IETF Logo Mail Archive

Re: [DNSOP] Interim DNSOP WG meeting on Special Use Names: some reading material

Edward Lewis <edward.lewis@icann.org> Sat, 09 May 2015 17:28 UTC

Return-Path: <edward.lewis@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7306E1A1ADF for <dnsop@ietfa.amsl.com>; Sat, 9 May 2015 10:28:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VhQvANIaQJYY for <dnsop@ietfa.amsl.com>; Sat, 9 May 2015 10:28:22 -0700 (PDT)
Received: from out.west.pexch112.icann.org (pfe112-ca-2.pexch112.icann.org [64.78.40.10]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 302021A1AF0 for <dnsop@ietf.org>; Sat, 9 May 2015 10:28:21 -0700 (PDT)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-2.pexch112.icann.org (64.78.40.23) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Sat, 9 May 2015 10:28:18 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1044.021; Sat, 9 May 2015 10:28:18 -0700
From: Edward Lewis <edward.lewis@icann.org>
To: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [DNSOP] Interim DNSOP WG meeting on Special Use Names: some reading material
Thread-Index: AQHQiM2EQzpJgAEHlEW+E40c5ALkTZ1xS89fgAF1mgCAAC4yAIAAPGGAgAAuDoCAAL7rAIAANP2AgAAyW4A=
Date: Sat, 09 May 2015 17:28:18 +0000
Message-ID: <D17408ED.B76D%edward.lewis@icann.org>
References: <D173B791.B752%edward.lewis@icann.org> <20150509162755.63608.qmail@ary.lan>
In-Reply-To: <20150509162755.63608.qmail@ary.lan>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.9.150325
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.47.237]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="B_3514044489_46223379"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/AteRh0rK0W1ChrZVlzVEawpXPHw>
Subject: Re: [DNSOP] Interim DNSOP WG meeting on Special Use Names: some reading material
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 May 2015 17:28:29 -0000

On 5/9/15, 18:27, "John Levine" <johnl@taugh.com> wrote:

>>Besides Paul's valid "what if it's 100,000?", how does an engineer
>>distinguish between 100x people and 100x organized bots?
>
>I dunno.  How do we know that the traffic for .corp and .home is from
>people rather than botnets?

Through forensic analysis.  E.g., finding that Cert Auth's issued
certificates with ".corp" names.  And that some) CPE's defaulted to
".home".  Not saying that in a confrontational way.  Just that this makes
it pretty certain that the high query counts for those two were from
non-bots.  (Citing a report by Interisle:
https://www.icann.org/en/system/files/files/name-collision-02aug13-en.pdf)

>If that wasn't clear, of course I agree with you.  But we are writing
>policy, not software.  We're looking for evidence of substantial
>private use, which is something we decide by making human decisions,
>not by some mechanical packet counting formula.
>
>Having said all that, I'm certainly not opposed to collecting more
>data.  It's just not a substitute for making decisions.

And just not more, but the right data.

Keep in mind that there are two cases.  Names that are already "polluted"
and names that someone wants to innovate with.  In the former case, a
definition of "polluted" needs to be made being careful not to fall victim
to gaming.  For the latter case, the criteria would need to be different.
Assuming both cases are accommodated.

v2.23.0 | Report a Bug | By Email