RE: [gnso-irtp-b-jun09] Comment on sub group discussion

[Oliver Hope <oliver.hope@xxxxxxxxxxxxxxx>]

Therefore it raises the question should a best practice recommendation be 
published? Personally I think no. 

Most of the people who would use the recommendation would probably have been 
doing most of the recommendations already, and as it's only best practice 
guidelines it won't ensure compliance. Therefore we are simply providing the 
"scumbags" with a the "howto" guide you mention.

I think this recommendation would bring more harm than good.

Oliver Hope
Finance & Operations Director
MeshDigital
+44(0)1483 304030
oliver.hope@xxxxxxxxxxxxxxx

-----Original Message-----
From: Michele Neylon :: Blacknight [mailto:michele@xxxxxxxxxxxxx] 
Sent: 05 January 2011 13:21
To: Oliver Hope
Cc: Erdman, Kevin R.; Gnso-irtp-b-jun09@xxxxxxxxx
Subject: Re: [gnso-irtp-b-jun09] Comment on sub group discussion

Oliver

This is an issue that keeps coming up in relation to security (in the broadest 
sense)

If the guidelines / policies / procedures are shared then we're basically 
providing scumbags with a nice "howto"

Of course if it's a policy it's going to have to be published .. 

Even if it's a "best practice" it will still be in the public eye .. 

The only way to share data like this "securely" is to do so behind closed 
doors, but that obviously opens another can of worms .. 

M

On 5 Jan 2011, at 13:17, Oliver Hope wrote:

> Hi Kevin,
>  
> I think you raise a good point. The important thing for me is the knowledge 
> about the 60 day window being available for all. This is also what concerns 
> me with the availability of a best practice recommendation (on how to prevent 
> hijacking in the first place). I believe making this information available to 
> all could make life very difficult. If we make the best practice procedures 
> available to the hijackers, then we are telling them what they need to get 
> around.
>  
> I appreciate that the 60 day window is already available for all to see, if 
> you look in the right places. I'm concerned about publishing a guidebook of 
> best practices, which doesn't exactly relate to your scenario, but if the 
> hijacker didn't know about the 60 window then that situation would not have 
> been possible. So you can see the relation, hence I thought I would raise the 
> point here.
>  
> I know it's going off on a slight tangent from what you have outlined below, 
> but I would be interested to hear who the proposed recommendation of best 
> practices will be available to. (to clarify I am referring to: Question 10: 
> In addition to recommendation 1, an additional recommendation should be 
> developed that addresses proactive measures to prevent hijacking.)
>  
> I am assuming that someone who wants to hijack a domain is not a petty 
> criminal, but one who actually thinks about the process and works hard on it. 
> i.e. they are not an idiot - so they will look at the guidelines available in 
> the first place, and do their best to get around them.
>  
> Just my thoughts on this one particular issue.
>  
> Regards to all.
>  
> Oliver Hope
> Finance & Operations Director
> MeshDigital
> +44(0)1483 304030
> oliver.hope@xxxxxxxxxxxxxxx
>  
> From: Erdman, Kevin R. [mailto:Kevin.Erdman@xxxxxxxxxx] 
> Sent: 04 January 2011 17:08
> To: Gnso-irtp-b-jun09@xxxxxxxxx
> Subject: [gnso-irtp-b-jun09] Comment on sub group discussion
>  
> All who were on the subgroup call (and anyone else interested)-One comment 
> that many made during the sub group session was that when someone's web site 
> is hijacked, they know about it very quickly.
>  
> I wanted to bring up the following scenario for a hijacking:
>  
> Let's say that I am a hijacker, and I just obtained control over the domain 
> reallybigwebsite.com
>  
> Let's say I know about this 60 day window as a way to prevent me from 
> securing my hijacked domain with the registrar mobster.com (mobster.com is 
> located in a lawless jurisdiction and does not cooperate on returns).
>  
> What I do is keep the traffic flowing to reallybigwebsite.com for at least 
> the 60 day period.  The proprietors of reallybigwebsite.com do not realize 
> that I have control of the domain.
> Around day 70 or so of my control, I transfer the domain to mobster.com and 
> start wrecking havoc with the traffic to reallybigwebsite.com.  In this case, 
> the proprietor of the web site did not immediately recognize the loss of 
> control of the domain, but needs the rapid return mechanism.
>  
> Maybe this is an unlikely scenario, but would be one way to work around the 
> urgent return mechanism.
>  
> Also, the conference organizer contacted me after the call to explain that 
> the mute/unmute works better over traditional lines rather than google's voip 
> connection.  My apologies for interrupting the smooth flow of good discussion.
> ________________________________________________________________________________________________________
> Kevin R Erdman  T: 317.237.1029 | F: 317.237.8521 | C: 317.289.3934
> Intellectual Property, Internet, and Information Attorney, Registered Patent 
> Attorney
> BAKER & DANIELS LLP WWW.BAKERDANIELS.COM 300 N. MERIDIAN STREET, SUITE 2700 | 
> INDIANAPOLIS, IN 46204
> ----------------------------
> ATTENTION:
>  
> To ensure compliance with applicable Internal Revenue Service Regulations,
> we inform you that any tax advice contained in this electronic message was
> not intended or written to be used, and cannot be used, for the purpose of
> avoiding penalties under the Internal Revenue Code.
>  
>  
> This message and all its attachments are PRIVATE and may contain
> information that is CONFIDENTIAL and PRIVILEGED.
>  
> If you received this message in error, please notify the sender by reply 
> e-mail and delete the message immediately.
>  

Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
ICANN Accredited Registrar
http://www.blacknight.com/
http://blog.blacknight.com/
http://blacknight.mobi/
http://mneylon.tel
Intl. +353 (0) 59  9183072
US: 213-233-1612 
UK: 0844 484 9361
Locall: 1850 929 929
Direct Dial: +353 (0)59 9183090
Twitter: http://twitter.com/mneylon

PS: Check out our latest offers on domains & hosting: http://domainoffers.me/
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,Ireland  Company No.: 370845