On Apr 2, 2007, at 7:02 PM, Gadi Evron wrote:
On Mon, 2 Apr 2007, David Conrad wrote:
On Apr 1, 2007, at 8:45 AM, Gadi Evron wrote:
The one concrete suggestion I've seen is to induce a delay in zone
creation and publish a list of newly created names within the zone.
The problem with this is that is sort of assumes:
What are your thoughts on basic suggestions such as:
1. Allowing registrars to terminate domains based on abuse, rather
than just fake contact details.
This requires a separate agency tasked to respond to reports of
crime. Registrars have a conflict of interest (they want to be
profitable). Even answering the phone to deal with this type of
problem costs more than a registration is worth. Hence, it is easier
to establish domain tasting which essentially drops this entire
problem into someone else's lap.
2. Following these incidents as they happen so that YOU, in charge,
can make these suggestion?
Often enforcement policies begins with a complaint. But who is
taking the role of enforcement?
3. For true emergencies threatening the survivability of the
system, shoudln't we be able to black-list a domain in the core?
It would be nice if there were an agency that had a mechanism in
place for routinely yanking domains that pose a public threat. Who
would you trust in that role? Unfortunately, the US has lost their
credibility as loudly echoed on this list.
4. Black lists for providers are not perfect, but perhaps they
could help protect users significantly?
Black-hole or block-lists is where protection can be introduced,
political push back will thwart centralized enforcement. To support
this mode of operation, a preview mode of operation would be highly
beneficial. Currently bad actors will keep such efforts in a futile
feckless reactive mode.
5. Enforcing that registrars act in say, not a whitehat fashion,
but a not blackhat fashion?
Of course a bad registrar might warrant greater scrutiny. At what
point would all their customers need to find a different registrar?
6. Yours here?
Perhaps only banks should be allowed to act as registrars? At least
they know how to check physical IDs.
-Doug