Association of Trustworthy Roots?

Joshua Brady somitho at
Mon Jan 17 02:58:50 UTC 2005


> That's the asymmetric problem with identity theft.  Companies seem to
> make it easier to steal the identity (24x7 transfers with 10 minute zone
> file updates) than to correct the theft (only open Monday-Friday, find the
> right department, fill out multiple forms, wait 2 weeks, etc).

That just makes it hard to do business period, you need to make it
harder for a user to verify who they are. Such as a secret password
and a faxed in authorization form or choose your level of security.
> I agree rules and processes are important.  Instead of calling it
> circumvention, I would call it a robust exception handling process.  Both
> the intial process of protecting your identity, as well as the exception
> handling process in the event it is compromised, should be available for
> both my home domain as well as well-known companies like MS, AOL and
> AT&T. It should be as hard to steal my domain as it is to steal AOL.COM.

Yes, it should be equally as hard to steal your domain as it would be
to steal AOL, MS, AT&T, MCI or any of the larger "world-wide traffic

> Unfortunately, there is very little I can do to prevent a
> Registry/Registrar from giving my identity away without my
> permission.

Theres alot you can do, you can always complain. More complaints to
your registrar about security end up with alot more results. So try
that out.

Joshua Brady

More information about the NANOG mailing list