[gnso-rds-pdp-wg] Domain Name Management
Sam Lanfranco
sam at lanfranco.net
Fri Dec 8 17:23:10 UTC 2017
Thanks Greg, I think that you comments are helping bring clarity to
context here. In a couple of sentences let me see if I can capture the
contrast between my discussion of due diligence and your response to it.
I was considering the context of a buyer looking to purchase an existing
domain name and concerned with two things (a) legal ownership, and (b)
any "baggage" that the name might carry. (e.g. my intended day care
domain name was previously a porn site, or a pro-nazi propaganda site).
Your context is dealing with domain name portfolio audits, either within
corporate acquisitions or routine reviews of the integrity of the
ownership of the domain name portfolio. I get the impression that in the
case of entities to be acquired, there is frequently lax and incomplete
corporate information about what they own, where it is, and who has
"ownership" control. /In that case it is inadequate to ask the entity
for that information/, since they likely do not have a firm and complete
account of what, where, and controlled by whom. I understand why the
audit has to be a "hunting expedition" and that the levels of data
access will have to service that need.
On 12/8/2017 11:57 AM, Greg Shatan wrote:
> Sam,
>
> From my experience in doing or supervising a number of domain name
> portfolio audits and due diligence on domain name acquisitions (often,
> in the context of larger corporate acquisitions), I would say that
> Whois is the centerpiece of the project -- not a "tiny part," as you
> conjecture.
>
> Generically, a critical and essential phase of any due diligence or
> audit project is checking the company's own records and the records of
> their known providers against public databases. Audits (or other
> forms of internal or consultant double-checking) are a typical part of
> domain name management
>
> In such audits and due diligence projects, even where one has access
> to the records of the domain name owner and/or their registrar(s),
> Whois is an absolutely necessary check against those records.
> Internal records can (and almost always do) have mistakes or
> omissions, and even where you have access to all of the registrar(s)
> information, there are often stray domains that are owned outside of
> the registrars the company think have all their domains.
>
> Failure of Whois or RDS to provide this component of due diligence
> would cripple due diligence, and most likely have knock-on effects,
> such as lower confidence (and lower prices) in corporate domain name
> acquisitions and trust in the DNS. There would also be an increase in
> post-acquisition clean-up, since the acquiror's pre-acquisition due
> diligence would be far less likely to uncover inaccuracies.
>
> The business community has been accustomed to thinking of domains as
> being the type of asset where one has a third party doublecheck (akin
> to real property title search and IP registrations, among other
> things). Putting domains into the category of independently
> uncheckable assets would be highly detrimental.
>
> Greg
>
>
>
> On Fri, Dec 8, 2017 at 11:36 AM, Volker Greimann
> <vgreimann at key-systems.net <mailto:vgreimann at key-systems.net>> wrote:
>
> Some registrars offer ownership certification services. That would
> be an alternate third party verification, possibly even better
> than someone looking at a whois record.
>
> Best,
>
> Volker
>
>
> Am 08.12.2017 um 17:33 schrieb allison nixon:
>> Even from the point of view of the person controlling the domain,
>> the outside verification is extremely valuable. Incidents of
>> account takeover don't always end well for the original account
>> holder, and companies in general (not just registrars, but
>> telcos, social media companies, etc), are NOT forthcoming about
>> details about what the bad actor did while signed into the
>> victim's account. Sometimes this is due to bad customer service,
>> or bad internal recordkeeping. Many instances of failure to
>> return the account to the owner is actually because historical
>> account data is NOT saved by the company.
>>
>> For the domain takeover incidents I have seen, the current and
>> historical WHOIS record is not just evidence, but it is sometimes
>> the only evidence available as to when the activity started, what
>> was affected, and what was attempted. Not only that, but it
>> serves as outside verifiable evidence that the original
>> registrant *really was* the original registrant. Without that, we
>> take the registrar's word for everything, which may or may not be
>> accurate or complete.
>>
>>
>> On Fri, Dec 8, 2017 at 11:27 AM, Andrew Sullivan
>> <ajs at anvilwalrusden.com <mailto:ajs at anvilwalrusden.com>> wrote:
>>
>> On Fri, Dec 08, 2017 at 11:13:53AM -0500, allison nixon wrote:
>> > >>Whois can be an indicator of ownership but it is not
>> evidence.
