Playing "devil's advocate" (http://en.wikipedia.org/wiki/Devil%27s_advocate):
On 5/9/15, 3:54, "John R Levine" <jo...@taugh.com> wrote: >Let's say we found that there's some online thing we never heard of >before, but it turns out that 100,000,000 people in India and China use >it, it uses private names in .SECRET, and people looking at DNS logs >confirm that they're seeing leakage of .SECRET names. Beyond rolling our >eyes and saying we wish they hadn't done that, what else should we do? >Why shouldn't we reserve it? The number of possible TLDs is effectively >unlimited, striking one more off the list that might be sold in the >future >doesn't matter. This is engineering, not ideally what we might have done >with a blank slate, but the best we can do under the circumstances. Besides Paul's valid "what if it's 100,000?", how does an engineer distinguish between 100x people and 100x organized bots? My question adds to what David is saying - we need solid criteria. (Just to be clear, he is my boss but this does not represent any opinion on behalf of our employer.) The criteria of just seeing queries is, I'll say, naive, because it's so obviously vulnerable to gaming. (Not saying the data to date has evidence of being gamed, but it wouldn't be hard to pull this off.) (And why data collections efforts are not publicly announced, so as to limit anyone from prepping to game.) If there is a group of people using an identifier as you describe, then I'd suspect there would be other evidence than just the log of leaked queries. (What if they don't leak?) Criteria based on the other evidence would likely be stronger than just counts of leaked queries.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
