[95731] in North American Network Operators' Group
what registrars need to do with no incentive [was: Re: On-going ..]
daemon@ATHENA.MIT.EDU (Gadi Evron)
Mon Apr 2 22:35:56 2007
Date: Mon, 2 Apr 2007 21:09:24 -0500 (CDT)
From: Gadi Evron <ge@linuxbox.org>
To: Robert Bonomi <bonomi@mail.r-bonomi.com>
Cc: nanog@merit.edu
In-Reply-To: <200704030253.l332rJNd005533@s25.firmware.com>
Errors-To: owner-nanog@merit.edu
On Mon, 2 Apr 2007, Robert Bonomi wrote:
>
>
> > From: David Conrad <drc@virtualized.org>
> > Subject: Re: On-going Internet Emergency and Domain Names
> > Date: Mon, 2 Apr 2007 17:33:08 -0700
> >
> >
> > On Apr 2, 2007, at 4:56 PM, Douglas Otis wrote:
> > > The recommendation was for registries to provide a preview of the
> > > next day's zone.
> >
> > I think this might be a bit in conflict with efforts registries have
> > to reduce the turnaround in zone modification to the order of tens of
> > minutes.
>
> This is getting far afield from 'network operations', but the underlying
> issue is really quite simple: There are *NO*PENALTIES* for registering
> 'bogus' domains. The registry operator has -no- (financial) incentive
> to investigate, nor remove, a 'falsified' entry. Once a name is in the
> database, _anything_ affecting it is an 'un-necessary expense' to the registry
> operator.
>
> Similarly, there is no dis-incentive to a registrar wih regard to _filing_ a
> bogus registration with a registry.
Or policy.
>
> Address _these_ issues, and the domain names "problem" will effectively
> disappear.
>
> One _possible_ approach to dealing with the problem:
> 1) registry includes in it's contract with registrars a (non-trivial) $$
> penalty for any registration filed that is found to contain invalid
> information.
And work a bit harder to make sure the information is valid. This can mean
higher costs, of course.
> 2) 'formal complaints' to registrar about invalid information must include
> a 'filing fee' for the complaint. If the complaint is in-accurate, the
> filer loses their filing fee. HOWEVER, if the complaint _is_ valid, the
> _original_ filer gets back _more_ than their fee (paid out of the 'fine',
> see item 1, above, assessed against the registrar) while any additional
> complainants get all their original money returned. Possible variation:
> the size of the fine assessed against the registrar for a 'confirmed'
> complaint depends on the number of complaints recieved within some
> 'reasonable' time of the first complaint -- and all complaints within
> that 'window' get the 'bounty' for a valid compliant.
> 3) Registrars are charged a _sliding-scale_ of fees, with higher fees based
> on the numbers and/or percentages of 'bogus' registrations submitted
> recently. (This is similar to the way 'unemployment taxes' are assessed
> in the U.S. If there are more claims against your company, you pay
> a higher rate than similar firms with lower claims.)
> 4) Registrars with higher rates of 'invalid' submissions are _rate-limited_
> as to how fast they can submit registrations.
Bulk registration should be limited, or at the very least regulated.
Suspending domains registered with a stolen CC (as mentioned) seems
natural, doesn't it?
> Underlying assumptions:
> A) The 'filing fee' approximates the registry operator cost of performing a
> basic investigation.
> B) The 'fine' assessed against a registrar is signficantly higher than the
> actual 'cost' of the investigation.
> C) A registrar that has higher per-registration costs is at a competitive
> disadvantage to those who canprovide equivalent service at a lower price.
> D) A registrar who has to say "We'll take your application now, but we can't
> tell you for xx hours (or days) if your application for that name was
> successful" is at a competitive disadvantage to one who can tell you
> _now_ 'your application was successful'.
>
> *THIS* gives the registry operator an incentive to 'clean house' -- finding
> and eliminating 'problem listings' is a REVENUE SOURCE.
>
> Similarly, registrars have an incentive to ensure that their _own_ house is
> clean. Lack of diligence costs them extra money, -and- places them at a
> disadvantage relative to their competition.
>
>
> 'White-hat' registrars can do something similar with regard to registrants.
> Registrants fall into three broad categories; (a) those who have never
> filed before, (b) those who _do_ have a history of problem-free filings,
> and (c) those who have a history of filings where there have been some
> problems.
>
> Those with a 'no problems' history are processed in an expedited manner,
> suject to checks for 'abnormal' behavior -- e.g. a radical increase in
> the number/rate of submissions.
>
> Those with no histories are subjected to additional cross-checking/verification,
> and, possibly, higher 'new user' charges.
>
> Those with 'problematic' histories get deferred, surcharged, and/or rate-
> limited processing.
>
> One can 'tune' the rate schedules for 'new users', and 'problematic' filers,
> to reflect the "risk level" that the registrar is willing to incur, -with-
> the recogition that registrar-level penalties imposed by a registry operator
> will affect _all_ registrations through that registrar, not just 'problematic'
> ones.
>
>
> 1
>