RE: [gnso-irtp-b-jun09] Additional language for recommendation #2

["James M. Bladel" <jbladel@xxxxxxxxxxx>]

Sorry, I'm not clear on what we are adding.  All three paragraphs?

J.

-------- Original Message --------
Subject: [gnso-irtp-b-jun09] Additional language for recommendation #2
From: Marika Konings <marika.konings@xxxxxxxxx>
Date: Tue, February 08, 2011 10:06 am
To: "Gnso-irtp-b-jun09@xxxxxxxxx" <Gnso-irtp-b-jun09@xxxxxxxxx>

   Dear All,


As discussed on today's call, please find below the language proposed by
Dave Piscitello to be added to recommendation #2 (The WG notes that in
addition to reactive measures such as outlined in recommendation #1,
proactive measures to prevent hijacking are of the utmost importance. As
such, the WG strongly recommends the promotion by ALAC and other ICANN
structures of the measures outlined in the recent report of the Security
and Stability Advisory Committee on A Registrant's Guide to Protecting
Domain Name Registration Accounts (SAC 044)).


Please share your comments, edits and/or suggestions with the mailing
list.


Best regards,


Marika


=====================


Proposed addition to recommendation #2


In particular, the IRTP WG recommends that registrants consider the
measures to protect domain registrar accounts against compromise and
misuse described in SAC044, Section 5. These include practical measures
that registrants can implement "in house", such as ways to protect
account credentials and how to incorporate domain name registrations
into employee or resource management programs typically found in medium
and large businesses. It suggests ways that registrants can use renewal
and change notifications from registrars as part of an early warning or
alerting system for possible account compromise.


SAC 044 also discusses the importance of maintaining accurate domain
name contact information. It discusses the value of diversifying domain
contact information (for example, creating separate identities for
registrant, technical, administrative, and billing contacts) and methods
to protect email delivery to the registrant's points of contact against
disruption attacks. SAC044 also identifies types of documentation
registrants should maintain to "prove registration" in cases where
disputes might arise.


SSAC recognizes that certain registrants may want external parties to
manage nearly all aspects of domain registration. SAC 044 identifies
questions related to domain account security that registrants can ask so
they can make an informed choice when selecting a registrar or third
party (such as an online brand protection agent or hosting provider).