[gnso-rds-pdp-wg] Domain Name Management

Fri Dec 8 17:02:30 UTC 2017

Andrew,

I would say that those who considering themselves to be performing "domain
name management" (or "domain name portfolio management") would consider
third-party monitoring and detection of takeovers by unauthorized actors to
be part of their management tasks.  Taxonomically, we might want to parse
the various aspects of what domain name managers do -- but practically,
it's part of the job.

Greg

On Fri, Dec 8, 2017 at 11:58 AM, Greg Shatan <gregshatanipc at gmail.com>
wrote:

> I don't think a "value-add" registrar service would or should be a
> substitute for free and open WHOIS.  But nice try.
>
> On Fri, Dec 8, 2017 at 11:54 AM, John Horton via gnso-rds-pdp-wg <
> gnso-rds-pdp-wg at icann.org> wrote:
>
>> Reminds me of Stephen Michael Cohen, for those of you who have been
>> around long enough to remember the sex.com takeover! (Side note: he
>> currently runs a rogue internet pharmacy affiliate network.) Speaking of
>> takeovers.
>>
>> John Horton
>> President and CEO, LegitScript
>>
>>
>> *Follow LegitScript*: LinkedIn
>> <http://www.linkedin.com/company/legitscript-com>  |  Facebook
>> <https://www.facebook.com/LegitScript>  |  Twitter
>> <https://twitter.com/legitscript>  |  *Blog
>> <http://blog.legitscript.com/>*  |  Newsletter
>> <http://go.legitscript.com/Subscription-Management.html>
>>
>>
>>
>>
>> On Fri, Dec 8, 2017 at 8:49 AM, allison nixon <elsakoo at gmail.com> wrote:
>>
>>> Once a registrant's account is taken over, the legitimate registrant
>>> effectively becomes a third party.
>>>
>>> "ownership certification" should be the bare minimum for every single
>>> registrar. It's perverse to say that protections from account takeover
>>> should be a premium, optional service.
>>>
>>> It is the fundamental function of the service itself. Most major
>>> registrars recognize this and offer 2fa for free, especially after some
>>> high profile takeovers damaged their brand.
>>>
>>> On Fri, Dec 8, 2017 at 11:41 AM, Andrew Sullivan <ajs at anvilwalrusden.com
>>> > wrote:
>>>
>>>> Hi,
>>>>
>>>> Are you proposing that "domain name management" includes third-party
>>>> monitoring and detection of takeovers by unauthorized actors?
>>>>
>>>> Best regards,
>>>>
>>>> A
>>>>
>>>> On Fri, Dec 08, 2017 at 11:33:27AM -0500, allison nixon wrote:
>>>> > Even from the point of view of the person controlling the domain, the
>>>> > outside verification is extremely valuable. Incidents of account
>>>> takeover
>>>> > don't always end well for the original account holder, and companies
>>>> in
>>>> > general (not just registrars, but telcos, social media companies,
>>>> etc), are
>>>> > NOT forthcoming about details about what the bad actor did while
>>>> signed
>>>> > into the victim's account. Sometimes this is due to bad customer
>>>> service,
>>>> > or bad internal recordkeeping. Many instances of failure to return the
>>>> > account to the owner is actually because historical account data is
>>>> NOT
>>>> > saved by the company.
>>>> >
>>>> > For the domain takeover incidents I have seen, the current and
>>>> historical
>>>> > WHOIS record is not just evidence, but it is sometimes the only
>>>> evidence
>>>> > available as to when the activity started, what was affected, and
>>>> what was
>>>> > attempted. Not only that, but it serves as outside verifiable
>>>> evidence that
>>>> > the original registrant *really was* the original registrant. Without
>>>> that,
>>>> > we take the registrar's word for everything, which may or may not be
>>>> > accurate or complete.
>>>> >
>>>> >
>>>> > On Fri, Dec 8, 2017 at 11:27 AM, Andrew Sullivan <
>>>> ajs at anvilwalrusden.com>
>>>> > wrote:
>>>> >
>>>> > > On Fri, Dec 08, 2017 at 11:13:53AM -0500, allison nixon wrote:
>>>> > > > >>Whois can be an indicator of ownership but it is not evidence.
>>>> > > >
>>>> > > > No, it is evidence and it has been used as evidence in the past.
>>>> For
>>>> > > > example one case years ago when some Army domains were hijacked
>>>> and the
>>>> > > > WHOIS data was changed to the name of a hacker gang. the
>>>> historical whois
>>>> > > > data, the date of the change, and other factors were used as
>>>> evidence for
>>>> > > > the timeline of events. And the people constructing that timeline
>>>> were
>>>> > > not
>>>> > > > working for the Army and didn't own the registrar account.
>>>> > >
>>>> > > Well, ok, but that doesn't mean this is domain name management,
>>>> > > either.  It might be some other use case (I think it probably is --
>>>> > > abuse prevention or something).  The management case does seem to me
>>>> > > to be only those who are directly interested in the normal operation
>>>> > > of the domain from the point of view of controlling it, and the only
>>>> > > question is whether the interested parties are necessarily somehow
>>>> > > involved in the contractual relationship with the registry and
>>>> > > involved registrars.  I think Volker is saying, "Yes," and I'm
>>>> saying,
>>>> > > "Maybe not."
>>>> > >
>>>> > > Best regards,
>>>> > >
>>>> > > A
>>>> > >
>>>> > >
>>>> >
>>>> >
>>>> >
>>>>
>>>> --
>>>> Andrew Sullivan
>>>> ajs at anvilwalrusden.com
>>>> _______________________________________________
>>>> gnso-rds-pdp-wg mailing list
>>>> gnso-rds-pdp-wg at icann.org
>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>
>>>
>>>
>>>
>>> --
>>> _________________________________
>>> Note to self: Pillage BEFORE burning.
>>>
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171208/85913061/attachment.html>