[bc-gnso] VeriSign to offer 2-factor security and better registry lock

[George Kirikos]

Hi folks,

VeriSign intends to offer 2-factor security and a better registry
lock, see requests 200904 and 200905:

http://www.icann.org/en/registries/rsep/
http://www.icann.org/registries/rsep/verisign-auth-request-25jun09.pdf
http://www.icann.org/registries/rsep/verisign-reglock-request-25jun09.pdf

I've long been in favour of 2-factor security, so this might be very
positive. However, it concerns me that VeriSign might be abusing its
monopoly to overcharge for the services relative to what the price
would be with competition. Indeed, for those who've cared about
"tiered pricing" you'll note they even use the phrase in the section
on pricing for the registry lock service (i.e. page 4, "VeriSign
intends to charge registrars based on the market value of the Registry
Lock Service. VeriSign expects to offer a tiered pricing model").

Furthermore, given the lawsuit out there attempting to break
VeriSign's abusive monopoly, which would hopefully eventually lead to
regular tender process for dot-com (and other gTLDs) it is important
to ensure that these new services don't help VeriSign solidify vendor
lock-in, and that they can be transitioned to a new registry operator
should a competitor end up winning a future tender process.

Also in general it's a good idea to raise security for *everyone* and
not just those willing and able to pay a premium. One will note PayPal
only charges a one-time fee of $5 for their security key (for their
2-factor security) or $0 for SMS, and then the ongoing costs are $0.

https://www.paypal.com/securitykey

That security key that PayPal uses comes from VeriSign:

http://www.infoworld.com/d/security-central/paypal-ebay-offer-security-key-us-customers-724

VeriSign should not be able to abuse its monopoly by overcharging for
long-needed security updates for registrants.

Sincerely,

George Kirikos
416-588-0269
http://www.leap.com/