<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [gnso-ff-pdp-may08] Re: Mannheim score concerns (minority view)
- To: "gnso-ff-pdp-May08@xxxxxxxxx" <gnso-ff-pdp-May08@xxxxxxxxx>
- Subject: Re: [gnso-ff-pdp-may08] Re: Mannheim score concerns (minority view)
- From: "George Kirikos" <fastflux@xxxxxxxx>
- Date: Wed, 17 Sep 2008 17:36:53 -0400
Hello,
On Wed, Sep 17, 2008 at 5:25 PM, Dave Piscitello wrote:
> This is the part of the attack vector I wish registrars would pay more
> attention to. The business side wants to register names in real time.
> Revenue takes precedence over verification. Why does it matter so little
> that the identity's impersonated or the credit card is stolen? Is the cost
> of doing business based on asserting an identity using even so simple a
> measure as an email confirmation so onerous? Personally, I think domains
> should cost more to register (heresy?) and the added cost should offer the
> registrant and users better protection against fraud and abuse.
The "cost" you speak of need not be a direct monetary price increase
per domain (sorry Chuck, 7% per year was enough!). It could be an
economic cost, such as registrant verification (for instance, through
mailing via postal mail a PIN, like the Canada Revenue Agency does if
you want an online account, or like Nominet uses for .uk domains, or
like some online casinos do for account validation). These have low
costs for legitimate registrants, but high costs for attackers,
because they don't have a limitless supply of phony physical
credentials (i.e. it becomes a chokepoint).
I've mentioned this in the past on various ICANN issues, to the sounds
of silence. :) I would think if it was applied equally to all
registrars, they shouldn't care, as it's still a level playing field.
Accurate verified WHOIS solves a lot of problems, not just fast flux.
Sincerely,
George Kirikos
www.LEAP.com
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|