On Apr 2, 2007, at 6:29 PM, David Conrad wrote:
On Apr 1, 2007, at 8:45 AM, Gadi Evron wrote:
On Sun, 1 Apr 2007, David Conrad wrote:
On Mar 31, 2007, at 8:44 PM, Gadi Evron wrote:
I'm not clear what "this realm" actually is.
Abuse and Security (non infrastructure).
Well, ICANN is supposed to look after the "security and stability"
of the Internet, which is sufficiently vague and ambiguous to cover
pretty much anything. I was actually looking for something a bit
more concrete.
The one concrete suggestion I've seen is to induce a delay in zone
creation and publish a list of newly created names within the
zone. The problem with this is that is sort of assumes:
a) the registries all work on similar timescales
b) that timescale is on the order of a day
c) ICANN has a mechanism to induce the registries to make changes
to those timescales
d) making changes along these lines would be what end users
actually want.
Of these options:
- (a) isn't true (by observation)
- (b) is currently true for com/net, but I don't expect that to
last -- I've heard there is a lot of competitive pressure on the
registries to be faster in doing zone modifications
- (c) I don't think is true now for even those TLDs ICANN has a
contractual relationship with and is highly unlikely to ever be
true for the vast majority of TLDs
- (d) probably isn't true, given lots of people complain about how
long it takes to get zone changes done now and I believe registries
are working to reduce the amount of time significantly due to
customer demand.
Even if a delay were imposed, I'm not sure I see how this would
actually help as I would assume it would require folks to actually
look at the list of newly created domains and discriminate between
the ones that were created for good and the ones created for ill.
How would one do this?
Good points.
The suggestion was to preview the addition of domains 24 hours in
advance of being published. This can identify look-alike and cousin
domain exploits, and establish a watch list when necessary. A
preview provides valuable information for tracking bad actors and for
setting up more effective defenses as well.
Should a 24 hour delay on updates prove unworkable, one method might
be to flag new domains. The flag would cause the record to remain
hidden until the flag is removed. Perhaps IN could be set to
something else as a signal the record is being previewed. The
registrar would not see the flag, but would see the information as it
would appear when finally published. Nothing should appear different
from the registrar's perspective. It would also be good to establish
feeds to interested parties of modifications as they occur.
Currently domain name additions are accomplished in milli-seconds,
but then reported after 24 hours. This agility is being heavily
abused by bad actors hiding within the daily churn of millions of new
domains. A preview mode of operation offers a viable defensive
tactic that should not impose much in the way of additional costs.
-Doug