[gnso-rap-dt] Some documentation on "use of stolen credentials"
Hello team! Sorry I didn't get this out in time for more thorough reading, but this draft should at least help with organizing the discussion on this topic area, which has ranged around quite a bit. I concentrated on getting definitions in-place and exposing many of the abuses that have been seen, as they are disparate and we've had a tendency to concentrate on one or two aspects. As you can see from this document, I've identified three distinct types of "stolen credentials" plus some different ways they are abused in the domain registration process. The three distinct types of credentials I have identified are "identity", "access", and "financial". I took the liberty of throwing in some analysis of the topics, trying to cover several of the things that have been said the past couple weeks. I have also put in place-holders for some ideas that may make sense to address the different types of stolen credentials being abused that we can flesh out better after some more discussion. DOC and PDF formats attached. Best Regards, Rod Attachment:
RAP WG - Use of Stolen Credentials.pdf Attachment:
RAP WG - Use of Stolen Credentials.doc
|