[gtld-tech] URS and replay attacks

Luis E. Muñoz lem at uniregistry.link
Tue Sep 1 21:11:13 UTC 2015

On 1 Sep 2015, at 13:35, Rubens Kuhl wrote:

> @ll,
> I'm wondering what we have, if any, in resources to prevent URS replay 
> attacks. The threat scenario we've made include access to the "Sent 
> Items" folder of an URS Provider, without access to PGP information. 
> With such access, domains that already received URS-Lock and 
> URS-Suspend commands might be subject to lock or suspension again, 
> even if there is not, at that time, an URS procedure ongoing. That 
> could even happen with a new registrant of that domain.
> I couldn't find anything in the requirements or URS Provider RFIs that 
> would generate information capable of mitigating this threat... am I 
> missing something ?

We keep track of the case IDs, so we would notice this to be a dupe. 
That said, I think your scenario is viable.

Luis Muñoz
Director, Registry Operations

2161 San Joaquin Hills Road
Newport Beach, CA 92660

Office +1 949 706 2300 x 4242
lem at uniregistry.link
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gtld-tech/attachments/20150901/bb1ffc2e/attachment.html>

More information about the gtld-tech mailing list