[CPWG] Verisign

Bill Jouris b_jouris at yahoo.com
Mon Jan 6 17:48:47 UTC 2020 

 I don't doubt at all that a case of DNS abuse results in a lose for the registry on that registration.  But amortized across all the defensive registrations which can be sold by pointing to that horrible example?  Less sure. 
Bill
    On Monday, January 6, 2020, 09:21:41 AM PST, Jonathan Zuck <jzuck at innovatorsnetwork.org> wrote:  
 
 #yiv3635019676 #yiv3635019676 -- _filtered {} _filtered {} _filtered {} _filtered {}#yiv3635019676 #yiv3635019676 p.yiv3635019676MsoNormal, #yiv3635019676 li.yiv3635019676MsoNormal, #yiv3635019676 div.yiv3635019676MsoNormal {margin:0in;margin-bottom:.0001pt;font-size:11.0pt;font-family:sans-serif;}#yiv3635019676 a:link, #yiv3635019676 span.yiv3635019676MsoHyperlink {color:blue;text-decoration:underline;}#yiv3635019676 .yiv3635019676MsoChpDefault {} _filtered {}#yiv3635019676 div.yiv3635019676WordSection1 {}#yiv3635019676 
In fairness, Bill, the contracted parties spend tons of cash to combat DNS abuse. Of course, we’ve just issued advice to the board suggesting they could do more, such as implementing the AI based solution used by .UK and .EU which look really promising. So it’s a wee bit disingenuous to suggest that they WANT all the conflicts as they end up getting wrapped up in complaints about them all the time and I suspect they wish they weren’t there because they lose money, not make money, on them. That we heard from Graham from Twocows and it makes sense. Once they “touch a domain” they’re losing money, he suggested, and I don’t have any reason to question him. I’d much rather workwith them to find a better way to go after the bad guys.

  
 
  
 
From: Bill Jouris via CPWG
Sent: Monday, January 6, 2020 12:15 PM
To: Laurin B Weissinger
Cc: cpwg at icann.org
Subject: Re: [CPWG] Verisign

  
 
Laurin, 
 
I'm not sure it is accurate to characterize the situation as the registries as "not having their houses in order."  As for-profit companies, their duty is to their owners.  And the technical term of a situation requiring lots of defensive registrations is "gold mine" -- multiple sales, with only a single customer to deal with.  And, for the most part, you can probably sell hosting services for the re-direct to the real website as well. 
 
  
 
>From the point of view of the users, and of the Internet generally, simply blocking those potential abusive registrations is clearly the way to go.  But for the registries?  All their incentive is to have as many potential conflicts as possible.  Easy sales.
 
  
 
Bill Jouris
 
  
 
Sent from Yahoo Mail on Android
 
  
 

On Mon, Jan 6, 2020 at 8:50 AM, Laurin B Weissinger
 
<lbweissinger at protonmail.com> wrote:
 
Dear all, 

> The only obvious defense, for registrants who want their customers to arrive reliably at their website, will be defensive registrations.  Lots of defensive registrations.  (I did a quick calculation for Citi Bank.  4 letter domain name.  Close to 300 readily confusable variations.  Longer names would have more, of course.)

It might very well be that this is an issue to start with? SSR2 will likely recommend measures to be taken here.

In general though, it is quite ridiculous if you think about it — I have to pay for multiple domains to protect myself because contracted parties do not have their house in order… (Obviously, I am overstating slightly, on purpose)

All the best
Laurin 



 


> On Jan 6, 2020, at 17:45, Jonathan Zuck <JZuck at innovatorsnetwork.org> wrote:
> 
> Bill,
> That's certainly an interesting take that I hadn't thought about. The reasoning from Evan, that make sense to me, is that higher prices would make it less likely that people would register the fraudulent names in the first place, making defensive registrations less necessary. Of course, for truly premium names a small price hike will NOT make a difference but at volume it might.  I'll noodle that more. My job is facilitator here so my opinion doesn't really matter. I'm just not interested in a knee jerk emotional response from At-Large.
> Jonathan
> 
> From: Bill Jouris <b_jouris at yahoo.com>
> Sent: Monday, January 6, 2020 11:37 AM
> To: Jonathan Zuck <JZuck at innovatorsnetwork.org>; Nat Cohen <ncohen at telepathy.com>; Alan Greenberg <alan.greenberg at mcgill.ca>
> Cc: cpwg at icann.org <cpwg at icann.org>
> Subject: Re: [CPWG] Verisign
> 
> Jonathan, 
> 
> In your last paragraph, you say: 
> "Individual end users don’t care about the wholesale price of domains. They care about whether they’re getting to the site they intend, that the site won’t infect their machine with malware, that the site won’t commit fraud on them, etc. etc...."
> 
> But that does give individual end users a stake in domain name prices.  Thanks to the IDN effort, we are about to see a spike in the potential for DNS abuse -- specifically the easy opportunity (thanks to ICANN's approach) to generate quite misleading domain names.  
> 
> The only obvious defense, for registrants who want their customers to arrive reliably at their website, will be defensive registrations.  Lots of defensive registrations.  (I did a quick calculation for Citi Bank.  4 letter domain name.  Close to 300 readily confusable variations.  Longer names would have more, of course.)
> 
> If the price of registrations goes up, they will do fewer defensive registrations.  Which means end users will have more trouble reliably getting where they want to go.  Which, I submit, we do care about.
> 
> Bill Jouris 
> 
> Sent from Yahoo Mail on Android
> 
> On Mon, Jan 6, 2020 at 7:23 AM, Jonathan Zuck
> <JZuck at innovatorsnetwork.org> wrote:
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg
> 
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
 
  
   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/cpwg/attachments/20200106/52a79360/attachment.html>

More information about the CPWG mailing list