Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
On 29 aug 2014, at 07:04, SM s...@resistor.net wrote: At 14:13 28-08-2014, Rod Rasmussen wrote: I note that these documents speak to many of the issues being exposed here (and yes, full disclosure, I wrote a small portion of the text/reviewed them): Was there a response to those issues? Some, but also referrals to issues still under a disclosure policy not made public. Patrik signature.asc Description: Message signed with OpenPGP using GPGMail ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
Hi, On Aug 28, 2014, at 11:59 PM, Patrik Fältström p...@frobbit.se wrote: On 29 aug 2014, at 07:04, SM s...@resistor.net wrote: At 14:13 28-08-2014, Rod Rasmussen wrote: I note that these documents speak to many of the issues being exposed here (and yes, full disclosure, I wrote a small portion of the text/reviewed them): Was there a response to those issues? For details of ICANN’s efforts related to name collisions, please see https://www.icann.org/resources/pages/name-collision-2013-12-06-en. Some, but also referrals to issues still under a disclosure policy not made public. For clarification: During the analysis associated with name collision, JAS Global Advisors discovered a vulnerability. In keeping with ICANN’s “Coordinated Vulnerability Disclosure Reporting” policy, JAS notified ICANN and the affected vendor(s). The exact nature of the vulnerability has not yet been released as the vendor(s) work to mitigate the potential impact of the vulnerability. Full disclosure: I was on contract to JAS during their name collision efforts and have since joined ICANN. Regards, -drc signature.asc Description: Message signed with OpenPGP using GPGMail ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
Em 29/08/2014, à(s) 12:40:000, David Conrad d...@virtualized.org escreveu: Hi, On Aug 28, 2014, at 11:59 PM, Patrik Fältström p...@frobbit.se wrote: On 29 aug 2014, at 07:04, SM s...@resistor.net wrote: At 14:13 28-08-2014, Rod Rasmussen wrote: I note that these documents speak to many of the issues being exposed here (and yes, full disclosure, I wrote a small portion of the text/reviewed them): Was there a response to those issues? For details of ICANN’s efforts related to name collisions, please see https://www.icann.org/resources/pages/name-collision-2013-12-06-en. Some, but also referrals to issues still under a disclosure policy not made public. For clarification: During the analysis associated with name collision, JAS Global Advisors discovered a vulnerability. In keeping with ICANN’s “Coordinated Vulnerability Disclosure Reporting” policy, JAS notified ICANN and the affected vendor(s). The exact nature of the vulnerability has not yet been released as the vendor(s) work to mitigate the potential impact of the vulnerability. Full disclosure: I was on contract to JAS during their name collision efforts and have since joined ICANN. David, Does the affected vendor(s) have an expected forecast to address the vulnerability so JAS/ICANN can come forward with the issue ? Rubens ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
On Aug 28 2014, Shumon Huque wrote: A related observation: according the ICANN webinar on this topic from a couple of weeks ago, all new gTLDs delegated on or after August 18th were supposed to deploy these kinds of controlled interruption wildcard records. The slides are here: https://www.icann.org/en/system/files/files/name-collision-framework-slides-12aug14-en.pdf It looks like the following new gTLDs were delegated on/after that date. But only .otsuka has the records: business gbiz gmail immo network otsuka pizza xn--vhquv All those 8 have the records now, and quite a few allocated earlier have acquired them as well. Of the 10 delegated on 16 August (according to http://newgtlds.icann.org/en/program-status/delegated-strings ) click, diet, help, hosting, propertyhave them cern, how, ltda, ooo, uol do not and 18 earlier ones have also them nqv7fs00ema, meet, autos, motorcycles, homes, yachts, xn--4gbrim, xn--kput3i, green, lotto, active, bmw, mini, lgbt, ngo, nra, spiegel, ong as tested today. It may be just an accident that otsuka was the first one I saw in this state (and I had to google on 127.0.53.53 to find out what it was all about...) -- Chris Thompson University of Cambridge Information Services, Email: c...@uis.cam.ac.ukRoger Needham Building, 7 JJ Thomson Avenue, Phone: +44 1223 334715 Cambridge CB3 0RB, United Kingdom. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
