Last I knew, there was NO SUCH THING as a "transfer lock". There IS a "MODIFICATION lock" that happens to prevent transfers. That is ENTIRELY different. If you want to change ANYTHING, you have to REMOVE THE LOCK. That is dangerous. Somebody COULD concievably pick THAT time to issue the transfer request, or you may forget to set it back. It is appalling that such an IMPORTANT thing can be stolen with NO culpability. Someone could actually ACCIDENTALLY transfer a domain, and NOBODY has to do anything about it.
Email is NOT a valid notification mechanism in this case. Blacklists, SPAM, spam blocks, system failures of all sorts, make email VERY unreliable. I have lost perhaps a dozen or more Emails, and I STILL don't know why! I changed email servers because of it. ANYONE passing such a rule (to require response from your email to PREVENT transfer of an asset) is either a (place descriptive profainity here) or.... I mean they MUST know about DNS issues, mail retry limits, ISP changes, blacklists, the possible deluge of email, etc... So WHY did they do this? It is IRONIC that my first transfer took FOREVER, because I didn't have access to my old email address(because that ISP shutdown(just one of MANY reasons email won't be received)). NOW, they have gone to the other extreme. At least if they require a response to COMPLETE the transfer, you would be on the lookout for it and act accordingly. BTW what kind of checks and balances are there? Judging from what I have seen on transfer requests, and heard from others, AND your statement about "transfer lock is your friend", AND the articles about locking the domain, I guess it can't be very good. BTW Domain slamming was basically outlawed. Isn't this effectively legalizing it to a greater degree? BTW you can develop a traffic stream, reputation, etc.... and make many MILLIONS! If the loss of such an asset made YOU lose all that, YOU would be complaining TOO. The problem is that too many people see this as a $10+/year expense, and figure that that is all it is worth, so such concern is baseless. That is like Clintons claim that his $200 haircut wasn't that extravegant. Did he REALLY miss the fact that airline companies lost tens of THOUSANDS of dollars(maybe more), nad that people were delayed getting to work and their families, and that business deals might have been lost, and that companies might have even LAID OFF PEOPLE because of his "$200 haircur"(He had it at LAX, and NO planes were allowed to land/takeoff while he was there). Even GERMANY has reported that as "hairforce one". Likewise, that $10 domain is worth a lot more than $10! Steve Ross Wm. Rader said: > Christopher X. Candreva wrote: > >> The domain of Panix, one of the first NY ISP's, has been hijacked by >> persons unknown. A whois of panix.net will show what the records should >> be, >> a whois of panix.com will show what they currently are. >> >> How this exactly happened is not yet clear. However, this is the type of >> thing that scares me about the current transfer method. The fact that >> someone can flasify a transfer request, and if somehow I do not get the >> notification, the transfer will happen anyway is a BIG problem. >> > > Let's assume that all the facts are in - what data did the gaining > registrar rely on to start the transfer? The point that people tend to > miss in these discussions is that someone must have given some level of > authorization much earlier in the game. Designing a system to check for > the existence of forgeries is much different than designing a system > with an appropriate level of checks *and* balances - which I think we > have today. > >> Yes, someone can get in trouble if it happens. That will be small >> comfort >> when I am out of business because my domain has been down. > > Transfer Lock is your friend. > >> >> Ross -- a comment from you has been forwarded to Nanog. (see >> http://www.merit.edu/mail.archives/nanog/, specificly >> http://www.merit.edu/mail.archives/nanog/msg04275.html ) It isn't very >> flattering, hopefully you're just cranky in the morning ? :-) > > There aren't enough facts out there to justify the kind of chatter thats > happening on the NANOG list. They are usually a pretty clueful bunch and > I expect more from them than this. It appears that slashdot-style > ninnery is contagious. If that means that people think I'm cranky, then > so be it ;-) > > -- > > > > > > -rwr > > > > Contact info: http://www.blogware.com/profiles/ross > Skydasher: A great way to start your day > My weblog: http://www.byte.org
