Re: The entire mechanism is Wrong!
Paul G wrote: ime, the act of defining 'emergency' does not provoke compliance therewith. Of course. It must be enforced. How, I'm not sure at this point (and not being an employee of a company acting as registrar or registry, I'm not sure I'd be able to offer any constructive suggestions as to how to enforce it). -- JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638) Steven J. Sobol, Geek In Charge / [EMAIL PROTECTED] / PGP: 0xE3AE35ED In case anyone was wondering, that big glowing globe above the Victor Valley is the sun. -Victorville _Daily Press_ on the unusually large amount of rain the Southland has gotten this winter (January 12th, 2005)
Re: The entire mechanism is Wrong!
On Mon, 17 Jan 2005 07:12:58 + (GMT) Christopher L. Morrow [EMAIL PROTECTED] wrote: provided their contract requires some form of 24/7 support, and there is an SLA to manage that requirement. If there isn't then there is no need for 24/7 support (no contractual reason), it just becomes a business differentiator for clients when chosing registrar X or registrar Y (or so it seems to me) Then you miss the point that there was no contractual relationship between the real PANIX and MelbourneIT, yet in the first instance it was MelbourneIT that needed to respond so that an investigation into this unfortunate incident could be started. However excellent the SLA that a domain owner may have with their registrar, it is inevitably of no value when the central system is compromised (as appears on the surface to have been the case here). Your argument would have been completely sound if, in addition to whatever level of customer support they choose/contract to provide, there were an obligation for every accredited registrar to guarantee a response within a given timescale and on a 24/7 basis, to any emergency request received from any other accredited registrar. Indeed, such may already have been the case. Fire Drills have a habit of discovering shortcomings within well-planned emergency arrangements! -- Richard Cox
Re: The entire mechanism is Wrong!
Gentlemen and Ladies, I concur with the view expressed by Bob Fox (IANA-134), that the current method only favours Verisign and crooks. The hijacking of panix.com, and the post-hijacking response of VGRS, which could unilaterally act, but choses not to, for its own reasons, and MelburneIT, which could unilaterally act, but choses to not act until 72 hours after being noticed, if then, is a counter-example to any claim that the current method has any rational application to domain names that are mission critical, that is, used for something other than proping up some shoddy trademark claim by some party that doesn't even use the dns for core operational practice. It doesn't reflect very well on the registries and registrars either. Eric Brunner-Williams CTO Wampumpeag, LLC Operator, USA Webhost, IANA-439, CORE-124
Re: The entire mechanism is Wrong!
Eric Brunner-Williams in Portland Maine wrote: Gentlemen and Ladies, I concur with the view expressed by Bob Fox (IANA-134), that the current method only favours Verisign and crooks. The hijacking of panix.com, and the post-hijacking response of VGRS, which could unilaterally act, but choses not to, for its own reasons, and MelburneIT, which could unilaterally act, but choses to not act until 72 hours after being noticed, if then, is a counter-example to any claim that the current method has any rational application to domain names that are mission critical, that is, used for something other than proping up some shoddy trademark claim by some party that doesn't even use the dns for core operational practice. It doesn't reflect very well on the registries and registrars either. Eric Brunner-Williams CTO Wampumpeag, LLC Operator, USA Webhost, IANA-439, CORE-124 Do you mean by that the No-Hijack bit be set by default? Or perhaps do you mean previous owners can call in a stop order or dispute the transfer unilaterally within X days of occurence, much like it works for many REAL money transactions? How are trademark domains relevant to panix.com? Joe
Re: The entire mechanism is Wrong!
On Sun, Jan 16, 2005, Chris Adams wrote: We're a relatively small ISP compared to many on NANOG, but we have a 24x7 on-call system with an answering service. All domain registrars should be required to have 24x7 service. I agree they should have 24/7 support. Just remember that, as an example, Melbourne IT has probably two orders of magnitude more clients than you. A 24x7 pager service would attract a /lot/ of Emergencies and as such they'd have to consider running at least a muppet level call service outside of hours to filter emergency requests away from the normal signup procedures and over to the People Who Really Fix Things. Adrian -- Adrian ChaddYou don't have a TV? Then what's [EMAIL PROTECTED] all your furniture pointing at?
Re: The entire mechanism is Wrong!
Adrian Chadd wrote: I agree they should have 24/7 support. Just remember that, as an example, Melbourne IT has probably two orders of magnitude more clients than you. A 24x7 pager service would attract a /lot/ of Emergencies and as such they'd have to consider running at least a muppet level call service outside of hours to filter emergency requests away from the normal signup procedures and over to the People Who Really Fix Things. I'm not saying MIT needs 24x7 support, I am saying they need on-call staff. One person might be enough; perhaps more than one may be needed. (A couple people called me on this point offlist and I felt the need to clarify my opinion.) I resell GoDaddy and they do have 24x7 customer support, but I don't think that's necessary to properly run a registrar. Just have X people available to deal with emergency situations. X will vary based on the size of the customer base. -- JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638) Steven J. Sobol, Geek In Charge / [EMAIL PROTECTED] / PGP: 0xE3AE35ED In case anyone was wondering, that big glowing globe above the Victor Valley is the sun. -Victorville _Daily Press_ on the unusually large amount of rain the Southland has gotten this winter (January 12th, 2005)
Re: The entire mechanism is Wrong!
Just remember that, as an example, Melbourne IT has probably two orders of magnitude more clients than you. A 24x7 pager service would attract a /lot/ of Emergencies and as such they'd have to consider running at least a muppet level call service outside of hours to filter emergency requests away from the normal signup procedures and over to the People Who Really Fix Things. Of course it's unreasonable to expect a registrar to have to put up with such a burden during off hours: God only knows what kind of silly calls would come in. Emergencies are best handled in a batch during the regular work week. For the stuff that really won't wait, you just put a lawyer on retainer, who can fax off a letter telling the complainant to sod off until Monday morning, or until the moon is in the seventh house and Jupiter aligns with Mars, whichever comes first. I mean, if we can't be on the golf course by 3:00, what are we in this business for, anyway -- right? Jim Shankland
Re: The entire mechanism is Wrong!
Joe Maimon [EMAIL PROTECTED] writes: Or perhaps do you mean previous owners can call in a stop order or dispute the transfer unilaterally within X days of occurence, much like it works for many REAL money transactions? That makes considerable sense. You should be able to call in, say roll it back, and have it stay rolled back for a few days until someone can investigate. It is exactly what I was talking about. If people like Melbourne IT are going to claim they can't act on weekends, it might also be sensible not to allow transfers to be processed between Thursday and Sunday, though honestly I think if you are going to be a registrar, you are going to have to deal with problems over weekends. It is their dirty problem - if they can not act on weekend, they can not maintain a registry, that's all. One more disturbing problem here -- it seems (based on external evidence) that someone managed to fake out the system. Although Verisign and Melbourne IT seem to think that the transfer was approved, neither Dotster nor Panix have any record at all of it. Dotster's records make them think they are still the registrar for panix.com. It appears someone cracked the system, though whether by exploiting protocol problems or in some other way isn't clear at all. If I am allowed to say my personal opinion here - it more likely was a technical bnug or human mistake, not a hack. But let's see. This case shiould be carefully investigated, no matte if this transfer was legal or not. Perry
Re: The entire mechanism is Wrong!
On Sun, 16 Jan 2005, Jim Shankland wrote: Of course it's unreasonable to expect a registrar to have to put up with such a burden during off hours: God only knows what kind of silly calls would come in. Emergencies are best handled in a batch during the regular work week. For the stuff that really won't wait, you just put a lawyer on retainer, who can fax off a letter telling the complainant to sod off until Monday morning, or until the moon is in the seventh house and Jupiter aligns with Mars, whichever comes first. I mean, if we can't be on the golf course by 3:00, what are we in this business for, anyway -- right? The registrar DOES need to define Emergency. Emergency does not mean page on-call staffers because I forgot to renew my domain and it's fallen out of the roots, and Customer Service is closed Saturday. Such an event is defined as being My Own Fault, Not Due to Catastrophic Conditions and doesn't warrant bugging the person on-call. As long as the registrar defines what constitutes a page-able emergency, they should be ok. (Or is this overly simplistic?) -- JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638) Steven J. Sobol, Geek In Charge / [EMAIL PROTECTED] / PGP: 0xE3AE35ED In case anyone was wondering, that big glowing globe above the Victor Valley is the sun. -Victorville _Daily Press_ on the unusually large amount of rain the Southland has gotten this winter (January 12th, 2005)
Re: The entire mechanism is Wrong!
- Original Message - From: Steven J. Sobol [EMAIL PROTECTED] To: Jim Shankland [EMAIL PROTECTED] Cc: Adrian Chadd [EMAIL PROTECTED]; nanog@merit.edu Sent: Monday, January 17, 2005 1:33 AM Subject: Re: The entire mechanism is Wrong! On Sun, 16 Jan 2005, Jim Shankland wrote: Of course it's unreasonable to expect a registrar to have to put up with such a burden during off hours: God only knows what kind of silly calls would come in. Emergencies are best handled in a batch during the regular work week. For the stuff that really won't wait, you just put a lawyer on retainer, who can fax off a letter telling the complainant to sod off until Monday morning, or until the moon is in the seventh house and Jupiter aligns with Mars, whichever comes first. I mean, if we can't be on the golf course by 3:00, what are we in this business for, anyway -- right? The registrar DOES need to define Emergency. Emergency does not mean page on-call staffers because I forgot to renew my domain and it's fallen out of the roots, and Customer Service is closed Saturday. Such an event is defined as being My Own Fault, Not Due to Catastrophic Conditions and doesn't warrant bugging the person on-call. As long as the registrar defines what constitutes a page-able emergency, they should be ok. (Or is this overly simplistic?) ime, the act of defining 'emergency' does not provoke compliance therewith. -p --- paul galynin
Re: The entire mechanism is Wrong!
On Sun, 16 Jan 2005, Alexei Roudnev wrote: If people like Melbourne IT are going to claim they can't act on weekends, it might also be sensible not to allow transfers to be processed between Thursday and Sunday, though honestly I think if you are going to be a registrar, you are going to have to deal with problems over weekends. It is their dirty problem - if they can not act on weekend, they can not maintain a registry, that's all. provided their contract requires some form of 24/7 support, and there is an SLA to manage that requirement. If there isn't then there is no need for 24/7 support (no contractual reason), it just becomes a business differentiator for clients when chosing registrar X or registrar Y (or so it seems to me)
