[gnso-rds-pdp-wg] Domain Name Management

Andrew Sullivan ajs at anvilwalrusden.com
Fri Dec 8 16:41:16 UTC 2017 

Hi,

Are you proposing that "domain name management" includes third-party
monitoring and detection of takeovers by unauthorized actors?

Best regards,

A

On Fri, Dec 08, 2017 at 11:33:27AM -0500, allison nixon wrote:
> Even from the point of view of the person controlling the domain, the
> outside verification is extremely valuable. Incidents of account takeover
> don't always end well for the original account holder, and companies in
> general (not just registrars, but telcos, social media companies, etc), are
> NOT forthcoming about details about what the bad actor did while signed
> into the victim's account. Sometimes this is due to bad customer service,
> or bad internal recordkeeping. Many instances of failure to return the
> account to the owner is actually because historical account data is NOT
> saved by the company.
> 
> For the domain takeover incidents I have seen, the current and historical
> WHOIS record is not just evidence, but it is sometimes the only evidence
> available as to when the activity started, what was affected, and what was
> attempted. Not only that, but it serves as outside verifiable evidence that
> the original registrant *really was* the original registrant. Without that,
> we take the registrar's word for everything, which may or may not be
> accurate or complete.
> 
> 
> On Fri, Dec 8, 2017 at 11:27 AM, Andrew Sullivan <ajs at anvilwalrusden.com>
> wrote:
> 
> > On Fri, Dec 08, 2017 at 11:13:53AM -0500, allison nixon wrote:
> > > >>Whois can be an indicator of ownership but it is not evidence.
> > >
> > > No, it is evidence and it has been used as evidence in the past. For
> > > example one case years ago when some Army domains were hijacked and the
> > > WHOIS data was changed to the name of a hacker gang. the historical whois
> > > data, the date of the change, and other factors were used as evidence for
> > > the timeline of events. And the people constructing that timeline were
> > not
> > > working for the Army and didn't own the registrar account.
> >
> > Well, ok, but that doesn't mean this is domain name management,
> > either.  It might be some other use case (I think it probably is --
> > abuse prevention or something).  The management case does seem to me
> > to be only those who are directly interested in the normal operation
> > of the domain from the point of view of controlling it, and the only
> > question is whether the interested parties are necessarily somehow
> > involved in the contractual relationship with the registry and
> > involved registrars.  I think Volker is saying, "Yes," and I'm saying,
> > "Maybe not."
> >
> > Best regards,
> >
> > A
> >
> >
> 
> 
> 

-- 
Andrew Sullivan
ajs at anvilwalrusden.com

More information about the gnso-rds-pdp-wg mailing list