RE: [gnso-irtp-b-jun09] Comment on sub group discussion
- To: "Erdman, Kevin R." <Kevin.Erdman@xxxxxxxxxx>, "Gnso-irtp-b-jun09@xxxxxxxxx" <Gnso-irtp-b-jun09@xxxxxxxxx>
- Subject: RE: [gnso-irtp-b-jun09] Comment on sub group discussion
- From: Oliver Hope <oliver.hope@xxxxxxxxxxxxxxx>
- Date: Wed, 5 Jan 2011 13:17:03 +0000
I think you raise a good point. The important thing for me is the knowledge
about the 60 day window being available for all. This is also what concerns me
with the availability of a best practice recommendation (on how to prevent
hijacking in the first place). I believe making this information available to
all could make life very difficult. If we make the best practice procedures
available to the hijackers, then we are telling them what they need to get
I appreciate that the 60 day window is already available for all to see, if you
look in the right places. I’m concerned about publishing a guidebook of best
practices, which doesn’t exactly relate to your scenario, but if the hijacker
didn’t know about the 60 window then that situation would not have been
possible. So you can see the relation, hence I thought I would raise the point
I know it’s going off on a slight tangent from what you have outlined below,
but I would be interested to hear who the proposed recommendation of best
practices will be available to. (to clarify I am referring to: Question 10: In
addition to recommendation 1, an additional recommendation should be developed
that addresses proactive measures to prevent hijacking.)
I am assuming that someone who wants to hijack a domain is not a petty
criminal, but one who actually thinks about the process and works hard on it.
i.e. they are not an idiot – so they will look at the guidelines available in
the first place, and do their best to get around them.
Just my thoughts on this one particular issue.
Regards to all.
Finance & Operations Director
From: Erdman, Kevin R. [mailto:Kevin.Erdman@xxxxxxxxxx]
Sent: 04 January 2011 17:08
Subject: [gnso-irtp-b-jun09] Comment on sub group discussion
All who were on the subgroup call (and anyone else interested)—One comment that
many made during the sub group session was that when someone’s web site is
hijacked, they know about it very quickly.
I wanted to bring up the following scenario for a hijacking:
Let’s say that I am a hijacker, and I just obtained control over the domain
Let’s say I know about this 60 day window as a way to prevent me from securing
my hijacked domain with the registrar mobster.com (mobster.com is located in a
lawless jurisdiction and does not cooperate on returns).
What I do is keep the traffic flowing to reallybigwebsite.com for at least the
60 day period. The proprietors of reallybigwebsite.com do not realize that I
have control of the domain.
Around day 70 or so of my control, I transfer the domain to mobster.com and
start wrecking havoc with the traffic to reallybigwebsite.com. In this case,
the proprietor of the web site did not immediately recognize the loss of
control of the domain, but needs the rapid return mechanism.
Maybe this is an unlikely scenario, but would be one way to work around the
urgent return mechanism.
Also, the conference organizer contacted me after the call to explain that the
mute/unmute works better over traditional lines rather than google’s voip
connection. My apologies for interrupting the smooth flow of good discussion.
Kevin R Erdman T: 317.237.1029 | F: 317.237.8521 | C: 317.289.3934
Intellectual Property, Internet, and Information Attorney, Registered Patent
BAKER & DANIELS LLP WWW.BAKERDANIELS.COM<http://www.bakerdaniels.com/> 300 N.
MERIDIAN STREET, SUITE 2700 | INDIANAPOLIS, IN 46204
To ensure compliance with applicable Internal Revenue Service Regulations,
we inform you that any tax advice contained in this electronic message was
not intended or written to be used, and cannot be used, for the purpose of
avoiding penalties under the Internal Revenue Code.
This message and all its attachments are PRIVATE and may contain
information that is CONFIDENTIAL and PRIVILEGED.
If you received this message in error, please notify the sender by reply
e-mail and delete the message immediately.