[gnso-rds-pdp-wg] Domain Name Management

John Horton john.horton at legitscript.com
Fri Dec 8 16:54:17 UTC 2017 

Reminds me of Stephen Michael Cohen, for those of you who have been around
long enough to remember the sex.com takeover! (Side note: he currently runs
a rogue internet pharmacy affiliate network.) Speaking of takeovers.

John Horton
President and CEO, LegitScript


*Follow LegitScript*: LinkedIn
<http://www.linkedin.com/company/legitscript-com>  |  Facebook
<https://www.facebook.com/LegitScript>  |  Twitter
<https://twitter.com/legitscript>  |  *Blog <http://blog.legitscript.com/>*
  |  Newsletter <http://go.legitscript.com/Subscription-Management.html>




On Fri, Dec 8, 2017 at 8:49 AM, allison nixon <elsakoo at gmail.com> wrote:

> Once a registrant's account is taken over, the legitimate registrant
> effectively becomes a third party.
>
> "ownership certification" should be the bare minimum for every single
> registrar. It's perverse to say that protections from account takeover
> should be a premium, optional service.
>
> It is the fundamental function of the service itself. Most major
> registrars recognize this and offer 2fa for free, especially after some
> high profile takeovers damaged their brand.
>
> On Fri, Dec 8, 2017 at 11:41 AM, Andrew Sullivan <ajs at anvilwalrusden.com>
> wrote:
>
>> Hi,
>>
>> Are you proposing that "domain name management" includes third-party
>> monitoring and detection of takeovers by unauthorized actors?
>>
>> Best regards,
>>
>> A
>>
>> On Fri, Dec 08, 2017 at 11:33:27AM -0500, allison nixon wrote:
>> > Even from the point of view of the person controlling the domain, the
>> > outside verification is extremely valuable. Incidents of account
>> takeover
>> > don't always end well for the original account holder, and companies in
>> > general (not just registrars, but telcos, social media companies, etc),
>> are
>> > NOT forthcoming about details about what the bad actor did while signed
>> > into the victim's account. Sometimes this is due to bad customer
>> service,
>> > or bad internal recordkeeping. Many instances of failure to return the
>> > account to the owner is actually because historical account data is NOT
>> > saved by the company.
>> >
>> > For the domain takeover incidents I have seen, the current and
>> historical
>> > WHOIS record is not just evidence, but it is sometimes the only evidence
>> > available as to when the activity started, what was affected, and what
>> was
>> > attempted. Not only that, but it serves as outside verifiable evidence
>> that
>> > the original registrant *really was* the original registrant. Without
>> that,
>> > we take the registrar's word for everything, which may or may not be
>> > accurate or complete.
>> >
>> >
>> > On Fri, Dec 8, 2017 at 11:27 AM, Andrew Sullivan <
>> ajs at anvilwalrusden.com>
>> > wrote:
>> >
>> > > On Fri, Dec 08, 2017 at 11:13:53AM -0500, allison nixon wrote:
>> > > > >>Whois can be an indicator of ownership but it is not evidence.
>> > > >
>> > > > No, it is evidence and it has been used as evidence in the past. For
>> > > > example one case years ago when some Army domains were hijacked and
>> the
>> > > > WHOIS data was changed to the name of a hacker gang. the historical
>> whois
>> > > > data, the date of the change, and other factors were used as
>> evidence for
>> > > > the timeline of events. And the people constructing that timeline
>> were
>> > > not
>> > > > working for the Army and didn't own the registrar account.
>> > >
>> > > Well, ok, but that doesn't mean this is domain name management,
>> > > either.  It might be some other use case (I think it probably is --
>> > > abuse prevention or something).  The management case does seem to me
>> > > to be only those who are directly interested in the normal operation
>> > > of the domain from the point of view of controlling it, and the only
>> > > question is whether the interested parties are necessarily somehow
>> > > involved in the contractual relationship with the registry and
>> > > involved registrars.  I think Volker is saying, "Yes," and I'm saying,
>> > > "Maybe not."
>> > >
>> > > Best regards,
>> > >
>> > > A
>> > >
>> > >
>> >
>> >
>> >
>>
>> --
>> Andrew Sullivan
>> ajs at anvilwalrusden.com
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>
>
>
> --
> _________________________________
> Note to self: Pillage BEFORE burning.
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171208/0a9eeff4/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list