On-going Internet Emergency and Domain Names

Sat Mar 31 21:47:49 UTC 2007

For some operations or situations 24 hours would be too long a time to wait.
There would need to be some mechanism where the delay could be bypassed.

Frank

-----Original Message-----
From: Douglas Otis [mailto:dotis at mail-abuse.org] 
Sent: Saturday, March 31, 2007 4:05 PM
To: frnkblk at iname.com
Cc: nanog at merit.edu
Subject: RE: On-going Internet Emergency and Domain Names

On Sat, 2007-03-31 at 11:09 -0500, Frank Bulk wrote:
                               > On 
Sat, 31 Mar 2007 07:46:47 -0700,
Douglas Otis wrote:
> > 
> > Even when bad actors can be identified, a reporting lag of 12 to 24
> > hours in the case of global registries ensures there can be no
> > preemptive response.  If enforcement at this level is to prevent crime,
> > registries would need to help by providing some advanced notice.
> > Perhaps all registries should be required to report public details of
> > domain name additions 24 hours in advance of the same details being
> > published in the TLD zones.
> 
>
> What about a worldwide clearing house where all registrars must submit
their
> domains for some basic verification?

Rather than a clearinghouse, require gTLDs, ccTLDs, and SLDs establish
rules regarding access to a 24 hour preview of zone transfers.
Establish some type of international domain dispute resolution agency
that responds to hold requests made by recognized legal authorities.

Establishing transfers for the next day's zone provides extremely
valuable information that would significantly aid efforts in fighting
crime.  An advanced warning permits deployment of preemptive
technologies.  This technology could be bind10, but there are other
solutions as well.

Legal authorities should also be able to request holds placed on
specific domains when the minimal details appear related to criminal
activity, such as names commonly used for look-alike attacks.  Only then
would additional information become relevant, and be handled by the
domain dispute resolution agency.  They would not be a general
clearinghouse.

> Naming: For phishing reasons. I think detection of possible trademark
> violations would be too contentious.

Agreed.

> Contact info: It's fine to use a proxy to hide true ownership to the
public,
> but the clearing house would verify telephone numbers and addresses
against
> public and private databases, and for those countries that don't have that
> well built-out, something that ties payment (whether that be credit card,
> bank transfer, or check) to a piece of identification as strong as a
> passport.

While this sounds like an excellent idea, it also seems unlikely the
current levels of trust permits a broad sharing of such detail in the
fashion of a clearinghouse.  Just a 24 hour advanced peak at tomorrow's
zone file would not represent any additional data preparation, nor would
this be information someone wishes to keep private.  After all, there is
competition between registrars. 

> Funding of such a clearing house: a flat fee per domain
> Maintenance: It can't be a one-time event, but I'm not sure how this would
> look.

Perhaps registries should be allowed to charge a small fee to cover just
the expense related to the transfers.  

> Of course, the above is only utopia and the problem has to get much worse
> before we'll see international cooperation.

The financial damage caused by crime taking advantage of DNS features to
then dance rapidly over the globe should justify rather minor changes to
the current mode of registry operations.

-Doug