[163924] in North American Network Operators' Group
Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Fri Jun 21 06:00:50 2013
In-Reply-To: <20130621032524.2BA0B406060@ip-64-139-1-69.sjc.megapath.net>
Date: Fri, 21 Jun 2013 05:00:21 -0500
From: Jimmy Hess <mysidia@gmail.com>
To: Hal Murray <hmurray@megapathdsl.net>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 6/20/13, Hal Murray <hmurray@megapathdsl.net> wrote:
> Perhaps we should setup a distributed system for checking things rather than
> another SPOF. That's distributed both geographically and administratively
> and using several code-bases.
[snip]
I would be in favor of being able to pay two "competitive" to be
registrars for a domain, and assign them two roles:
"Registrar Primary"
and "Registrar Auditor"
With the requirement that all changes to the domain be initiated with
my "Primary Registrar",
AND no major change would be allowed to take effect until validated
by my secondary "change Auditor Registrar"
Including changes to NS records, DS records, contacts, unlocking,
renewal, deactivation, or transfers.
Essentially, forcing me to submit the same change to both registrars,
but denying either registrar the capability of forging authorization
or submitting changes that I had not authorized.
Also (in some measure) protecting me from identity theft, and other
security issues -- since there are now two accounts with two
providers, possibly with different authentication procedures.
--
-JH
