Re: *Possible Spam *RE: [Asrg] criteria for spam V2

<ritual line-eater food>

During a conference call (organized by, but not limited to members of, the
ICANN Registrar Constituency) today, the second of three prior to the ICANN
meeting in Montreal later this month, on the perenial subject of WHOIS:43,
through all the usual clutter, one germ fell from the USPTO presentation.

A rational for (skip the bogosity of) unrestricted, accurate, and intrusive
domain name registrant data being available via whois:43, is timely pursuit
of bad actors, who switch servers.

This is where I want everyone to pause, and look away from the screen for
a heart beat.

The temporal properties of bad actors. Their "switching time", their TTL.

Bad actors acquire, utilize, and discard interdictable resources to avoid
interdiction (or interposition of null service by some service operator).

I didn't press the USPTO presenter on the common case inter-provider
transition window, but I suspect it -- their "hop time" -- is multi-day. 

In our (worst) case of robo-spam, the A-U-D sequence has a time horizon
that is sub-day, even sub-hour (time for null service to be provided on
the serviced receiver-set).

Presently, bad actors (trademark and/or copyright infringers) are known
to "twinkle" in the DNS (jump from web host to web host) to avoid going
dark. The signalling system in place is

	while (1) {
		IPR claimant -> Registrar::whois:43 -> web host
		IPR infringer -> new(web host) && new(DNS)
	}

Wearing a Registrar's hat, it is trivial to insert a wait-bit into the
data some DNS publisher might check prior to modifying the mappings for
a name, or otherwise interpose a delay service on mapping changes for a
domain. Getting the arbitrary DNS provider to check is another problem.
This gets the last line to this:

		IPR infringer -> new(web host) && wait(new(DNS))

Presumably, going "steady" allows the IPR claimant to catch up with
the IPR infringer, and allow some administrative, judicial, or extra
legal recourse to the claimant, resulting in the infringer going "dark".

Getting IPR infringers in the DNS to "go dark" is the big win in that
problem domain, and as soon as I heard "switch web host" I was thinking
about update timers and how to signal between the DNS provisioning and
DNS publication systems.

Clearly, this problem is not a superset of the problem space we face here,
the domain name, or control of the name-to-address map, is not a transient
asset with no inherent value to the bad actor, unlike the name, addr, even
host for robo-host spam-streams, this is rather, one of the subsets we do
face.

I'm going to put this in I-D form, I've got some time on my hands before
the ICANN shindig. This note is a FYI that some ID is forthcomming, and
if I'm gifted, I'll manage not to mention either "whois" or "spam" at all.

Note well: Comments about the brain death of whois, or whois lovers and
whois haters is a sure sign of stupidity. Ditto anything about the poor
hygine of anything connected with ICANN. The only thing of interest here
is the temporal use properties of infrastructure mediated resources by bad
actors, who's bad actor model does not allow them to discard a resource
and acquire a fungible equivalent.

Cheers,
Eric
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg