<p dir="auto">On 1 Sep 2015, at 13:35, Rubens Kuhl wrote:
</p>
<blockquote>
<p dir="auto">@ll,
</p>
<p dir="auto">I'm wondering what we have, if any, in resources to prevent URS replay attacks. The threat scenario we've made include access to the "Sent Items" folder of an URS Provider, without access to PGP information. With such access, domains that already received URS-Lock and URS-Suspend commands might be subject to lock or suspension again, even if there is not, at that time, an URS procedure ongoing. That could even happen with a new registrant of that domain.
</p>
<p dir="auto">I couldn't find anything in the requirements or URS Provider RFIs that would generate information capable of mitigating this threat... am I missing something ?
</p>
</blockquote>
<p dir="auto">We keep track of the case IDs, so we would notice this to be a dupe. That said, I think your scenario is viable.
</p>
<p dir="auto"><body style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><p style="font-family: 'Proxima Nova', Helvetica, Arial, sans-serif; line-height: 12px;"><span class="address-sep break" style="display: inline;"><b>Luis Muñoz</b><br></span><font color="#1e1e1e">Director, Registry Operations</font><br><span class="txt signature_jobtitle-input sig-hide" style="color: rgb(130, 130, 130); display: inline;">____________________________</span></p><p style="color: rgb(0, 0, 0); font-family: 'Proxima Nova', Helvetica, Arial, sans-serif; font-size: 10px; line-height: 14px;"><a href="http://www.uniregistry.link" class="clink sig-hide logo-container"><img src="http://static.uniregistry.net/assets/img/ur-logo@2x.png" alt="Uniregistry" class="sig-logo" height="40" border="0" width="165"></a></p><p style="color: rgb(0, 0, 0); font-family: 'Proxima Nova', Helvetica, Arial, sans-serif; font-size: 11px; line-height: 14px;"><span class="website-sep break" style="display: inline;">2161 San Joaquin Hills Road<br>Newport Beach, CA 92660</span></p><p style="color: rgb(0, 0, 0); font-family: 'Proxima Nova', Helvetica, Arial, sans-serif; font-size: 11px; line-height: 14px;"><span class="txt signature_officephone-input sig-hide" style="display: inline;">Office +1 949 706 2300 x 4242<br>lem@uniregistry.link</span></p></div></div></div></body>
</p>