panix.com hijacked (VeriSign refuses to help)

Sun Jan 16 14:34:10 UTC 2005

On Sun, 16 Jan 2005, Eric Brunner-Williams in Portland Maine wrote:

One could almost think this hijack was timed to the release of the ICANN
"Requests Public Comments on Experiences with Inter-Registrar Transfer
Policy" from Jan 12:
http://www.icann.org/announcements/announcement-12jan05.htm

-Hank

>
> Oki all,
>
> Its dawn in Maine, the caffine delivery system has only just started,
> but I'll comment on the overnight.
>
> You're welcome alexis at panix.net. If you'll send me the cell phone number
> for the MIT managment I will call wearing my registrar hat and inform
> whoever I end up speaking with that Bruce needs to call me urgently, on
> Registrar Constituency business.
>
> Next, put a call into the Washingtom Post. They lost the use of the name
> "washpost.com" which all their internal email used, to due to expiry, so
> their internal mail went "dark" for several hours. This was haha funny
> during the primary season (Feb 6). If they don't get it try the NYTimes.
> Put the problem on record. There is an elephant in the room.
>
> The elephant is that the existing regime is organized around protecting
> the IPR lobby from boogiemen of their own invention. They invented the
> theory that trademark.tld (and trademark.co.cctld) existence dilutes the
> value of trademark, hence names-are-marks, bringing many happy dollars
> (10^^6 buys) into the registrar/registry system ($29-or-less/$6, resp.,
> per gtld and some cctlds), and retarding new "gTLD" introductions, as
> each costs the IPR interests an additional $35 million annually.
>
> To solve their division of spoils problem, is "united.com" UAL or is it
> UA?, we had DRPs, which is now a UDRP, and more DRPs for lots of cctlds.
>
> These [U]DRPs take many,many,many,many units of 24x7. They were invented
> for the happy IPR campers, who care about _title_, not _function_. If
> the net went dark that would be fine with them to, so long as the right
> owners owned the right names.
>
> Restated, there is no applicable (as in "useful for a 24x7 no downtime
> claimant") law in the ICANN jurisdiction.
>
> And it is your own damn fault. Cooking up the DRPs took years of work by
> the concerned interests, and they were more concerned with enduring legal
> title then momentary loss of possession. During those years, interest in
> the DNSO side of ICANN by network operators went from some to zero, and
> at the Montevideo meeting the ISP and Business constituencies were so
> small they meet in a small room and only half the seats were taken. After
> that point they were effectively merged. IMHO, Marilyn Cade and Phillipe
> Shepard are the ISP/B Constituency, and they can't hear you (for all
> 24x7 operational values of "you").
>
> In case it isn't obvious, the "your own damn fault" refers to a much
> larger class of "you" than Alexis Rosen.
>
> [Oh, the same happy campers are why :43 is broken. They want perfect
>  data at no cost and w/o restriction. Registrars don't want slamming,
>  today's owie, and registrants don't want spam (which some ISPs do),
>  so the whole :43 issue is a trainwreck of non-operational interests
>  overriding operational interests. Registrars would be happy to pump
>  :43 data to operators, if we could manage the abuse, instead we get
>  knuckleheads who insist that spam would be solved forever if ...]
>
>
> There is a fundamental choice of jurisdictions question. Is ICANN the
> correct venue for ajudication, or is there another venue? This is what
> recourse to the "ask a real person" mechanism assumes, that talking to
> a human being is the better choice.
>
> Bill made this comment:
>
> > Since folks have been working on this for hours, and according to
> > posts on NANOG, both MelbourneIT and Verisign refuse to do anything
> > for days or weeks, would it be a good time to take drastic action?
> >
> > Think of what we'd do about a larger ISP, or the Well, or really any
> > serious financial target.
> >
> > Think of the damage from harvesting <>logins and mail passwords of
> > panix users.
>
> You (collectively) are another venue. When the SiteFinder patch was
> broadly adopted to work around a change made at one of the registries,
> you (collectively) were replacing ICANN as the regulatory body. ICANN
> took weeks to arive at a conclusion about that change, then endorsed
> that patch to the deployed DNS, while depricating incoherence in the
> DNS.
>
> [I spent 5 minutes at the Rome Registrar Constituency meeting chewing
>  Vint Cerf and Paul Twomey in front of about 100 registrars and back
>  benchers for taking many,many,many,many units of 24x7 to arive at the
>  conclusion that breakage, or "surprise" in .com was not a good thing.]
>
> There is a stability of the internet issue. An ISP's user names and
> their passwords are compromised by VGRS, MIT, DOTSTER, and PANIX all
> following the controlling authority -- the ICANN disputed transfer
> process. It isn't MCI or AOL or ... and if it were a bank it might
> not be Bank of America ... and if it were a newspaper it might not
> be the WaPo. But if size defines the class of protected businesses
> under the controlling jurisdiction [1], then Panix's core problem
> is that it isn't AOL or MSN or the ISP side of a RBOC.
>
> I'd be nervous if I were Alexis. Not enough people are running their
> cups on the bars to get the attention of the wardens.
>
> Eric
> <registrar_hat="on"/>
>
> [1] In the US FCC space, the 3-2 decision mid-last month on CLEC access
> to unbundled UNE is a "size defines the class of protected businesses"
> policy decision. As one of the two dissenting Commissioners noted, it
> means the end of the 1996 Act.
>
>  +++++++++++++++++++++++++++++++++++++++++++
>  This Mail Was Scanned By Mail-seCure System
>  at the Tel-Aviv University CC.
>