I wasn't taking a position with my note. Not sure why you are making such an assumption. Plainly, this is good old fashioned procedural advice from someone who has been there. I'm simply saying that if you are worried about preventing criminals from registering tons of domains as the article describes, then the policy discussion will have to be broader than what Danny's prescription allows. If you are interested in more accurate whois, then Danny's prescription will be just fine. My assumption is that the public interest will be better served by dealing more broadly with the issue and is rooted in the observation that many times Visa has a hard time verifying whether or not it is a cardholder presenting data or if its a criminal posing as the cardholder. On Sep 14, 2009, at 11:02 AM, Garth Bruen at KnujOn wrote:
Ross,
I have to concur with Danny. This is a significant part of the overall problem and has been pushed to the side over and over, even when true solutions have been offered, solutions that wont increase the cost of domains or the cost of doing business.
Your reasoning on this also fails the logic test as if you are suggesting it is pointless also to verify credit card numbers.
I can understand why Registrars would not want to verify their customer information because it presents an obstacle to criminals who buy thousands of domains anonymously. Verification complicates their current business model and income flow. However, by dismissing discussion of solution we are catering people who abuse the system.
-Garth
------------------------------------- Collect, analyze, enforce, repeat...
Garth Bruen gbruen@knujon.com http://www.knujon.com http://www.linkedin.com/pub/4/149/724
Tentative Presentations: Global Cyber Security Expo http://cyberexpo.memphis.edu/
-------- Original Message -------- Subject: Re: [NA-Discuss] Domain-name abuse proliferates; rogue registrars turn a blind eye From: Danny Younger <dannyyounger@yahoo.com> Date: Mon, September 14, 2009 10:55 am To: Ross Rader <ross@tucows.com> Cc: NA Discuss <na-discuss@atlarge-lists.icann.org> Hi Ross, I view time-of-registration contact data verification as a matter that is in the public interest. I tend to place the public interest ahead of registrar self-interest. As a community we have to ask ourselves if ICANN is doing enough to make sure that contact data is reasonably accurate. At the moment such data isn't as accurate as it could be, and clearly more could be done. This is not an unreasonable step to take, and will certainly result in some degree of improved accuracy. What harm to the public interest do you believe would accrue if such a policy was put in place? regards, Danny --- On Mon, 9/14/09, Ross Rader <ross@tucows.com> wrote:
From: Ross Rader <ross@tucows.com> Subject: Re: [NA-Discuss] Domain-name abuse proliferates; rogue registrars turn a blind eye To: "Danny Younger" <dannyyounger@yahoo.com> Cc: "NA Discuss" <na-discuss@atlarge-lists.icann.org> Date: Monday, September 14, 2009, 9:44 AM
On Sep 14, 2009, at 9:11 AM, Danny Younger wrote:
Time-of-registration-whois-verification is a policy that is long overdue. Is the at-large prepared to bring this issue forward?
I encourage you to be thoughtful about the issues as you bring this forward.
What I mean is, try and take some time to think about the actual issue vs. a prescription. Whois data verification pre-registration will be exactly as useful as credit card billing information verification at the time of registration (which is, in my opinion, not very - the bad guys have all the data they need to pass most verification schemes).
Framing up the issue in terms of the problem (as opposed to the solution) will help focus the discussion on a range of outcomes, rather than focusing it on an already overloaded and contentious framework (whois).
/r
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.ica... Visit the NARALO online at http://www.naralo.org ------
best, Ross Rader General Manager, Hover t. (408) 538-0441 The Easiest Way To Buy and Use Your Domain Names http://www.hover.com Check out our blog at: http://stuff.hover.com Hover on Twitter: http://about.hover.com/twitter Check my availability at: http://rossrader.com/available ..sent from my phone