RE: [gnso-ff-pdp-may08] Registrant Verification: additional language for 5.7

["Diaz, Paul" <pdiaz@xxxxxxxxxxxxxxxxxxxx>]

Dave,

Isn't this thread resurrecting the "who pays" debates we had early on in
this WG?  I'm troubled that such a potentially significant
recommendation is being made (and supported) relatively late in the
drafting process - especially as this proposal seems beyond the mandate
of the FF WG (i.e. should be part of the WHOIS debate).  

I thought we were at the final editing stage of the draft Initial
Report, not inserting major new initiatives.  While we could suggest
that further study be done into verification technologies, can we
develop the list of recommendations you're envisioning in short order?
Importantly, even if some WG participants can pull together language
quickly, I'd believe that we will have to include "the group did not
reach consensus or endorse any of them" in the section header (this
disclaimer is currently marked as "tentative" text).


-----Original Message-----
From: owner-gnso-ff-pdp-may08@xxxxxxxxx
[mailto:owner-gnso-ff-pdp-may08@xxxxxxxxx] On Behalf Of Dave Piscitello
Sent: Wednesday, October 29, 2008 3:20 PM
To: Paul Stahura; George Kirikos; Fast Flux Workgroup
Subject: Re: [gnso-ff-pdp-may08] Registrant Verification: additional
language for 5.7


Not all verification procedures are as easily defeated as ones you
appear to
mention. Requiring physical documentation is expensive, not easily
defeated
and possibly not conducive to high volume transaction businesses. Using
captcha is cheap (free even), fast, but it can be defeated more easily
than
physical documentation. What does this approach yield us?

This approach (my opinion) doesn't help anyone who wants to improve
verification procedures as much as a list of verification methods that
are
implemented by registrars, subscription portals, intranets, government
and
financial sites, etc. If I were a registrar or reseller, I think I'd
love to
have someone expose the full playing field of verification opportunities
that could defeat the bad guys.

Once you have a list, then you start to study which are effective,
expensive, etc. no?


On 10/29/08 3:08 PM  Oct 29, 2008, "Paul Stahura"
<Paul.Stahura@xxxxxxxx>
wrote:

> George,
>
> Before we go there, shouldn't we show that putting these (probably
expensive)
> "verification" procedures in place actually prevents the bad thing
(certain
> fast fluxing names in this case)?
>
> Plus "verification" is easily defeated by the bad guys - city matches
state,
> matches zip etc.
>
> And that's only if the bad guys are really using "bad whois" when
registering
> domains used in bad fast-flux activities.
> Don't that bad guys actually use good whois/credit card info/etc when
> registering a fast-flux name (so it stays up longer)?
>
> I disagree with your proposed change
>
>
> -----Original Message-----
> From: owner-gnso-ff-pdp-may08@xxxxxxxxx
> [mailto:owner-gnso-ff-pdp-may08@xxxxxxxxx] On Behalf Of Dave
Piscitello
> Sent: Monday, October 27, 2008 2:00 PM
> To: George Kirikos; Fast Flux Workgroup
> Subject: Re: [gnso-ff-pdp-may08] Registrant Verification: additional
language
> for 5.7
>
>
> HI George,
>
>
>
> This is an important point. Perhaps you might say "additional" rather
than
> "stronger" and amplify by giving an example or two of the kinds of
> verification procedures the GNSO should consider?
>
>
> On 10/27/08 4:49 PM  Oct 27, 2008, "George Kirikos"
<fastflux@xxxxxxxx>
> wrote:
>
>>
>>
>> Hi,
>>
>> In 5.7 of the document, for "active engagement" ideas (starting at
>> line 926), I'd propose adding the following point, say between line
>> 930 and line 931 of the current document or at line 947:
>>
>> - stronger registrant verification procedures
>>
>> Note, this can be accomplished without affecting the display of
public
>> WHOIS (i.e. verification takes place by registrar or registry, but
>> WHOIS display is unaffected, in particular they can continue to use
>> privacy services).
>>
>> Sincerely,
>>
>> George Kirikos
>> www.LEAP.com
>
>