[dns-operations] ICANN study on domain front-running.

Eric Brunner-Williams brunner at nic-naa.net
Thu Aug 13 19:12:14 UTC 2009 

Andrew Sullivan wrote:
> On Sat, Aug 08, 2009 at 01:42:16PM -0700, SM wrote:
>
>   
>> The summary of the report says that there is no evidence of  
>> front-running. The second paragraph under the Test Results section  
>> mentions that the methology cannot prove that front-running is not 
>> occurring.
>>     
>
> Indeed, I'd expect front-running domains _not_ to be in the DNS,
> because they're probably only going to be registered for less than the
> duration of the create grace period.  I regard this report as actually
> harmful: it looks like a result, but it isn't one, and therefore the
> question remains open without the previous incentive to fund an effort
> to answer the question.
>
> A
>
>   

The original complaint, either the LA or the Paris ICANN meetings (I sat 
behind Bill, so if he remembers which meeting that would disambiguate), 
was of the form "my name got taken". While the room was full of SSAC and 
the vocal  meta-complaintants, no data was presented. When the subject 
was revisited at the Delhi meeting I opined that looking for synchronous 
state leaks, from NX returns, etc., could yield data, and after an open 
query to NANOG one or more persons informed me privately that NX data 
was monitized, but still, the data was not evident.

Then NSI announced that as a user protection service, any query using 
their front-end would result in a AGP duration "protective 
registration". That was front-running as an announced registrar service.

I agree with Andrew that the report has negative utility. The leakage of 
NX data from resolvers, or observed between resolvers, or observed via a 
resolver, is something for which test (discovery) methods exist, and if 
policy applies (and we already have the no synthetic return policy), 
then the sources and sinks of leaked NX state may be policied, whether 
the actor is NSI engaging in a novel and external to consensus policy 
"registrar service" or VGRS engaging in a novel and external to 
consensus policy "registry service", or some other party.

ICANN is having a bad run of paid advice. Auctions are wonderful. Brands 
are wonderful. Vertical integration is wonderful.

As Andrew notes, the ability of he, or he and I, or ... to go back to 
ICANN and say "the question ain't been answered, here's a better study 
design, one that can provide an answer" is made much harder by a "study" 
that "proves" there is no "there there". And did we care about "front 
running" or do we care about state leaking?

Eric

More information about the dns-operations mailing list