>> >
>> > No, it is evidence and it has been used as evidence in the
>> past. For
>> > example one case years ago when some Army domains were
>> hijacked and the
>> > WHOIS data was changed to the name of a hacker gang. the
>> historical whois
>> > data, the date of the change, and other factors were used
>> as evidence for
>> > the timeline of events. And the people constructing that
>> timeline were not
>> > working for the Army and didn't own the registrar account.
>>
>> Well, ok, but that doesn't mean this is domain name management,
>> either. It might be some other use case (I think it probably
>> is --
>> abuse prevention or something). The management case does
>> seem to me
>> to be only those who are directly interested in the normal
>> operation
>> of the domain from the point of view of controlling it, and
>> the only
>> question is whether the interested parties are necessarily
>> somehow
>> involved in the contractual relationship with the registry and
>> involved registrars. I think Volker is saying, "Yes," and
>> I'm saying,
>> "Maybe not."
>>
>> Best regards,
>>
>> A
>>
>> --
>> Andrew Sullivan
>> ajs at anvilwalrusden.com <mailto:ajs at anvilwalrusden.com>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>
>>
>>
>>
>> --
>> _________________________________
>> Note to self: Pillage BEFORE burning.
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
> -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit
> freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung -
> Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0)
> 6894 - 9396 901 <tel:+49%206894%209396901>
> Fax.: +49 (0) 6894 - 9396 851 <tel:+49%206894%209396851> Email:
> vgreimann at key-systems.net <mailto:vgreimann at key-systems.net> Web:
> www.key-systems.net <http://www.key-systems.net> /
> www.RRPproxy.net <http://www.RRPproxy.net>
> www.domaindiscount24.com <http://www.domaindiscount24.com> /
> www.BrandShelter.com <http://www.BrandShelter.com> Folgen Sie uns
> bei Twitter oder werden Sie unser Fan bei Facebook:
> www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>
> www.twitter.com/key_systems <http://www.twitter.com/key_systems>
> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835
> - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the
> KEYDRIVE GROUP www.keydrive.lu <http://www.keydrive.lu> Der Inhalt
> dieser Nachricht ist vertraulich und nur für den angegebenen
> Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung
> oder Weitergabe an Dritte durch den Empfänger ist unzulässig.
> Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir
> Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu
> setzen. -------------------------------------------- Should you
> have any further questions, please do not hesitate to contact us.
> Best regards, Volker A. Greimann - legal department - Key-Systems
> GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396
> 901 <tel:+49%206894%209396901> Fax.: +49 (0) 6894 - 9396 851
> <tel:+49%206894%209396851> Email: vgreimann at key-systems.net
> <mailto:vgreimann at key-systems.net> Web: www.key-systems.net
> <http://www.key-systems.net> / www.RRPproxy.net
> <http://www.RRPproxy.net> www.domaindiscount24.com
> <http://www.domaindiscount24.com> / www.BrandShelter.com
> <http://www.BrandShelter.com> Follow us on Twitter or join our fan
> community on Facebook and stay updated:
> www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>
> www.twitter.com/key_systems <http://www.twitter.com/key_systems>
> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken
> V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP
> www.keydrive.lu <http://www.keydrive.lu> This e-mail and its
> attachments is intended only for the person to whom it is
> addressed. Furthermore it is not permitted to publish any content
> of this email. You must not use, disclose, copy, print or rely on
> this e-mail. If an addressing or transmission error has
> misdirected this e-mail, kindly notify the author by replying to
> this e-mail or contacting us by telephone.
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
--
------------------------------------------------
"It is a disgrace to be rich and honoured
in an unjust state" -Confucius
邦有道,贫且贱焉,耻也。邦无道,富且贵焉,耻也
------------------------------------------------
Dr Sam Lanfranco (Prof Emeritus & Senior Scholar)
Econ, York U., Toronto, Ontario, CANADA - M3J 1P3
email: sam at lanfranco.net Skype: slanfranco
blog: https://samlanfranco.blogspot.com
Phone: +1 613-476-0429 cell: +1 416-816-2852
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171208/0043fe39/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list