IETF Logo Mail Archive

Re: [DNSOP] Interim DNSOP WG meeting on Special Use Names: some reading material

"John Levine" <johnl@taugh.com> Sat, 09 May 2015 16:28 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB4A61A88F7 for <dnsop@ietfa.amsl.com>; Sat, 9 May 2015 09:28:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.663
X-Spam-Level: *
X-Spam-Status: No, score=1.663 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ygVP6WI-M8wM for <dnsop@ietfa.amsl.com>; Sat, 9 May 2015 09:28:20 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B00621A002D for <dnsop@ietf.org>; Sat, 9 May 2015 09:28:19 -0700 (PDT)
Received: (qmail 57602 invoked from network); 9 May 2015 16:28:20 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 9 May 2015 16:28:20 -0000
Date: Sat, 09 May 2015 16:27:55 -0000
Message-ID: <20150509162755.63608.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
In-Reply-To: <D173B791.B752%edward.lewis@icann.org>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/S3AtoWSm1Va1AsY4CPBJCA1mIv8>
Cc: edward.lewis@icann.org
Subject: Re: [DNSOP] Interim DNSOP WG meeting on Special Use Names: some reading material
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 May 2015 16:28:20 -0000

>Besides Paul's valid "what if it's 100,000?", how does an engineer
>distinguish between 100x people and 100x organized bots?

I dunno.  How do we know that the traffic for .corp and .home is from
people rather than botnets?

>If there is a group of people using an identifier as you describe, then
>I'd suspect there would be other evidence than just the log of leaked
>queries.  (What if they don't leak?)  Criteria based on the other evidence
>would likely be stronger than just counts of leaked queries.

If that wasn't clear, of course I agree with you.  But we are writing
policy, not software.  We're looking for evidence of substantial
private use, which is something we decide by making human decisions,
not by some mechanical packet counting formula.

Having said all that, I'm certainly not opposed to collecting more
data.  It's just not a substitute for making decisions.

R's,
John

v2.23.0 | Report a Bug | By Email