ICANN ICANN Email List Archives

[gnso-ff-pdp-may08]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [gnso-ff-pdp-may08] Registrant Verification: additional language for 5.7

  • To: Paul Stahura <Paul.Stahura@xxxxxxxx>, George Kirikos <fastflux@xxxxxxxx>, Fast Flux Workgroup <gnso-ff-pdp-May08@xxxxxxxxx>
  • Subject: Re: [gnso-ff-pdp-may08] Registrant Verification: additional language for 5.7
  • From: Dave Piscitello <dave.piscitello@xxxxxxxxx>
  • Date: Wed, 29 Oct 2008 12:19:30 -0700

Not all verification procedures are as easily defeated as ones you appear to
mention. Requiring physical documentation is expensive, not easily defeated
and possibly not conducive to high volume transaction businesses. Using
captcha is cheap (free even), fast, but it can be defeated more easily than
physical documentation. What does this approach yield us?

This approach (my opinion) doesn't help anyone who wants to improve
verification procedures as much as a list of verification methods that are
implemented by registrars, subscription portals, intranets, government and
financial sites, etc. If I were a registrar or reseller, I think I'd love to
have someone expose the full playing field of verification opportunities
that could defeat the bad guys.

Once you have a list, then you start to study which are effective,
expensive, etc. no?


On 10/29/08 3:08 PM  Oct 29, 2008, "Paul Stahura" <Paul.Stahura@xxxxxxxx>
wrote:

> George,
>
> Before we go there, shouldn't we show that putting these (probably expensive)
> "verification" procedures in place actually prevents the bad thing (certain
> fast fluxing names in this case)?
>
> Plus "verification" is easily defeated by the bad guys - city matches state,
> matches zip etc.
>
> And that's only if the bad guys are really using "bad whois" when registering
> domains used in bad fast-flux activities.
> Don't that bad guys actually use good whois/credit card info/etc when
> registering a fast-flux name (so it stays up longer)?
>
> I disagree with your proposed change
>
>
> -----Original Message-----
> From: owner-gnso-ff-pdp-may08@xxxxxxxxx
> [mailto:owner-gnso-ff-pdp-may08@xxxxxxxxx] On Behalf Of Dave Piscitello
> Sent: Monday, October 27, 2008 2:00 PM
> To: George Kirikos; Fast Flux Workgroup
> Subject: Re: [gnso-ff-pdp-may08] Registrant Verification: additional language
> for 5.7
>
>
> HI George,
>
>
>
> This is an important point. Perhaps you might say "additional" rather than
> "stronger" and amplify by giving an example or two of the kinds of
> verification procedures the GNSO should consider?
>
>
> On 10/27/08 4:49 PM  Oct 27, 2008, "George Kirikos" <fastflux@xxxxxxxx>
> wrote:
>
>>
>>
>> Hi,
>>
>> In 5.7 of the document, for "active engagement" ideas (starting at
>> line 926), I'd propose adding the following point, say between line
>> 930 and line 931 of the current document or at line 947:
>>
>> - stronger registrant verification procedures
>>
>> Note, this can be accomplished without affecting the display of public
>> WHOIS (i.e. verification takes place by registrar or registry, but
>> WHOIS display is unaffected, in particular they can continue to use
>> privacy services).
>>
>> Sincerely,
>>
>> George Kirikos
>> www.LEAP.com
>
>





<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy