Re: [gnso-ff-pdp-may08] Registrant Verification: additional language for 5.7

[Dave Piscitello <dave.piscitello@xxxxxxxxx>]

I'm definitely not suggesting we resurrect the "who pays" thread.
I was answering a specific comment.

Perhaps I'm wrong, but I thought I had been asked to complete an as yet
uncompleted section 5.4. I created a draft section as instructed, and
circulated it to the parties who asked to participate in preparing the draft
(which was later expanded). What I published on the list was (I thought)
something everyone who participated thought was appropriate.

If there are individual items that a majority cannot agree to include, then
would they not be distinguished as not having strong support?

I don't want to add anything about cost, who pays, or anything related. I
agree that's counterproductive at this point.



On 10/29/08 4:06 PM  Oct 29, 2008, "Diaz, Paul" <pdiaz@xxxxxxxxxxxxxxxxxxxx>
wrote:

> Dave,
>
> Isn't this thread resurrecting the "who pays" debates we had early on in
> this WG?  I'm troubled that such a potentially significant
> recommendation is being made (and supported) relatively late in the
> drafting process - especially as this proposal seems beyond the mandate
> of the FF WG (i.e. should be part of the WHOIS debate).
>
> I thought we were at the final editing stage of the draft Initial
> Report, not inserting major new initiatives.  While we could suggest
> that further study be done into verification technologies, can we
> develop the list of recommendations you're envisioning in short order?
> Importantly, even if some WG participants can pull together language
> quickly, I'd believe that we will have to include "the group did not
> reach consensus or endorse any of them" in the section header (this
> disclaimer is currently marked as "tentative" text).
>
>
> -----Original Message-----
> From: owner-gnso-ff-pdp-may08@xxxxxxxxx
> [mailto:owner-gnso-ff-pdp-may08@xxxxxxxxx] On Behalf Of Dave Piscitello
> Sent: Wednesday, October 29, 2008 3:20 PM
> To: Paul Stahura; George Kirikos; Fast Flux Workgroup
> Subject: Re: [gnso-ff-pdp-may08] Registrant Verification: additional
> language for 5.7
>
>
> Not all verification procedures are as easily defeated as ones you
> appear to
> mention. Requiring physical documentation is expensive, not easily
> defeated
> and possibly not conducive to high volume transaction businesses. Using
> captcha is cheap (free even), fast, but it can be defeated more easily
> than
> physical documentation. What does this approach yield us?
>
> This approach (my opinion) doesn't help anyone who wants to improve
> verification procedures as much as a list of verification methods that
> are
> implemented by registrars, subscription portals, intranets, government
> and
> financial sites, etc. If I were a registrar or reseller, I think I'd
> love to
> have someone expose the full playing field of verification opportunities
> that could defeat the bad guys.
>
> Once you have a list, then you start to study which are effective,
> expensive, etc. no?
>
>
> On 10/29/08 3:08 PM  Oct 29, 2008, "Paul Stahura"
> <Paul.Stahura@xxxxxxxx>
> wrote:
>
>> George,
>>
>> Before we go there, shouldn't we show that putting these (probably
> expensive)
>> "verification" procedures in place actually prevents the bad thing
> (certain
>> fast fluxing names in this case)?
>>
>> Plus "verification" is easily defeated by the bad guys - city matches
> state,
>> matches zip etc.
>>
>> And that's only if the bad guys are really using "bad whois" when
> registering
>> domains used in bad fast-flux activities.
>> Don't that bad guys actually use good whois/credit card info/etc when
>> registering a fast-flux name (so it stays up longer)?
>>
>> I disagree with your proposed change
>>
>>
>> -----Original Message-----
>> From: owner-gnso-ff-pdp-may08@xxxxxxxxx
>> [mailto:owner-gnso-ff-pdp-may08@xxxxxxxxx] On Behalf Of Dave
> Piscitello
>> Sent: Monday, October 27, 2008 2:00 PM
>> To: George Kirikos; Fast Flux Workgroup
>> Subject: Re: [gnso-ff-pdp-may08] Registrant Verification: additional
> language
>> for 5.7
>>
>>
>> HI George,
>>
>>
>>
>> This is an important point. Perhaps you might say "additional" rather
> than
>> "stronger" and amplify by giving an example or two of the kinds of
>> verification procedures the GNSO should consider?
>>
>>
>> On 10/27/08 4:49 PM  Oct 27, 2008, "George Kirikos"
> <fastflux@xxxxxxxx>
>> wrote:
>>
>>>
>>>
>>> Hi,
>>>
>>> In 5.7 of the document, for "active engagement" ideas (starting at
>>> line 926), I'd propose adding the following point, say between line
>>> 930 and line 931 of the current document or at line 947:
>>>
>>> - stronger registrant verification procedures
>>>
>>> Note, this can be accomplished without affecting the display of
> public
>>> WHOIS (i.e. verification takes place by registrar or registry, but
>>> WHOIS display is unaffected, in particular they can continue to use
>>> privacy services).
>>>
>>> Sincerely,
>>>
>>> George Kirikos
>>> www.LEAP.com
>>
>>
>
>