[gnso-rds-pdp-wg] Domain Name Management

Greg Shatan gregshatanipc at gmail.com
Fri Dec 8 16:58:43 UTC 2017 

I don't think a "value-add" registrar service would or should be a
substitute for free and open WHOIS.  But nice try.

On Fri, Dec 8, 2017 at 11:54 AM, John Horton via gnso-rds-pdp-wg <
gnso-rds-pdp-wg at icann.org> wrote:

> Reminds me of Stephen Michael Cohen, for those of you who have been around
> long enough to remember the sex.com takeover! (Side note: he currently
> runs a rogue internet pharmacy affiliate network.) Speaking of takeovers.
>
> John Horton
> President and CEO, LegitScript
>
>
> *Follow LegitScript*: LinkedIn
> <http://www.linkedin.com/company/legitscript-com>  |  Facebook
> <https://www.facebook.com/LegitScript>  |  Twitter
> <https://twitter.com/legitscript>  |  *Blog
> <http://blog.legitscript.com/>*  |  Newsletter
> <http://go.legitscript.com/Subscription-Management.html>
>
>
>
>
> On Fri, Dec 8, 2017 at 8:49 AM, allison nixon <elsakoo at gmail.com> wrote:
>
>> Once a registrant's account is taken over, the legitimate registrant
>> effectively becomes a third party.
>>
>> "ownership certification" should be the bare minimum for every single
>> registrar. It's perverse to say that protections from account takeover
>> should be a premium, optional service.
>>
>> It is the fundamental function of the service itself. Most major
>> registrars recognize this and offer 2fa for free, especially after some
>> high profile takeovers damaged their brand.
>>
>> On Fri, Dec 8, 2017 at 11:41 AM, Andrew Sullivan <ajs at anvilwalrusden.com>
>> wrote:
>>
>>> Hi,
>>>
>>> Are you proposing that "domain name management" includes third-party
>>> monitoring and detection of takeovers by unauthorized actors?
>>>
>>> Best regards,
>>>
>>> A
>>>
>>> On Fri, Dec 08, 2017 at 11:33:27AM -0500, allison nixon wrote:
>>> > Even from the point of view of the person controlling the domain, the
>>> > outside verification is extremely valuable. Incidents of account
>>> takeover
>>> > don't always end well for the original account holder, and companies in
>>> > general (not just registrars, but telcos, social media companies,
>>> etc), are
>>> > NOT forthcoming about details about what the bad actor did while signed
>>> > into the victim's account. Sometimes this is due to bad customer
>>> service,
>>> > or bad internal recordkeeping. Many instances of failure to return the
>>> > account to the owner is actually because historical account data is NOT
>>> > saved by the company.
>>> >
>>> > For the domain takeover incidents I have seen, the current and
>>> historical
>>> > WHOIS record is not just evidence, but it is sometimes the only
>>> evidence
>>> > available as to when the activity started, what was affected, and what
>>> was
>>> > attempted. Not only that, but it serves as outside verifiable evidence
>>> that
>>> > the original registrant *really was* the original registrant. Without
>>> that,
>>> > we take the registrar's word for everything, which may or may not be
>>> > accurate or complete.
>>> >
>>> >
>>> > On Fri, Dec 8, 2017 at 11:27 AM, Andrew Sullivan <
>>> ajs at anvilwalrusden.com>
>>> > wrote:
>>> >
>>> > > On Fri, Dec 08, 2017 at 11:13:53AM -0500, allison nixon wrote:
>>> > > > >>Whois can be an indicator of ownership but it is not evidence.
>>> > > >
>>> > > > No, it is evidence and it has been used as evidence in the past.
>>> For
>>> > > > example one case years ago when some Army domains were hijacked
>>> and the
>>> > > > WHOIS data was changed to the name of a hacker gang. the
>>> historical whois
>>> > > > data, the date of the change, and other factors were used as
>>> evidence for
>>> > > > the timeline of events. And the people constructing that timeline
>>> were
>>> > > not
>>> > > > working for the Army and didn't own the registrar account.
>>> > >
>>> > > Well, ok, but that doesn't mean this is domain name management,
>>> > > either.  It might be some other use case (I think it probably is --
>>> > > abuse prevention or something).  The management case does seem to me
>>> > > to be only those who are directly interested in the normal operation
>>> > > of the domain from the point of view of controlling it, and the only
>>> > > question is whether the interested parties are necessarily somehow
>>> > > involved in the contractual relationship with the registry and
>>> > > involved registrars.  I think Volker is saying, "Yes," and I'm
>>> saying,
>>> > > "Maybe not."
>>> > >
>>> > > Best regards,
>>> > >
>>> > > A
>>> > >
>>> > >
>>> >
>>> >
>>> >
>>>
>>> --
>>> Andrew Sullivan
>>> ajs at anvilwalrusden.com
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>
>>
>>
>>
>> --
>> _________________________________
>> Note to self: Pillage BEFORE burning.
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171208/e4df8170/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list