<div>please start sending all ICANN and BC emails to <a href="mailto:bullypulpit2002@yahoo.com">bullypulpit2002@yahoo.com</a>.</div>
<div> </div>
<div>Please take this email off the list and replace it with <a href="mailto:bullypulpit2002@yahoo.com">bullypulpit2002@yahoo.com</a>.<br><br></div>
<div class="gmail_quote">On Mon, Jun 29, 2009 at 6:20 AM, George Kirikos <span dir="ltr"><<a href="mailto:icann@leap.com">icann@leap.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"><br>Hi folks,<br><br>VeriSign intends to offer 2-factor security and a better registry<br>lock, see requests 200904 and 200905:<br>
<br><a href="http://www.icann.org/en/registries/rsep/" target="_blank">http://www.icann.org/en/registries/rsep/</a><br><a href="http://www.icann.org/registries/rsep/verisign-auth-request-25jun09.pdf" target="_blank">http://www.icann.org/registries/rsep/verisign-auth-request-25jun09.pdf</a><br>
<a href="http://www.icann.org/registries/rsep/verisign-reglock-request-25jun09.pdf" target="_blank">http://www.icann.org/registries/rsep/verisign-reglock-request-25jun09.pdf</a><br><br>I've long been in favour of 2-factor security, so this might be very<br>
positive. However, it concerns me that VeriSign might be abusing its<br>monopoly to overcharge for the services relative to what the price<br>would be with competition. Indeed, for those who've cared about<br>"tiered pricing" you'll note they even use the phrase in the section<br>
on pricing for the registry lock service (i.e. page 4, "VeriSign<br>intends to charge registrars based on the market value of the Registry<br>Lock Service. VeriSign expects to offer a tiered pricing model").<br>
<br>Furthermore, given the lawsuit out there attempting to break<br>VeriSign's abusive monopoly, which would hopefully eventually lead to<br>regular tender process for dot-com (and other gTLDs) it is important<br>to ensure that these new services don't help VeriSign solidify vendor<br>
lock-in, and that they can be transitioned to a new registry operator<br>should a competitor end up winning a future tender process.<br><br>Also in general it's a good idea to raise security for *everyone* and<br>not just those willing and able to pay a premium. One will note PayPal<br>
only charges a one-time fee of $5 for their security key (for their<br>2-factor security) or $0 for SMS, and then the ongoing costs are $0.<br><br><a href="https://www.paypal.com/securitykey" target="_blank">https://www.paypal.com/securitykey</a><br>
<br>That security key that PayPal uses comes from VeriSign:<br><br><a href="http://www.infoworld.com/d/security-central/paypal-ebay-offer-security-key-us-customers-724" target="_blank">http://www.infoworld.com/d/security-central/paypal-ebay-offer-security-key-us-customers-724</a><br>
<br>VeriSign should not be able to abuse its monopoly by overcharging for<br>long-needed security updates for registrants.<br><br>Sincerely,<br><font color="#888888"><br>George Kirikos<br>416-588-0269<br><a href="http://www.leap.com/" target="_blank">http://www.leap.com/</a><br>
</font></blockquote></div><br>