[gnso-rds-pdp-wg] Domain Name Management

Fri Dec 8 16:49:59 UTC 2017

Once a registrant's account is taken over, the legitimate registrant
effectively becomes a third party.

"ownership certification" should be the bare minimum for every single
registrar. It's perverse to say that protections from account takeover
should be a premium, optional service.

It is the fundamental function of the service itself. Most major registrars
recognize this and offer 2fa for free, especially after some high profile
takeovers damaged their brand.

On Fri, Dec 8, 2017 at 11:41 AM, Andrew Sullivan <ajs at anvilwalrusden.com>
wrote:

> Hi,
>
> Are you proposing that "domain name management" includes third-party
> monitoring and detection of takeovers by unauthorized actors?
>
> Best regards,
>
> A
>
> On Fri, Dec 08, 2017 at 11:33:27AM -0500, allison nixon wrote:
> > Even from the point of view of the person controlling the domain, the
> > outside verification is extremely valuable. Incidents of account takeover
> > don't always end well for the original account holder, and companies in
> > general (not just registrars, but telcos, social media companies, etc),
> are
> > NOT forthcoming about details about what the bad actor did while signed
> > into the victim's account. Sometimes this is due to bad customer service,
> > or bad internal recordkeeping. Many instances of failure to return the
> > account to the owner is actually because historical account data is NOT
> > saved by the company.
> >
> > For the domain takeover incidents I have seen, the current and historical
> > WHOIS record is not just evidence, but it is sometimes the only evidence
> > available as to when the activity started, what was affected, and what
> was
> > attempted. Not only that, but it serves as outside verifiable evidence
> that
> > the original registrant *really was* the original registrant. Without
> that,
> > we take the registrar's word for everything, which may or may not be
> > accurate or complete.
> >
> >
> > On Fri, Dec 8, 2017 at 11:27 AM, Andrew Sullivan <ajs at anvilwalrusden.com
> >
> > wrote:
> >
> > > On Fri, Dec 08, 2017 at 11:13:53AM -0500, allison nixon wrote:
> > > > >>Whois can be an indicator of ownership but it is not evidence.
> > > >
> > > > No, it is evidence and it has been used as evidence in the past. For
> > > > example one case years ago when some Army domains were hijacked and
> the
> > > > WHOIS data was changed to the name of a hacker gang. the historical
> whois
> > > > data, the date of the change, and other factors were used as
> evidence for
> > > > the timeline of events. And the people constructing that timeline
> were
> > > not
> > > > working for the Army and didn't own the registrar account.
> > >
> > > Well, ok, but that doesn't mean this is domain name management,
> > > either.  It might be some other use case (I think it probably is --
> > > abuse prevention or something).  The management case does seem to me
> > > to be only those who are directly interested in the normal operation
> > > of the domain from the point of view of controlling it, and the only
> > > question is whether the interested parties are necessarily somehow
> > > involved in the contractual relationship with the registry and
> > > involved registrars.  I think Volker is saying, "Yes," and I'm saying,
> > > "Maybe not."
> > >
> > > Best regards,
> > >
> > > A
> > >
> > >
> >
> >
> >
>
> --
> Andrew Sullivan
> ajs at anvilwalrusden.com
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>

-- 
_________________________________
Note to self: Pillage BEFORE burning.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171208/2d5f86ae/attachment.html>