<<<
Chronological Index
>>> <<<
Thread Index
>>>
[gnso-irtp-b-jun09] Additional language for recommendation #2
- To: "Gnso-irtp-b-jun09@xxxxxxxxx" <Gnso-irtp-b-jun09@xxxxxxxxx>
- Subject: [gnso-irtp-b-jun09] Additional language for recommendation #2
- From: Marika Konings <marika.konings@xxxxxxxxx>
- Date: Tue, 8 Feb 2011 08:06:47 -0800
Dear All,
As discussed on today's call, please find below the language proposed by Dave
Piscitello to be added to recommendation #2 (The WG notes that in addition to
reactive measures such as outlined in recommendation #1, proactive measures to
prevent hijacking are of the utmost importance. As such, the WG strongly
recommends the promotion by ALAC and other ICANN structures of the measures
outlined in the recent report of the Security and Stability Advisory Committee
on A Registrant's Guide to Protecting Domain Name Registration Accounts (SAC
044<http://www.icann.org/en/committees/security/sac044.pdf>)).
Please share your comments, edits and/or suggestions with the mailing list.
Best regards,
Marika
=====================
Proposed addition to recommendation #2
In particular, the IRTP WG recommends that registrants consider the measures to
protect domain registrar accounts against compromise and misuse described in
SAC044, Section 5. These include practical measures that registrants can
implement "in house", such as ways to protect account credentials and how to
incorporate domain name registrations into employee or resource management
programs typically found in medium and large businesses. It suggests ways that
registrants can use renewal and change notifications from registrars as part of
an early warning or alerting system for possible account compromise.
SAC 044 also discusses the importance of maintaining accurate domain name
contact information. It discusses the value of diversifying domain contact
information (for example, creating separate identities for registrant,
technical, administrative, and billing contacts) and methods to protect email
delivery to the registrant's points of contact against disruption attacks.
SAC044 also identifies types of documentation registrants should maintain to
"prove registration" in cases where disputes might arise.
SSAC recognizes that certain registrants may want external parties to manage
nearly all aspects of domain registration. SAC 044 identifies questions related
to domain account security that registrants can ask so they can make an
informed choice when selecting a registrar or third party (such as an online
brand protection agent or hosting provider).
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|