[Top] [All Lists]

Re: [Asrg] Development of an object assessment format/protocol

2013-03-04 12:28:48
Emanuele Balla (aka Skull) wrote:
Straight to the point: abusive URLs on legit domains . There's no
(easy/effective) way to encode an entire URL in a DNS request.
At least, that's the reason why I've been thinking about this topic for the 
4 years... :-\

Can't you just use HTTP for that? There is an easy and effective way to encode 
URLs in HTTP - and HTTP is pretty good at returning all sorts of responses: a 
single character (0=good, 1=bad), some XML, some JSON, something else. There is 
obviously some overhead from the TCP connection and the request and response 
headers, but I wonder if there are many cases in which:
- this overhead is a huge problem;
- the request can't easily be 'encoded' into DNS.

Rich's examples all seem pretty easy to encode into DNS, but more importantly, 
to me they shout for HTTP POST. When Rich's idea of asking for context 
(expiration time, range to which the answer applies) is used well, it could 
actually save you a lot of further requests.

Note: some web proxies are already using HTTP to make requests about whether a 
particular URL is bad. In web proxies time really does matter (delaying all web 
pages by a second seriously affects perceived performance).



Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.
Asrg mailing list