A related observation: according the ICANN webinar on this topic from a couple of weeks ago, all new gTLDs delegated on or after August 18th were supposed to deploy these kinds of controlled interruption wildcard records. The slides are here: https://www.icann.org/en/system/files/files/name-collision-framework-slides-12aug14-en.pdf It looks like the following new gTLDs were delegated on/after that date. But only .otsuka has the records: business gbiz gmail immo network otsuka pizza xn--vhquv --Shumon. On Thu, Aug 28, 2014 at 8:38 AM, Chris Thompson c...@cam.ac.uk wrote: The gTLD otsuka, created sometime in the last 24 hours, appears to be the first to use the wildcards described at https://www.icann.org/news/announcement-2-2014-08-01-en https://www.icann.org/en/system/files/files/name- collision-framework-30jul14-en.pdf That is, it contains *.otsuka. 3600 IN A127.0.53.53 *.otsuka. 3600 IN TXT Your DNS configuration needs immediate attention see https://icann.org/namecollision; *.otsuka. 3600 IN SRV 10 10 0 your-dns-needs-immediate- attention.otsuka. *.otsuka. 3600 IN MX 10 your-dns-needs-immediate-attention.otsuka. and the corresponding RRSIGs. What do people think about this business? Is anyone taking specific precautions to detect attempts to connect to 127.0.53.53? -- Chris Thompson University of Cambridge Information Services, Email: c...@uis.cam.ac.ukRoger Needham Building, 7 JJ Thomson Avenue, Phone: +44 1223 334715 Cambridge CB3 0RB, United Kingdom. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
On Aug 28, 2014, at 7:39 AM, Shumon Huque shu...@gmail.com wrote: A related observation: according the ICANN webinar on this topic from a couple of weeks ago, all new gTLDs delegated on or after August 18th were supposed to deploy these kinds of controlled interruption wildcard records. The slides are here: https://www.icann.org/en/system/files/files/name-collision-framework-slides-12aug14-en.pdf Correct, but they only need to deploy it before they deploy any SLDs other than nic.newgtld. It looks like the following new gTLDs were delegated on/after that date. But only .otsuka has the records: Also correct. So, before any of those TLDs start doing anything other than I'm in the root zone and I have A records for nic, they have to do the 90-day controlled interruption. --Paul Hoffman ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
Hi Chris, At 05:38 28-08-2014, Chris Thompson wrote: The gTLD otsuka, created sometime in the last 24 hours, appears to be the first to use the wildcards described at [snip] What do people think about this business? Is anyone taking specific precautions to detect attempts to connect to 127.0.53.53? I presume that the people who invented this stuff know what they are doing. Regards, -sm ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
On Thu, Aug 28, 2014 at 12:50 PM, SM s...@resistor.net wrote: Hi Chris, At 05:38 28-08-2014, Chris Thompson wrote: The gTLD otsuka, created sometime in the last 24 hours, appears to be the first to use the wildcards described at [snip] What do people think about this business? Is anyone taking specific precautions to detect attempts to connect to 127.0.53.53? I presume that the people who invented this stuff know what they are doing. Mwahahahahahhah hahhhahaha teehee... Thanks, I needed that. W Regards, -sm ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
I note that these documents speak to many of the issues being exposed here (and yes, full disclosure, I wrote a small portion of the text/reviewed them): https://www.icann.org/en/system/files/files/sac-062-en.pdf https://www.icann.org/en/system/files/files/sac-066-en.pdf Draw your own conclusions. Cheers, Rod On Aug 28, 2014, at 9:50 AM, SM s...@resistor.net wrote: Hi Chris, At 05:38 28-08-2014, Chris Thompson wrote: The gTLD otsuka, created sometime in the last 24 hours, appears to be the first to use the wildcards described at [snip] What do people think about this business? Is anyone taking specific precautions to detect attempts to connect to 127.0.53.53? I presume that the people who invented this stuff know what they are doing. Regards, -sm ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs signature.asc Description: Message signed with OpenPGP using GPGMail ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
