From: Dave Crocker <dcrocker@bbiw.net> To: Paul Vixie <paul@vix.com>, nanog@merit.edu, Gadi Evron <ge@linuxbox.org> Subject: Re: On-going Internet Emergency and Domain Names
offlist.
actually, not, according to the headers shown above.
Paul Vixie wrote:
a push-pull. first, advance the current effort to get registrars and dynamic-dns providers to share information about bad CC#'s, bad customers, bad domains, whatever. arrange things so that a self-vetting society of both in-industry and ombudsmen have the communications fabric they need to behave responsibly. push hard on this, make sure everybody hears about it and that the newspapers are full of success stories about it.
IP Address blacklists are a sufficiently solid staple of email anti-abuse effort, that I suspect similar approaches, for other information tidbits, would be quite useful.
as the inventor of the internet's first ip address blackhole list (not "blacklist"), i agree that it's a solid staple, but i'm not sure it was the most effective 10-year plan we could have made at the time, had we been making 10-year plans.
This is less about "shaming" and more about filtering. In this case, filtering at DNS registration time, ISP account setup, or the like.
agreed. i'd be happy to see the DNS registration "front end" (one of its "edges") gain some kind of reputation filtering. i just don't want to see "core"-level filtering like we did in e-mail, unless it's at the customer- facing ("edge") level, like Trend ICSS offers.
The difficulties, here, are to a) establish a credible organization for creating and maintaining the list(s), b) getting folks to submit data to it, and c) getting folks to use it.
those are Gadi's three areas of strength and i'd help him if he did this.
Since there is quite a lot of track-record on doing this -- both well and poorly -- the challenge here is all about implementation, rather than design, of the service.
having designed a reputation system inadequately once upon a time, i think it's important to get both the design and implementation right.