[policy] When Tech Meets Policy...

Carl Karsten carl at personnelware.com
Tue Aug 14 01:51:38 UTC 2007

Douglas Otis wrote:
> On Aug 13, 2007, at 2:01 PM, Carl Karsten wrote:
>> I am not sure tasting is criminal or fraud.
> Tracking domain related crime is hindered by the millions of domains 
> registered daily for "domain tasting."  Unregistered domains likely to 
> attract errant lookups will not vary greatly from unregistered domains 
> useful for phishing.  The large flux in domain names significantly 
> inhibits anti-phishing efforts.

doesn't make it criminal or fraud, unless you can prove the intent was to hinder 
law enforcement.  good luck with that.

> Although some may see delays in publishing as problematic, often domain 
> facilitated crime depends upon the milli-second publishing rapidity used 
> to evade protective strategies.  A publishing process that offers 
> notification will allow protection services a means to stay ahead of 
> criminals.  Exceptions could be granted on an exigent or emergency 
> basis, where of course additional fees might be required.

"exigent or emergency" sounds like someone would have to approve/deny the 
request.  One of 2 things will have to happen:

1) spikes in number of requests per day will overwhelm the staff, and 
"emergency" requests  will go unanswered for days.

2) a huge staff will have to be paid to be standing by and normally not doing 
anything, just to cover the spikes.  and the chance of only having just enough 
to cover the spikes is slim to none, so either #1 will happen anyway, (just not 
as often) or the staff will be extra huge such that it is always underulitized, 
even during the highest spikes.

> Just as background checks are normally part of the hand gun trade, a 
> background check should be normally part of the domain trade.  

see my other post (doesn't scale)

> Many are 
> deceived by "cousin" domains frequently used in crimes netting billions 
> in losses.  Money garnered by capturing errant domain entries can not 
> justify criminal losses that are likely to have been otherwise 
> prevented.  Domain tasting is worse than a disgrace.

you lost me on this one.

This is sounding like "People Vs Larry Flint" where he says "you don't have to 
like my magazine, but you do have to let me publish it."  I am not saying 
tasting is a free speech thing, but I do see it as something currently legal, 
and don't see a way to make it a crime without adversely effecting the rest of 
the system.

> For domains to play any role in securing email, a published MX record 
> should become a necessary acceptance requirement.  Using MX records also 
> consolidates policy locales which mitigates some DDoS concerns.

I think it is too late to try to reform e-mail.  but I am curious how you think 
this would be implemented in the existing system.

Carl K

More information about the NANOG mailing list