Hi Serge,
Gotta agree with Olivier, Andre & Mike. This is a strange decision and a strange process (2 weeks to react to this new world order???). Makes me wonder why such a strange strategy couldn't be extrapolated to where .ch is disconnected unless some subdomain spreading "malware" stops within 24hrs?!?
I seem to recall 15 or more years ago (details are obviously a bit hazy) ... a) Milo decided to disconnect Finland from the then Internet (for some reason he thought was important).
b) SWITCH decided to ban distributing any newsgoup dealing with sex (SWITCH was the main way for the vast majority of Internet users to receive their newsgroups).
Both decisions were very arbitary (agree that no malice was intended except for Milo's case ;-( ). No chance to discuss the "how to achieve the goal" and "how to implement the goal".
Seriously, cert authorities have often delayed "outing" security holes from buggy software/hardware manufacturers until they have time to patch the bug. This has taken sometimes a very long time.
How come then that a "maybe" malware infected site (read the previous poster's comments - one man's malware is another man's security protection service) has no real time to react and is effectively "nuked".
One could argue that all sites that use known buggy software and hardware must fix within 24hrs or else be disconnected.
One thing is for the police to ask an ISP do something (at least they are following laws where a particular process is involved where debate, enhancements, etc occur AND as Andre correctly states the ISP can shield himself from legal liabilty by stating "I did what the police told me to do."). But for SWITCH to "decide" to do something to an even lower level entity, such as a domain, and in this manner is truely abit scary and a bad decision as a "process" - SWITCH also makes mistakes from time to time (see above).
SWITCH should raise suspect sites to the police who would "decide" and then instruct SWITCH what it should do.
Lastly, law or no law, would you really treat bluwin.ch the same as smallISP.ch and disconnect them within 24hrs if their cisco ios was buggy - such a bug ain't gonna be fixed within 24hrs?
Also my 2cents worth...Cheers JIm
On 11/11/2010 10:28, Mike Kellenberger wrote:
Hi all (again)
The more I think about it, the less I think SWITCH thought about it, before publishing such nonsense.
"On 25 November 2010 SWITCH will launch an new initiative to maintain the high security standards of Swiss websites."
Hello? Since when does SWITCH have anything to say about the security of websites? Security of Domains: ok, but websites? Remember: Internet != WorldWideWeb
Deleting the name server delegation of a domain not only shuts down access to one website, but to ALL Internet services depending on DNS in that domain.
"From different third parties we receive a fairly large number of URLs in .ch/.li ccTLDs which distribute malware."
Exactly - specific URLs (or the websites behind those URLs) may spread malware, but not the domain itself, but again - since SWITCH cannot block access to specifiec URLs, there is no reason to block access to the whole domain.
So I absolutely second Andre Oppermanns opinion: "This delegation suspension plan is entirely broken by design and should be immediately stopped."
Cheers
Mike