ICANN ICANN Email List Archives

[gnso-ff-pdp-may08]


<<< Chronological Index >>>    <<< Thread Index >>>

[gnso-ff-pdp-may08] Address Verification

  • To: "gnso-ff-pdp-May08@xxxxxxxxx" <gnso-ff-pdp-May08@xxxxxxxxx>
  • Subject: [gnso-ff-pdp-may08] Address Verification
  • From: "George Kirikos" <fastflux@xxxxxxxx>
  • Date: Thu, 18 Sep 2008 11:15:45 -0400

Hi folks,

Just to followup on the prior discussion, here are some thoughts/links
that expand on the topic.

Apparently .dk does/did exactly what I was suggesting, namely:

http://www.icannwatch.org/comments.pl?sid=1540&cid=12938
http://www.dk-hostmaster.dk/index.php?id=140

(not clear from the latter link that it's sent to a postal mail, as
opposed to an email)

ECash, used by Intercasino and other online casinos, uses a PIN system
for verification, see the FAQ at:

http://www.ecashdirect.net/faq/faq-pin.html

The Canada Revenue Agency (Canada's equivalent to the IRS) sends a
security code by postal mail, as part of their online account
verification:

http://www.cra-arc.gc.ca/esrvc-srvce/tx/psssrvcs/pss_fq_scrty-eng.html#security10

There are at least 3 reasons why one would want WHOIS verification:

1) provides audit trail for law enforcement or civil litigation
2) curbs abuse by linking a finite physical identifier (physical
address) to a domain's activation, as opposed to an identifier that is
in infinite supply (i.e. emails).
3) using the principles of Signalling (from economics), e.g.

http://en.wikipedia.org/wiki/Signalling_(economics)

it's a lot more costly for a malevolent individual to provide physical
location verification than for innocent individuals to provide that
information.

Note, there are people that might be concerned that the physical
location is published in the WHOIS (e.g. rape crisis centers, etc.).
This concern can be allayed by keeping the information with the
registrar (i.e. registrar does the authentication before activation of
the domain, but can still use Proxy WHOIS for public address
information). Note, once the registrant has authenticated their
address with a registrar, they can re-use that PIN (assuming they keep
their address constant) for multiple registrations (e.g. on the first
domain, they get authenticated, and then can register 20 more, etc.).
PINs should probably not be portable between registrars (otherwise
you'd need a central blacklist of bad addresses, which might be tricky
to manage; although, through a hash of the address, it might be
possible to have a hashed central list). It can be portable to
multiple TLDs within a registrar, though, and ICANN can punish
registrars that don't properly authenticate before domain activation.

And if we want to do this in relation to Fast Flux, and allay
registrars concerned about lack of instant activation for customers,
conceivably a non-authenticated domain (i.e. a customer waiting for
their PIN code in the mail) could perhaps get activated only on
special nameservers, i.e. those of the registrar themselves. So,
example.com registered today by Jane Smith of 100 Main Street,
Anytown, USA. at GoDaddy can use ns1.domaincontrol.com and
ns2.domaincontrol.com instantly (which don't flux). But, to have "full
use" of the domain, i.e. switching to their own nameservers, etc.,
Jane needs to enter the PIN sent to 100 Main Street. After that, she
can register example2.com, example3.com, etc.

Sincerely,

George Kirikos
www.LEAP.com



<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy