Association of Trustworthy Roots?

Sean Donelan sean at donelan.com
Mon Jan 17 02:46:47 UTC 2005


On Sun, 16 Jan 2005, Christopher L. Morrow wrote:
> assume Mr. Rosen and MIT do... If the proper process was started then
> things look good, though unfortunately it may take some time to resolve
> the problem. That process/procedure is in place for a good reason,
> circumventing it will lead to problems in the long run. Do you circumvent
> for MS, for AOL, for ATT? At what point do you draw the line? My home
> business of pot painting?

That's the asymmetric problem with identity theft.  Companies seem to
make it easier to steal the identity (24x7 transfers with 10 minute zone
file updates) than to correct the theft (only open Monday-Friday, find the
right department, fill out multiple forms, wait 2 weeks, etc).

I agree rules and processes are important.  Instead of calling it
circumvention, I would call it a robust exception handling process.  Both
the intial process of protecting your identity, as well as the exception
handling process in the event it is compromised, should be available for
both my home domain as well as well-known companies like MS, AOL and
AT&T. It should be as hard to steal my domain as it is to steal AOL.COM.

Unfortunately, there is very little I can do to prevent a
Registry/Registrar from giving my identity away without my
permission.



More information about the NANOG mailing list