IETF Logo Mail Archive

Re: [DNSOP] Interim DNSOP WG meeting on Special Use Names: some reading material

Edward Lewis <edward.lewis@icann.org> Sat, 09 May 2015 11:18 UTC

Return-Path: <edward.lewis@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50D021A7004 for <dnsop@ietfa.amsl.com>; Sat, 9 May 2015 04:18:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.311
X-Spam-Level:
X-Spam-Status: No, score=-2.311 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MlHLb0wYwT6V for <dnsop@ietfa.amsl.com>; Sat, 9 May 2015 04:18:28 -0700 (PDT)
Received: from out.west.pexch112.icann.org (pfe112-ca-2.pexch112.icann.org [64.78.40.10]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 044221A6FFA for <dnsop@ietf.org>; Sat, 9 May 2015 04:18:28 -0700 (PDT)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-2.pexch112.icann.org (64.78.40.23) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Sat, 9 May 2015 04:18:25 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1044.021; Sat, 9 May 2015 04:18:25 -0700
From: Edward Lewis <edward.lewis@icann.org>
To: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [DNSOP] Interim DNSOP WG meeting on Special Use Names: some reading material
Thread-Index: AQHQiM2EQzpJgAEHlEW+E40c5ALkTZ1xS89fgAF1mgCAAC4yAIAAPGGAgAAuDoCAAL7rAA==
Date: Sat, 09 May 2015 11:18:24 +0000
Message-ID: <D173B791.B752%edward.lewis@icann.org>
References: <20150508193400.55273.qmail@ary.lan> <FF464258-0C33-45CC-A684-BAB7BCE8A8FB@gmail.com> <alpine.OSX.2.11.1505082118060.31363@ary.lan>
In-Reply-To: <alpine.OSX.2.11.1505082118060.31363@ary.lan>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.9.150325
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.47.237]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="B_3514022296_45737181"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/KOTzxCsfCJky-2VReJTAPbJKoSc>
Subject: Re: [DNSOP] Interim DNSOP WG meeting on Special Use Names: some reading material
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 May 2015 11:18:29 -0000

Playing "devil's advocate"
(http://en.wikipedia.org/wiki/Devil%27s_advocate):


On 5/9/15, 3:54, "John R Levine" <johnl@taugh.com> wrote:

>Let's say we found that there's some online thing we never heard of
>before, but it turns out that 100,000,000 people in India and China use
>it, it uses private names in .SECRET, and people looking at DNS logs
>confirm that they're seeing leakage of .SECRET names.  Beyond rolling our
>eyes and saying we wish they hadn't done that, what else should we do?
>Why shouldn't we reserve it?  The number of possible TLDs is effectively
>unlimited, striking one more off the list that might be sold in the
>future 
>doesn't matter.  This is engineering, not ideally what we might have done
>with a blank slate, but the best we can do under the circumstances.

Besides Paul's valid "what if it's 100,000?", how does an engineer
distinguish between 100x people and 100x organized bots?

My question adds to what David is saying - we need solid criteria.  (Just
to be clear, he is my boss but this does not represent any opinion on
behalf of our employer.)  The criteria of just seeing queries is, I'll
say, naive, because it's so obviously vulnerable to gaming.  (Not saying
the data to date has evidence of being gamed, but it wouldn't be hard to
pull this off.)  (And why data collections efforts are not publicly
announced, so as to limit anyone from prepping to game.)

If there is a group of people using an identifier as you describe, then
I'd suspect there would be other evidence than just the log of leaked
queries.  (What if they don't leak?)  Criteria based on the other evidence
would likely be stronger than just counts of leaked queries.

v2.23.0 | Report a Bug | By Email