On Thu, Aug 28, 2014 at 05:36:29PM -0400, Warren Kumari wrote: On Thu, Aug 28, 2014 at 4:12 PM, Warren Kumari war...@kumari.net wrote: On Thu, Aug 28, 2014 at 12:50 PM, SM s...@resistor.net wrote: Hi Chris, At 05:38 28-08-2014, Chris Thompson wrote: The gTLD otsuka, created sometime in the last 24 hours, appears to be the first to use the wildcards described at [snip] What do people think about this business? Is anyone taking specific precautions to detect attempts to connect to 127.0.53.53? I presume that the people who invented this stuff know what they are doing. Mwahahahahahhah hahhhahaha teehee... Thanks, I needed that. So, I just realized that this sounded like a jab specifically at JAS (the folk who proposed the 127.0.53.53 answer) -- this was actually instead supposed to be a jab at everyone :-) I had long discussions with the JAS folk, and have huge respect for them - they did, IMO, a good job. The really fun part (for me) is that depending on the OS you can ping 127.0.53.53. (eg: Linux, Yes, MacOS, No). Linux will also give you Connection refused for TCP connections. - Jared -- Jared Mauch | pgp key available via finger from ja...@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
On Thursday, August 28, 2014, Rod Rasmussen rod.rasmus...@internetidentity.com wrote: I note that these documents speak to many of the issues being exposed here (and yes, full disclosure, I wrote a small portion of the text/reviewed them): Yah, me too... W https://www.icann.org/en/system/files/files/sac-062-en.pdf https://www.icann.org/en/system/files/files/sac-066-en.pdf Draw your own conclusions. Cheers, Rod On Aug 28, 2014, at 9:50 AM, SM s...@resistor.net javascript:; wrote: Hi Chris, At 05:38 28-08-2014, Chris Thompson wrote: The gTLD otsuka, created sometime in the last 24 hours, appears to be the first to use the wildcards described at [snip] What do people think about this business? Is anyone taking specific precautions to detect attempts to connect to 127.0.53.53? I presume that the people who invented this stuff know what they are doing. Regards, -sm ___ dns-operations mailing list dns-operations@lists.dns-oarc.net javascript:; https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
On 28 aug 2014, at 22:12, Warren Kumari war...@kumari.net wrote: On Thu, Aug 28, 2014 at 12:50 PM, SM s...@resistor.net wrote: Hi Chris, At 05:38 28-08-2014, Chris Thompson wrote: The gTLD otsuka, created sometime in the last 24 hours, appears to be the first to use the wildcards described at [snip] What do people think about this business? Is anyone taking specific precautions to detect attempts to connect to 127.0.53.53? I presume that the people who invented this stuff know what they are doing. Mwahahahahahhah hahhhahaha teehee... Thanks, I needed that. Thanks Warren, this made me smile... ;-) For people not aware, the discussion inside ICANN on this matter has been...hmm...complicated. What is deployed is the result of a discussion inside ICANN that you can find one core report here: https://www.icann.org/public-comments/name-collision-2014-02-26-en See for example Section 2.3 and Appendix A in SAC066: https://www.icann.org/en/system/files/files/sac-066-en.pdf Patrik Fältström SSAC Chair signature.asc Description: Message signed with OpenPGP using GPGMail ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
Hi Rod, Warren, At 14:13 28-08-2014, Rod Rasmussen wrote: I note that these documents speak to many of the issues being exposed here (and yes, full disclosure, I wrote a small portion of the text/reviewed them): Was there a response to those issues? At 14:36 28-08-2014, Warren Kumari wrote: So, I just realized that this sounded like a jab specifically at JAS (the folk who proposed the 127.0.53.53 answer) -- this was actually instead supposed to be a jab at everyone :-) That is how I read it. :-) Regards, -sm ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs