On 5/9/15, 18:27, "John Levine" <jo...@taugh.com> wrote: >>Besides Paul's valid "what if it's 100,000?", how does an engineer >>distinguish between 100x people and 100x organized bots? > >I dunno. How do we know that the traffic for .corp and .home is from >people rather than botnets?
Through forensic analysis. E.g., finding that Cert Auth's issued certificates with ".corp" names. And that some) CPE's defaulted to ".home". Not saying that in a confrontational way. Just that this makes it pretty certain that the high query counts for those two were from non-bots. (Citing a report by Interisle: https://www.icann.org/en/system/files/files/name-collision-02aug13-en.pdf) >If that wasn't clear, of course I agree with you. But we are writing >policy, not software. We're looking for evidence of substantial >private use, which is something we decide by making human decisions, >not by some mechanical packet counting formula. > >Having said all that, I'm certainly not opposed to collecting more >data. It's just not a substitute for making decisions. And just not more, but the right data. Keep in mind that there are two cases. Names that are already "polluted" and names that someone wants to innovate with. In the former case, a definition of "polluted" needs to be made being careful not to fall victim to gaming. For the latter case, the criteria would need to be different. Assuming both cases are accommodated.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
