<<<
Chronological Index
>>> <<<
Thread Index
>>>
Consumer protective strategies thwarted by large influx of tasting domains
- To: <rfi-domaintasting@xxxxxxxxx>
- Subject: Consumer protective strategies thwarted by large influx of tasting domains
- From: <Douglas_Otis@xxxxxxxxxxxxxx>
- Date: Tue, 14 Aug 2007 12:23:47 -0700
Various enterprises offer a range of Internet protective services. Many of
these services attempt to leverage information collected of the domain holder's
behavior. As new domains are introduced, a sizable process is in place to
correlate domain information to discover possible associations with prior
domains. Domain histories and data correlation thereby identify potential
threats which often results in additional analysis. The product of this effort
is often an assessment made available to the protective service subscribers.
Domain tasting will delay and significantly increase the costs associated with
all phases of a protective process.
Registries accommodate a flood of speculative domain registrations and appear
to recoup expenses from an extremely small percentage of completed
transactions. Protective services must evaluate this influx that now exceeds
the number of existing domains in as little as a few weeks. Protective
services need to publish their assessments in a timely fashion. Even when
limited to changing domains, this now represents a large amount of data to be
made available to subscribers. Unfettered registration of millions of domains
without a reasonable fee must end, as this seriously impairs, delays, and
increases the costs related to consumer protections.
If consumer protections were to become a paramount concern, advanced
notification of changes should be provided prior to publication in DNS. Domain
holders should be able to anticipate their registry publications. When there
is an emergency or exigent situation, some accommodation can be made, but at a
fee that makes such exceptional activity uncommon. Existing domain owners and
enforcement agencies should be allowed to flag potential problems as part of an
advanced publication process. Notifications of publication thereby affords
enforcement agencies time to monitor and perhaps prevent criminal activity.
While milli-second delays in publication are technically feasible, this ability
is being abused by a growing criminal element and must be reconsidered. Just
as delays in processing are common in the hand gun trade, so should there be
delays in processing of domain information for comparable reasons. While
registries and registrars may not vet who is permitted access, protective
services and enforcement agencies should be afforded an opportunity to curtail
rampant criminals instead.
While domain tasting might generate marginal revenues for registries, it
creates at a sizable cost for protective services. Avoiding additional network
traffic is critical, as publication represent a substantial component of
overall overhead. Additional network traffic and associated delays also
diminishes the user's experience. For the Internet and related protections to
flourish, the infrastructure must ensure criminals are afforded few places to
hide. End the domain look-alike and typo-squatting. End the smash and dash
tactics made possible by ill conceived rapid registry services. The registries
must better consider the role they play as a network citizen, and whether their
tactics foster or obscure criminal activity.
Douglas Otis
Trend Micro, Inc.
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential and
may be subject to copyright or other intellectual property protection. If you
are not the intended recipient, you are not authorized to use or disclose this
information, and we request that you notify us by reply mail or telephone and
delete the original message from your mail system.
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|