On-going Internet Emergency and Domain Names
Robert Bonomi
bonomi at mail.r-bonomi.com
Tue Apr 3 02:53:19 UTC 2007
> From: David Conrad <drc at virtualized.org>
> Subject: Re: On-going Internet Emergency and Domain Names
> Date: Mon, 2 Apr 2007 17:33:08 -0700
>
>
> On Apr 2, 2007, at 4:56 PM, Douglas Otis wrote:
> > The recommendation was for registries to provide a preview of the
> > next day's zone.
>
> I think this might be a bit in conflict with efforts registries have
> to reduce the turnaround in zone modification to the order of tens of
> minutes.
This is getting far afield from 'network operations', but the underlying
issue is really quite simple: There are *NO*PENALTIES* for registering
'bogus' domains. The registry operator has -no- (financial) incentive
to investigate, nor remove, a 'falsified' entry. Once a name is in the
database, _anything_ affecting it is an 'un-necessary expense' to the registry
operator.
Similarly, there is no dis-incentive to a registrar wih regard to _filing_ a
bogus registration with a registry.
Address _these_ issues, and the domain names "problem" will effectively
disappear.
One _possible_ approach to dealing with the problem:
1) registry includes in it's contract with registrars a (non-trivial) $$
penalty for any registration filed that is found to contain invalid
information.
2) 'formal complaints' to registrar about invalid information must include
a 'filing fee' for the complaint. If the complaint is in-accurate, the
filer loses their filing fee. HOWEVER, if the complaint _is_ valid, the
_original_ filer gets back _more_ than their fee (paid out of the 'fine',
see item 1, above, assessed against the registrar) while any additional
complainants get all their original money returned. Possible variation:
the size of the fine assessed against the registrar for a 'confirmed'
complaint depends on the number of complaints recieved within some
'reasonable' time of the first complaint -- and all complaints within
that 'window' get the 'bounty' for a valid compliant.
3) Registrars are charged a _sliding-scale_ of fees, with higher fees based
on the numbers and/or percentages of 'bogus' registrations submitted
recently. (This is similar to the way 'unemployment taxes' are assessed
in the U.S. If there are more claims against your company, you pay
a higher rate than similar firms with lower claims.)
4) Registrars with higher rates of 'invalid' submissions are _rate-limited_
as to how fast they can submit registrations.
Underlying assumptions:
A) The 'filing fee' approximates the registry operator cost of performing a
basic investigation.
B) The 'fine' assessed against a registrar is signficantly higher than the
actual 'cost' of the investigation.
C) A registrar that has higher per-registration costs is at a competitive
disadvantage to those who canprovide equivalent service at a lower price.
D) A registrar who has to say "We'll take your application now, but we can't
tell you for xx hours (or days) if your application for that name was
successful" is at a competitive disadvantage to one who can tell you
_now_ 'your application was successful'.
*THIS* gives the registry operator an incentive to 'clean house' -- finding
and eliminating 'problem listings' is a REVENUE SOURCE.
Similarly, registrars have an incentive to ensure that their _own_ house is
clean. Lack of diligence costs them extra money, -and- places them at a
disadvantage relative to their competition.
'White-hat' registrars can do something similar with regard to registrants.
Registrants fall into three broad categories; (a) those who have never
filed before, (b) those who _do_ have a history of problem-free filings,
and (c) those who have a history of filings where there have been some
problems.
Those with a 'no problems' history are processed in an expedited manner,
suject to checks for 'abnormal' behavior -- e.g. a radical increase in
the number/rate of submissions.
Those with no histories are subjected to additional cross-checking/verification,
and, possibly, higher 'new user' charges.
Those with 'problematic' histories get deferred, surcharged, and/or rate-
limited processing.
One can 'tune' the rate schedules for 'new users', and 'problematic' filers,
to reflect the "risk level" that the registrar is willing to incur, -with-
the recogition that registrar-level penalties imposed by a registry operator
will affect _all_ registrations through that registrar, not just 'problematic'
ones.
1
More information about the NANOG
mailing list