and ccTLDs. Is this interpretation intended? LG -- Chuck's comment was right. There could be a benefit to coordinating with the ccNSO. Not making a judgment on "no lasting value". Pages 6, 14: Similarly, one interpretation of the reference to "static rules through a policy development process might be quickly undermined by intrepid cybercriminals" is that there can be "no lasting value" to developing gTLD policy regarding any issue that results from or is associated with cybercriminals because they move more quickly than the PDP and, as interpreted by one IPC member, "are smarter than we are". Is this interpretation intended? LG - That is why we mention the importance of developing best practices, which then can be enhanced and upgraded over time to keep up better with new techniques developed to undermine existing deterrent techniques. Perhaps a policy outcome might point to the need to adopt rigorous best practices and refresh on an ongoing basis. But my understanding on fast flux is that these best practices do not necessarily exist today, so the question might be how to encourage their development in a structured and focused way, as a necessary precursor to deciding how to encourage or require their widespread adoption. Might the GNSO Council take on a convening role here? Or encourage or direct in some other way? In this context, the inference of concern about "lasting value" of imposing a specific practice is intended. Page 8: For how long and on what scale has proxy redirection been used to maintain high availability and spread the network load? LG - We need to study this more. The key question I was raising is, "are there valid uses that need to be considered, that could be undermined if certain deterrent steps were imposed?" It is not clear from our cursory view how broadly this is used - seems also unlikely that there would be need for such constant and frequent fluxing in this context, but we couldn't determine for sure either way. Page 9: Did more than one person describe evasion of "black holing" "anecdotally as a possible 'legitimate use'" of fast flux? Any evidence or research to suggest that it actually happens? LG -- This is anecdotal and may only be one entity, another potential subject of further study. Page 10: How likely is that fast flux hosting "could be significantly curtailed by changes in the way in which DNS registries and registrars currently operate"? LG - Would need to study further. Page 11: Is it technically possible now for registries and registrars to act in two ways set forth in report? Practically possible? If so, do they? If not, have reasons for not doing so been provided and, if so, what are they? LG - Would need to study further. (I have not included a scope clarification question because I understand that it has already bee posed.) Many thanks. Kristina
Liz, Many thanks for the speedy response. I have some additional follow up questions, which I've inserted in my original message below. Kristina ________________________________ From: Liz Gasster [mailto:liz.gasster@icann.org] Sent: Friday, April 18, 2008 3:19 PM To: Rosette, Kristina; council@gnso.icann.org Subject: RE: Fast Flux Report - questions Kristina and all, Following are responses below from staff where we can. I believe some of your questions highlight the need for further study (possibly in more areas than we've identified in the report, as some of your questions suggest). Happy to try to answer further where we can, if you have more questions. I just want to note again too that given the short time frame to prepare the report, the breadth of sources we were able to draw upon were necessarily limited. I really like your idea about noting sources and including a bibliography when we prepare issues reports in the future, and I'm going to add this as a suggestion in our GNSO improvements process so that we capture this idea to consider in the development of a new policy development process. Liz ________________________________ From: owner-council@gnso.icann.org [mailto:owner-council@gnso.icann.org] On Behalf Of Rosette, Kristina Sent: Thursday, April 17, 2008 7:00 AM To: council@gnso.icann.org Subject: [council] Fast Flux Report - questions All, Here are some initial questions/requests about the report. I will forward additional questions soon. Page 1: The report states that staff "consulted other appropriate and relevant sources of information". In the interest of transparency, I would appreciate having those sources be identified. As a general note, it may be helpful to all readers of the report if the issues reports included a bibliography or sources consulted section. LG -- staff considered the SAC Advisory (SAC 025) and I also consulted extensively with Lyman Chapin. We referred to the email exchanges on the SSAC list during the period of time in which the SSAC folks were discussing fast flux and preparing SAC 025, the presentations and transcripts from the SSAC workshops in Los Angeles (http://losangeles2007.icann.org/node/78 <http://losangeles2007.icann.org/node/78> ) and Delhi (http://delhi.icann.org/node/97 <http://delhi.icann.org/node/97> ), and informally with a few other sources. Pages 6, 14: One interpretation of the reference to "domains in ccTLDs are targeted as well" is that there is no "lasting value" to developing gTLD policy regarding any issue that occurs in both gTLDs and ccTLDs. Is this interpretation intended? LG -- Chuck's comment was right. There could be a benefit to coordinating with the ccNSO. Not making a judgment on "no lasting value". KR - The referenced statement appears in a paragraph that begins with reference to the General Counsel's opinion. I will direct my question to that office. Pages 6, 14: Similarly, one interpretation of the reference to "static rules through a policy development process might be quickly undermined by intrepid cybercriminals" is that there can be "no lasting value" to developing gTLD policy regarding any issue that results from or is associated with cybercriminals because they move more quickly than the PDP and, as interpreted by one IPC member, "are smarter than we are". Is this interpretation intended? LG - That is why we mention the importance of developing best practices, which then can be enhanced and upgraded over time to keep up better with new techniques developed to undermine existing deterrent techniques. Perhaps a policy outcome might point to the need to adopt rigorous best practices and refresh on an ongoing basis. But my understanding on fast flux is that these best practices do not necessarily exist today, so the question might be how to encourage their development in a structured and focused way, as a necessary precursor to deciding how to encourage or require their widespread adoption. Might the GNSO Council take on a convening role here? Or encourage or direct in some other way? In this context, the inference of concern about "lasting value" of imposing a specific practice is intended. KR - same comment as above. Page 8: For how long and on what scale has proxy redirection been used to maintain high availability and spread the network load? LG - We need to study this more. The key question I was raising is, "are there valid uses that need to be considered, that could be undermined if certain deterrent steps were imposed?" It is not clear from our cursory view how broadly this is used - seems also unlikely that there would be need for such constant and frequent fluxing in this context, but we couldn't determine for sure either way. KR - I am confused. Are you saying that it couldn't be determined for sure (a) how widely proxy redirection has been used in this way; and (b) whether there is a need for fast flux in the context of proxy redirection? Page 9: Did more than one person describe evasion of "black holing" "anecdotally as a possible 'legitimate use'" of fast flux? Any evidence or research to suggest that it actually happens? LG -- This is anecdotal and may only be one entity, another potential subject of further study. KR - I understand your answers to be "No, only one person described evasion of black holing anecdotally as a possible legitimate use of fast flux. No, there is no evidence or research to suggest that it actually happens." Is my understanding incorrect? Page 10: How likely is that fast flux hosting "could be significantly curtailed by changes in the way in which DNS registries and registrars currently operate"? LG - Would need to study further. Page 11: Is it technically possible now for registries and registrars to act in two ways set forth in report? Practically possible? If so, do they? If not, have reasons for not doing so been provided and, if so, what are they? LG - Would need to study further. KR - I am confused. If the answers to these questions require further study, what is the factual basis for the statement in the report that " Registries and registrars can curb the practice in two ways . . .. "? (I have not included a scope clarification question because I understand that it has already bee posed.) Many thanks. Kristina
participants (3)
-
Gomes, Chuck
-
Liz Gasster
-
Rosette, Kristina