[dns-operations] Please contribute data to OARC!

[Jay Daley]

Hi Eric

On 7/02/2010, at 4:29 AM, Eric Brunner-Williams wrote:

> Jay,
> 
> I suppose you'd like your question answered to the list on which you asked it.
> 
> During the summer of 2008 after the GNSO Fast Flux PDP Working Group began I initiated a conference call with James Bladel (GoDaddy), Paul Diaz (NetSol)and Kalman Feher (MIT).
> 
> At that time, what I will call the "retail security" advocates were pushing requirements for all registrars (regardless of whether they accepted credit card payments, highly corollated to zero cost resource acquisition, or even sold CNO inventory, with a similar corollation with exploit targets) to opperate 24x7 and perform take-downs on an unqualified assertion by unknown third-parties.
> 
> I proposed to James, Paul and Kalman that we look at root causes for FFHN, at rapid update, a subject I and others were concerned with when it was first offered, in 2004, and at admission control. That is, the c&c problem, and the bot inventory problem.
> 
> We agreed to a second call, inviting Chuck Gomes (VGRS) and Jeff Neuman (NeuStar) and possibly someone from Afilias, I don't recall, and in that call we discussed, without coming to a conclusion, rapid update (mod in particular) and the flux ecologies.
> 
> Not too long after Mike O'Conner, who chaired the WG, and I both ended our involvement in the WG. Mike's comments are in the public record and I suspect mine are as well. I deleted my list and side-bar email archives.
> 
> The decision to form an "Registry Internet Security Group" (RSIG) was one I was not a party to, and opposed its form -- a mix of some registries, uncommitted to ending add and mod operation temporal equivalence, and unrelated (to registry operations) third-parties dependent upon the ongoing absence of admission control.
> 
> That exhausts my first hand knowledge in the RSIG to which you've expressed an interest. If you think the RSIG has solved either of those two problems -- temporal equivalency of add and mod, or lack of admission control, removing one c&c mechanism and reducing the value of bot inventories, please let me know. For me, the trust anchor problem, both static and temporal, on the zone delegation side, and on the BGP side, has been a conceptual tool. You mileage may vary.

The formation of RISG was nothing to do with that.  It was set up by PIR with a few other registries, some security companies and a couple of registrars to find ways for those participants to exchange data with the goal of detecting and removing domains registered for phishing or malware distribution as soon as possible.   There was no link to the events you describe above.

kind regards
Jay

-- 
Jay Daley
Chief Executive
.nz Registry Services
desk: +64 4 931 6977
mobile: +64 21 678840


> 
> I'm sure there is a marketing value to it, if only from the requirement stated by the NYC DoITT in November 2009, upon guidance from the vendor selected through the May 2009 RFI process, which is a founder of that organization.
> 
> I've no idea why CORE was not invited to form the RSIG in the Fall of 2008.
> 
> I suppose there are two fundamental approaches to a problem and its associated management institution: either limit the institutional members to those who have the problem, as the experience of those not affected by the problem can't be useful in responding to the symptoms of the root cause, or include within the institutional members those who do not have the problem, as the experience of those not affected by the problem may be illuminating as to the root causes of the problem.
> 
> Anyway, we don't offer rapid update, and a recent suggestion that we do so for a TLD zone with a retail price point several multiples of the CNO price point, so that "rapid takedown" is possible, strikes me as slightly absurd. I just don't see the fundamental business justification for rapid update, once the load balance and other bits of intentional temporal and spatial incoherence have been addressed.
> 
> I'm grateful you didn't argue for the necessity of registry operators joining the APWG. I have conversations with Rod at ICANN (or on planes to or from ICANN) and APWG has more than adequate access to ICANN meeting time. However, that doesn't mean APWG provides tools or methods that are fundamental to the protection of registry operations, which is my small personal concern as CTO of a registry operator, however incompetently conducted.
> 
> Cheers,
> Eric
> 
> On 2/5/10 6:18 PM, Jay Daley wrote:
>> 
>> On 6/02/2010, at 7:50 AM, Eric Brunner-Williams wrote:
>> 
>>> In its 3rd addenda to its Request for Proposals to Obtain. Operate. Manage. Administer. Maintain and Market the Geographic Top Level Domain .nyc, the DoITT stated:
>>> 
>>> Contractor shall maintain an active membership in RISG (Registry Internet Security Group) registrysafety.org OARC (DNS Operations, Analysis&  Research Center) dns-oarc.org APWG (Ami Phishing Working Group) apwg.org
>>> 
>>> Passing on the marginal utility of the first and third requirement,
>> 
>> Do you say that from a position of first hand knowledge?  I work extensively in RISG and I don't recall your involvement.  This is not the forum for me to go into the purpose of RISG and why it is both important and effective - but I will say that each group makes it own unique contribution and should be respected for that unless you have a good evidential reason for saying otherwise.
>> 
>> Jay
>> 
> 
> 
>