On-going Internet Emergency and Domain Names

• Previous message (by thread): On-going Internet Emergency and Domain Names
• Next message (by thread): On-going Internet Emergency and Domain Names
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> From: Dave Crocker <dcrocker at bbiw.net>
> To: Paul Vixie <paul at vix.com>, nanog at merit.edu, Gadi Evron <ge at linuxbox.org>
> Subject: Re: On-going Internet Emergency and Domain Names
> 
> offlist.

actually, not, according to the headers shown above.

> Paul Vixie wrote:
> > a push-pull.  first, advance the current effort to get registrars and
> > dynamic-dns providers to share information about bad CC#'s, bad customers,
> > bad domains, whatever.  arrange things so that a self-vetting society of
> > both in-industry and ombudsmen have the communications fabric they need to
> > behave responsibly.  push hard on this, make sure everybody hears about it
> > and that the newspapers are full of success stories about it.
> 
> IP Address blacklists are a sufficiently solid staple of email anti-abuse
> effort, that I suspect similar approaches, for other information tidbits,
> would be quite useful.

as the inventor of the internet's first ip address blackhole list (not
"blacklist"), i agree that it's a solid staple, but i'm not sure it was
the most effective 10-year plan we could have made at the time, had we
been making 10-year plans.

> This is less about "shaming" and more about filtering.  In this case,
> filtering at DNS registration time, ISP account setup, or the like.

agreed.  i'd be happy to see the DNS registration "front end" (one of its
"edges") gain some kind of reputation filtering.  i just don't want to see
"core"-level filtering like we did in e-mail, unless it's at the customer-
facing ("edge") level, like Trend ICSS offers.

> The difficulties, here, are to a) establish a credible organization for
> creating and maintaining the list(s), b) getting folks to submit data to
> it, and c) getting folks to use it.

those are Gadi's three areas of strength and i'd help him if he did this.

> Since there is quite a lot of track-record on doing this -- both well and
> poorly -- the challenge here is all about implementation, rather than
> design, of the service.

having designed a reputation system inadequately once upon a time, i think
it's important to get both the design and implementation right.

• Previous message (by thread): On-going Internet Emergency and Domain Names
• Next message (by thread): On-going Internet Emergency and Domain Names
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]