On Sat, Mar 31, 2007, Gadi Evron wrote:
On Sat, 31 Mar 2007, Stephen Satchell wrote:
Gadi Evron wrote:
Amen. Really.
I'd honestly like more ideas.
What did IETF and ICANN say when you approached them through their public-comment channels?
ICANN is well aware of the issues through their visibility into operational groups, and I am far from an expert on public policy (which is why I mentioned we are studyign that option). ICANN has not shown any interest or ability to affect change in this realm. ICANN's work is elsewhere.
People at ICANN understand though, and I have no personal issue with any of them.
IETF? I never tried to contact them. Maybe others did, maybe not.
If you can help with any of these (if you believe they will affect change in the operational realm), we would appreciate it.
I hazard a guess and say they'll probably say similar things to the general response on this mailing list - DNS is one of many possible attack vectors and is most probably the wrong spot to do this. Stop trying to fix things in the core - it won't work, honest - and start trying to fix things closer to the edge where the actual problem is. I view this kind of thing as an operational issue insomuch as it might affect my network - but malware writers are botnet operators are smarter than they once were and aren't nearly as "spray your mark everywhere as quickly as possible" as exploits used to be. Adrian