[95619] in North American Network Operators' Group
Re: On-going Internet Emergency and Domain Names
daemon@ATHENA.MIT.EDU (Adrian Chadd)
Sun Apr 1 00:41:38 2007
Date: Sun, 1 Apr 2007 12:12:41 +0800
From: Adrian Chadd <adrian@creative.net.au>
To: Gadi Evron <ge@linuxbox.org>
Cc: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.21.0703312242220.14352-100000@linuxbox.org>
Errors-To: owner-nanog@merit.edu
On Sat, Mar 31, 2007, Gadi Evron wrote:
>
> On Sat, 31 Mar 2007, Stephen Satchell wrote:
> > Gadi Evron wrote:
> > >
> > > Amen. Really.
> > >
> > > I'd honestly like more ideas.
> >
> > What did IETF and ICANN say when you approached them through their
> > public-comment channels?
> >
>
> ICANN is well aware of the issues through their visibility into
> operational groups, and I am far from an expert on public policy (which is
> why I mentioned we are studyign that option). ICANN has not shown any
> interest or ability to affect change in this realm. ICANN's work is
> elsewhere.
>
> People at ICANN understand though, and I have no personal issue with any
> of them.
>
> IETF? I never tried to contact them. Maybe others did, maybe not.
>
> If you can help with any of these (if you believe they will affect change
> in the operational realm), we would appreciate it.
I hazard a guess and say they'll probably say similar things to the general
response on this mailing list - DNS is one of many possible attack vectors and
is most probably the wrong spot to do this.
Stop trying to fix things in the core - it won't work, honest - and start
trying to fix things closer to the edge where the actual problem is.
I view this kind of thing as an operational issue insomuch as it might
affect my network - but malware writers are botnet operators are smarter
than they once were and aren't nearly as "spray your mark everywhere as
quickly as possible" as exploits used to be.
Adrian
