[gtld-tech] gtld-tech URS technical requeriments

John R. Levine johnl at iecc.com
Mon Jul 8 22:39:57 UTC 2013

> Let me ask the dumb question....do we really need a set of standard 
> specs for this for a registry?

If URS exists at all (a battle that appears to have been lost quite a 
while ago) I would have to say yes, since if people roll their own, 
they'll likely make all the same security mistakes this spec does, and 

The basic problem is that the Internet is not synonymous with web servers, 
but too many people forget that.


> ----- Original Message -----
> From: John R. Levine [mailto:johnl at iecc.com]
> Sent: Monday, July 08, 2013 06:29 PM
> To: Gustavo Lozano <gustavo.lozano at icann.org>
> Cc: gtld-tech at icann.org <gtld-tech at icann.org>
> Subject: Re: [gtld-tech] gtld-tech URS technical requeriments
>> Please provide your feedback no later than Tuesday 23 of July.
> Thanks for publishing this.
> Unfortunately, the "URS Lock with Redirection" spec is a security disaster
> for e-mail, pariticularly since, as I understand it, a typical use for the
> URS will be to deal with typosquats of famous names such as páypàl.tld.
> Do we just send comments to you or is there a more formal place?  I
> expect that several anti-abuse organizations will want to weigh in.
> R's,
> John

John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly

More information about the gtld-tech mailing list