RE: [gnso-ff-pdp-may08] Registrant Verification: additional language for 5.7

["James M. Bladel" <jbladel@xxxxxxxxxxx>]

<html><body><span style="font-family:Arial; color:#000000; font-size:10pt;">I 
agree with the sentiments expressed by Mr. Diaz.&nbsp; <br><br>Considering the 
late stage of the drafting process, we should focus on polishing those items 
that have garnered loose agreement, and avoid introducing new recommendations 
that have not been discussed by the full group.&nbsp; This is particularly true 
of this idea, which could have broad-reaching implications for registries and 
registrars.<br><br>J.<br><br><br>
<blockquote webmail="1" style="border-left: 2px solid blue; margin-left: 8px; 
padding-left: 8px; font-size: 10pt; color: black; font-family: verdana;">
<div   >
-------- Original Message --------<br>
Subject: RE: [gnso-ff-pdp-may08] Registrant Verification: additional<br>
language for 5.7<br>
From: "Diaz, Paul" &lt;pdiaz@xxxxxxxxxxxxxxxxxxxx&gt;<br>
Date: Wed, October 29, 2008 3:06 pm<br>
To: "Dave Piscitello" &lt;dave.piscitello@xxxxxxxxx&gt;<br>
Cc: "Fast Flux Workgroup" &lt;gnso-ff-pdp-May08@xxxxxxxxx&gt;,        "Paul<br>
Stahura" &lt;Paul.Stahura@xxxxxxxx&gt;,        "George Kirikos"<br>
&lt;fastflux@xxxxxxxx&gt;<br>
<br>
<br>
Dave,<br>
<br>
Isn't this thread resurrecting the "who pays" debates we had early on in<br>
this WG?  I'm troubled that such a potentially significant<br>
recommendation is being made (and supported) relatively late in the<br>
drafting process - especially as this proposal seems beyond the mandate<br>
of the FF WG (i.e. should be part of the WHOIS debate).  <br>
<br>
I thought we were at the final editing stage of the draft Initial<br>
Report, not inserting major new initiatives.  While we could suggest<br>
that further study be done into verification technologies, can we<br>
develop the list of recommendations you're envisioning in short order?<br>
Importantly, even if some WG participants can pull together language<br>
quickly, I'd believe that we will have to include "the group did not<br>
reach consensus or endorse any of them" in the section header (this<br>
disclaimer is currently marked as "tentative" text).<br>
<br>
<br>
-----Original Message-----<br>
From: owner-gnso-ff-pdp-may08@xxxxxxxxx<br>
[<a onclick="return 
true;Popup.composeWindow('pcompose.php?sendto=owner-gnso-ff-pdp-may08%40icann.org');
 return false;" href="https://email.secureserver.net/pcompose.php#Compose"; 
mce_href="https://email.secureserver.net/pcompose.php#Compose";>mailto:owner-gnso-ff-pdp-may08<b></b>@icann.org</a>]
 On Behalf Of Dave Piscitello<br>
Sent: Wednesday, October 29, 2008 3:20 PM<br>
To: Paul Stahura; George Kirikos; Fast Flux Workgroup<br>
Subject: Re: [gnso-ff-pdp-may08] Registrant Verification: additional<br>
language for 5.7<br>
<br>
<br>
Not all verification procedures are as easily defeated as ones you<br>
appear to<br>
mention. Requiring physical documentation is expensive, not easily<br>
defeated<br>
and possibly not conducive to high volume transaction businesses. Using<br>
captcha is cheap (free even), fast, but it can be defeated more easily<br>
than<br>
physical documentation. What does this approach yield us?<br>
<br>
This approach (my opinion) doesn't help anyone who wants to improve<br>
verification procedures as much as a list of verification methods that<br>
are<br>
implemented by registrars, subscription portals, intranets, government<br>
and<br>
financial sites, etc. If I were a registrar or reseller, I think I'd<br>
love to<br>
have someone expose the full playing field of verification opportunities<br>
that could defeat the bad guys.<br>
<br>
Once you have a list, then you start to study which are effective,<br>
expensive, etc. no?<br>
<br>
<br>
On 10/29/08 3:08 PM  Oct 29, 2008, "Paul Stahura"<br>
&lt;Paul.Stahura@xxxxxxxx&gt;<br>
wrote:<br>
<br>
&gt; George,<br>
&gt;<br>
&gt; Before we go there, shouldn't we show that putting these (probably<br>
expensive)<br>
&gt; "verification" procedures in place actually prevents the bad thing<br>
(certain<br>
&gt; fast fluxing names in this case)?<br>
&gt;<br>
&gt; Plus "verification" is easily defeated by the bad guys - city matches<br>
state,<br>
&gt; matches zip etc.<br>
&gt;<br>
&gt; And that's only if the bad guys are really using "bad whois" when<br>
registering<br>
&gt; domains used in bad fast-flux activities.<br>
&gt; Don't that bad guys actually use good whois/credit card info/etc when<br>
&gt; registering a fast-flux name (so it stays up longer)?<br>
&gt;<br>
&gt; I disagree with your proposed change<br>
&gt;<br>
&gt;<br>
&gt; -----Original Message-----<br>
&gt; From: owner-gnso-ff-pdp-may08@xxxxxxxxx<br>
&gt; [<a onclick="return 
true;Popup.composeWindow('pcompose.php?sendto=owner-gnso-ff-pdp-may08%40icann.org');
 return false;" href="https://email.secureserver.net/pcompose.php#Compose"; 
mce_href="https://email.secureserver.net/pcompose.php#Compose";>mailto:owner-gnso-ff-pdp-may08<b></b>@icann.org</a>]
 On Behalf Of Dave<br>
Piscitello<br>
&gt; Sent: Monday, October 27, 2008 2:00 PM<br>
&gt; To: George Kirikos; Fast Flux Workgroup<br>
&gt; Subject: Re: [gnso-ff-pdp-may08] Registrant Verification: additional<br>
language<br>
&gt; for 5.7<br>
&gt;<br>
&gt;<br>
&gt; HI George,<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; This is an important point. Perhaps you might say "additional" rather<br>
than<br>
&gt; "stronger" and amplify by giving an example or two of the kinds of<br>
&gt; verification procedures the GNSO should consider?<br>
&gt;<br>
&gt;<br>
&gt; On 10/27/08 4:49 PM  Oct 27, 2008, "George Kirikos"<br>
&lt;fastflux@xxxxxxxx&gt;<br>
&gt; wrote:<br>
&gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; Hi,<br>
&gt;&gt;<br>
&gt;&gt; In 5.7 of the document, for "active engagement" ideas (starting at<br>
&gt;&gt; line 926), I'd propose adding the following point, say between line<br>
&gt;&gt; 930 and line 931 of the current document or at line 947:<br>
&gt;&gt;<br>
&gt;&gt; - stronger registrant verification procedures<br>
&gt;&gt;<br>
&gt;&gt; Note, this can be accomplished without affecting the display of<br>
public<br>
&gt;&gt; WHOIS (i.e. verification takes place by registrar or registry, but<br>
&gt;&gt; WHOIS display is unaffected, in particular they can continue to use<br>
&gt;&gt; privacy services).<br>
&gt;&gt;<br>
&gt;&gt; Sincerely,<br>
&gt;&gt;<br>
&gt;&gt; George Kirikos<br>
&gt;&gt; <a href="http://www.LEAP.com"; target="_blank" 
mce_href="http://www.LEAP.com";>www.LEAP.com</a><br>
&gt;<br>
&gt;<br>
<br>
<br>
<br>

</div>
</blockquote></span></body></html>