>Besides Paul's valid "what if it's 100,000?", how does an engineer >distinguish between 100x people and 100x organized bots?
I dunno. How do we know that the traffic for .corp and .home is from people rather than botnets? >If there is a group of people using an identifier as you describe, then >I'd suspect there would be other evidence than just the log of leaked >queries. (What if they don't leak?) Criteria based on the other evidence >would likely be stronger than just counts of leaked queries. If that wasn't clear, of course I agree with you. But we are writing policy, not software. We're looking for evidence of substantial private use, which is something we decide by making human decisions, not by some mechanical packet counting formula. Having said all that, I'm certainly not opposed to collecting more data. It's just not a substitute for making decisions. R's, John _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
