Re: [gnso-raa-b] Meeting Invitation / RAA Sub Team B / Monday 08 February 2010 @ 1800 UTC

["Michele Neylon :: Blacknight" <michele@xxxxxxxxxxxxx>]

On 8 Feb 2010, at 00:20, Holly Raiche wrote:

> HI Steven
> 
> The item on steps registrars can take is in SAC040 - and lists steps 
> registrars can take - hard to summarise

Domain hijacking etc.,

It's worth reading, but it would be very hard to implement ALL of their 
suggestions while maintaining reasonable pricing etc., Also, some of their 
suggestions would render domain management almost unworkable for non-corporate 
registrants (read the section about DNS changes for example)

Some of it is common sense eg. using role accounts for company registrations 
instead of allowing individual employees' email addresses to be used

Verisign has introduced a premium service in recent months which would suit 
"high value" domains, but I suspect that most "normal" registrants wouldn't 
recognise the value in this kind of service.

The security level / standard discussion came up a couple of times in recent 
ICANN meetings, but I don't recall if anyone settled on anything that they 
could all agree on. PCI compliance, as mentioned in the document, is probably 
the most appropriate measure, since most registrars process payment by credit 
card and would have to be PCI compliant at some level.


> The next is SAC 028 on what registrars can do to deter impersonation phishing 
> attacks, and gives recommendations on what information should - and should 
> not  -be in email contact with registrants.  

SAC028 is mainly common sense, but unfortunately trying to balance security 
concerns with ease of use causes headaches ie. from our experience if we don't 
include account specific info in emails registrants complain

> I'm appreciate Michaela's response to the recommendations  as well


You mean me?? :)


> 
> Holly
> On 08/02/2010, at 10:25 AM, Metalitz, Steven wrote:
> 
>> Thanks Holly this is helpful! If anyone can summarize what is in SSAC 
>> recommendations re malicious conduct that would further facilitate our call 
>> tomorrow.
>> 
>> Steve
>> 
>> 
>> From: Holly Raiche 
>> To: Metalitz, Steven 
>> Cc: Gisella.Gruber-White@xxxxxxxxx ; gnso-raa-b@xxxxxxxxx 
>> Sent: Sun Feb 07 14:58:13 2010
>> Subject: Re: [gnso-raa-b] Meeting Invitation / RAA Sub Team B / Monday 08 
>> February 2010 @ 1800 UTC 
>> 
>> Hi Steven and Everyone
>> 
>> I note that there is a list of issues all run together that I raised and 
>> that are in the matrix
>> 
>> To save a bit of time on discussion, I suggest the following:
>> the suggestion on redirection is perhaps better discussed under topic 2
>> steps registrars can take, and the later item on actions registrars can take 
>> on phishing are perhaps better located in topic 3
>> the abuse point of contact we have already discussed under 3.4
>> whois data accuracy has already been discussed under topic 6
>> front running is already covered under 2.1  
>> 
>> So really the only new items are about steps registrars can take to stop 
>> malicious conduct
>> 
>> That should make the discussion a lot shorter
>> 
>> Kind regards
>> 
>> Holly Raiche
>> Executive Director,
>> Internet Society of Australia (ISOC-AU)
>> ed@xxxxxxxxxxxxxx
>> Mob: 0412 688 544
>> Ph: (02) 9436 2149
>> 
>> The Internet is For Everyone
>> 
>> 
>> 
>> 
> 
> Kind regards
> 
> Holly Raiche
> Executive Director,
> Internet Society of Australia (ISOC-AU)
> ed@xxxxxxxxxxxxxx
> Mob: 0412 688 544
> Ph: (02) 9436 2149
> 
> The Internet is For Everyone
> 
> 
> 
> 

Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
http://www.blacknight.com/
http://blog.blacknight.com/
http://mneylon.tel
Intl. +353 (0) 59  9183072
US: 213-233-1612
UK: 0844 484 9361
Locall: 1850 929 929
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 1 4811 763
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business  
Park,Sleaty
Road,Graiguecullen,Carlow,Ireland  Company No.: 370845