[95754] in North American Network Operators' Group
Re: ICANNs role [was: Re: On-going ...]
daemon@ATHENA.MIT.EDU (Donald Stahl)
Tue Apr 3 07:49:53 2007
Date: Tue, 3 Apr 2007 07:47:45 -0400 (EDT)
From: Donald Stahl <don@calis.blacksun.org>
To: Andy Davidson <andy@nosignal.org>
Cc: Gadi Evron <ge@linuxbox.org>, nanog@merit.edu
In-Reply-To: <83F8FC60-79B5-49D1-8343-7F538921BD3E@nosignal.org>
Errors-To: owner-nanog@merit.edu
>> What are your thoughts on basic suggestions such as:
>> 1. Allowing registrars to terminate domains based on abuse, rather than
>> just fake contact details.
>
> I don't like this because its impossible to define abuse clearly enough in
> this context.
>
> If a fictitious web-shop 'nice-but-dim.com' get a box owned which has the
> reverse dns set to something in that zone, is this abuse ? Yes .. sort of,
> but it's no business of the registry. Is registering a domain name which
> causes offense to some people abuse ? It might be, but its no reason not to
> let the domain name registration go through. What if you and I fall out, and
> I manage to build a case against you to get linuxbox.org de-registered ? Do
> you want to spend time and effort fighting it ?
>
> Who arbitrates/polices this scheme ?
>
> Who pays for any mistakes ?
I think the shutdown of seclists.org by GoDaddy is a perfect example of
exactly why the registrars should NOT be making these decisions.
And exactly what good is 24 hour notice (as some people have suggested)
going to do? With 2 million domains registered every single day (according
to a recent techworld article) who could possibly go through such a list
and make informed decisions?
If you want a really simple, and probably very effective first step-
then stop domain tasting. It doesn't help anyone but the phishers.
An even better idea would be for companies to send out their own phishing
emails. Every user that falls for it gets an email/phone call informing
them just how stupid they are and notifying them that if they fall for it
again they are going to lose their account. The next time fall for it you
shut down their account.
Seriously though- why do we keep blaming the infrastructure for the mind
boggling stupidity of users?
-Don