On-going Internet Emergency and Domain Names

Mon Apr 2 17:32:34 UTC 2007

> so, what exactly is the problem with registrations? One of the problems I
> see is with a seeming lack of follow-through on fraudulently purchased
> domains. Another is a seemingly long time to remove domains that are 'up
> to no good'.

Agreed with on both points. See below for view of the problem.

> If you look at the domain registration system as a legacy process, what
> would you do differently if re-inventing it? That, it seems to me, is
> likely the best path forward. Take your opinions/options and get them
> codified into new policy for registries/registrars to follow. With every
> relatively static and relatively open set of policies eventually
> bad-actors will find a set of loopholes or vulnerabilities to get their
> job done. It seems that re-evaulating the polcies/procedures/requirements
> would be useful in this matter.

Absolutely, we should always be re-evaluating our policies to verify they
are up to meeting todays demands. The unfortunate side of this is, it may
end up increasing costs. If we cut down on the automation of domains, and
had more respect for what ends up in the TLD/root servers, perhaps it would
cut down (note: cut down does not imply eradicate) DNS abuse. The process
should be more akin to requesting more IP space. If we treat DNS space as an
unlimited resource, and give it away for a couple of bucks per year, its
much easier to abuse. However, if you had to justify your usage and naming,
and have a human actually process that request, perhaps it would cut down on
bogus registrations. Though, as I've mentioned already, once DNS becomes
sufficiently difficult to abuse, said bad-actors will just pursue other
methods, and we will be left with an overzealous registration process that
costs entirely too much.