On-going Internet Emergency and Domain Names

• Previous message (by thread): ICANNs role [was: Re: On-going ...]
• Next message (by thread): On-going Internet Emergency and Domain Names
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Apr 2, 2007, at 6:29 PM, David Conrad wrote:

>
> On Apr 1, 2007, at 8:45 AM, Gadi Evron wrote:
>> On Sun, 1 Apr 2007, David Conrad wrote:
>>> On Mar 31, 2007, at 8:44 PM, Gadi Evron wrote:
>>> I'm not clear what "this realm" actually is.
>> Abuse and Security (non infrastructure).
>
> Well, ICANN is supposed to look after the "security and stability"  
> of the Internet, which is sufficiently vague and ambiguous to cover  
> pretty much anything.  I was actually looking for something a bit  
> more concrete.
>
> The one concrete suggestion I've seen is to induce a delay in zone  
> creation and publish a list of newly created names within the  
> zone.  The problem with this is that is sort of assumes:
>
> a) the registries all work on similar timescales
> b) that timescale is on the order of a day
> c) ICANN has a mechanism to induce the registries to make changes  
> to those timescales
> d) making changes along these lines would be what end users  
> actually want.
>
> Of these options:
>
> - (a) isn't true (by observation)
> - (b) is currently true for com/net, but I don't expect that to  
> last -- I've heard there is a lot of competitive pressure on the  
> registries to be faster in doing zone modifications
> - (c) I don't think is true now for even those TLDs ICANN has a  
> contractual relationship with and is highly unlikely to ever be  
> true for the vast majority of TLDs
> - (d) probably isn't true, given lots of people complain about how  
> long it takes to get zone changes done now and I believe registries  
> are working to reduce the amount of time significantly due to  
> customer demand.
>
> Even if a delay were imposed, I'm not sure I see how this would  
> actually help as I would assume it would require folks to actually  
> look at the list of newly created domains and discriminate between  
> the ones that were created for good and the ones created for ill.   
> How would one do this?

Good points.

The suggestion was to preview the addition of domains 24 hours in  
advance of being published.  This can identify look-alike and cousin  
domain exploits, and establish a watch list when necessary.  A  
preview provides valuable information for tracking bad actors and for  
setting up more effective defenses as well.

Should a 24 hour delay on updates prove unworkable, one method might  
be to flag new domains.  The flag would cause the record to remain  
hidden until the flag is removed.  Perhaps IN could be set to  
something else as a signal the record is being previewed.  The  
registrar would not see the flag, but would see the information as it  
would appear when finally published.  Nothing should appear different  
from the registrar's perspective.  It would also be good to establish  
feeds to interested parties of modifications as they occur.

Currently domain name additions are accomplished in milli-seconds,  
but then reported after 24 hours.  This agility is being heavily  
abused by bad actors hiding within the daily churn of millions of new  
domains.  A preview mode of operation offers a viable defensive  
tactic that should not impose much in the way of additional costs.

-Doug

• Previous message (by thread): ICANNs role [was: Re: On-going ...]
• Next message (by thread): On-going Internet Emergency and Domain Names
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]