[Collisions] "controlled interruption" - 127/8 versus RFC1918 space

Fri Jan 10 17:52:15 UTC 2014

I get the concerns about privacy and I certainly understand the reluctance to want ICANN managing yet another multi-month delay driven process….

I’m also not a lawyer but my view on the privacy issue is that its just another piece of FUD being used as an excuse to delay progress.

If a network is going to leak as a result of our proposal.  It is ALREADY leaking.  At the very least, their DNS queries are leaking.    If DNS is leaking then they are ALREADY subject to all sorts of undefined behaviour from the coffeehsop, home routers etc..   Huge swaths of that business already do DNS interception for security/access or monetization reasons so who knows what’s happening with their data.

I have to believe that actually providing good feedback and a well defined privacy policy by whomever is running these proposed services is going to be far better than the completely undefined, unknown behaviour that is out there today.

Wayne

On Jan 10, 2014, at 9:12 AM, Jeff Schmidt <jschmidt at jasadvisors.com<mailto:jschmidt at jasadvisors.com>> wrote:

It would not be hard for ICANN to host a webserver that:
a: strips all parameters from the URL before logging it (anything
after the /, anything of the form user:pass@, etc).
b: throws away cookies, all other headers.
c: Doesn't log usernames, etc for other protocols.
d: performs other sanitization (only log AS#, strip / elide last octet,
etc.)
and have this behavior audited by <insert random auditor here>.

Yes, but there is a problem before that too.  By returning an Internet
routable IP, we've actually "caused" the host to send this juicy stuff
over the open wifi at the coffee shop, through their compromised home
router, over the hills and through the woods to Grandmas, etc.  This may
actually making things worse than they are now - where NX means nothing is
transmitted.  We want to keep it local.  Fail closed.

________________________________
Please NOTE: This electronic message, including any attachments, may include privileged, confidential and/or inside information owned by Demand Media, Inc. Any distribution or use of this communication by anyone other than the intended recipient(s) is strictly prohibited and may be unlawful. If you are not the intended recipient, please notify the sender by replying to this message and then delete it from your system. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/collisions/attachments/20140110/65b0d5cc/attachment.htm>