On-going Internet Emergency and Domain Names
Roland Dobbins
rdobbins at cisco.com
Sun Apr 1 19:29:14 UTC 2007
On Apr 1, 2007, at 11:51 AM, Douglas Otis wrote:
> Instituting
> notification of domain name additions before publishing would enable
> several preemptive defenses not otherwise possible.
How does this help? Are you saying that new domains somehow are
somehow to be judged based upon someone's interpretation as to
whether or not the domain 'reads' well, or some other factor? Who
makes that determination, and by what criteria?
Or are you saying that notification of someone whose credit card has
been stolen would somehow help? How would the registrar know whether
or not an email address given at the time of registration is valid
for the purported registree? If there's some kind of 'click-to-
validate' system put into place, the miscreants will simply automate
the acceptance process (there's been a lot of work done on defeating
CAPTCHAs, for example; even if they do it by hand, that would work.
And services like Mailinator can make it even easier for the
miscreants due to their FIFO nature - no forensics possible).
Several registrars offer private domain registration as an option, as
well. How does this affect the notification model?
I generally agree with you that when possible, time for analysis can
be useful (though I'm unsure how that helps in this scenario, see
above). But one of the ways registrars compete ison timeliness; last
night, for example, I registered a few domains on a whim. If the
registrar I chose to use had told me there was some delay in the
process for vetting, I would've cancelled the order and gone
somewhere else, because I wanted those domains -right then-, before
someone else registered them.
This is all probably way off-topic for NANOG, anyways.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
Words that come from a machine have no soul.
-- Duong Van Ngo
More information about the NANOG
mailing list