Illegitimate transfers are out of scope. From the point of view of the DNS, an illegitimate transfer is indistinguishable from a legitimate transfer.
The only thing technology could do for this case is allow the web site to tell customers "I'm not planning to change anything in the next N days". So, for instance cached DANE records or key pinning. First-time visitors with nothing cached are out of luck. Maybe you could have something of an observatory system for sharing the sort of information that other people have cached. --Richard On Jan 26, 2012, at 2:07 PM, Phillip Hallam-Baker wrote: > This is a site I have been using for over a year now. > > How would I as a regular Internet user be expected to work out which > site is the real one? This could be site napping or it could be > phishing fraud. > > > I tend to suspect that the email is telling the truth, but it is also > possible that it is a phishing attack. > > I do not particularly want to log into either site right at the moment. > > > DANE would be no help whatsoever. In fact as currently proposed it > would require browsers to only consider therpf.com as valid. > > But some of the other proposals made could provide important > information. For example, Perspectives and Convergence might allow > continuity to be established through the certificate continuity. > Depending on the details of the implementation, SK and CT > > > ---------- Forwarded message ---------- > From: ad...@moviepropsites.com <ad...@moviepropsites.com> > Date: Thu, Jan 26, 2012 at 1:33 PM > Subject: the Replica Prop Forum - Update to Critical Notice > To: hal...@gmail.com > > > Hello hallam > > Two weeks ago we wrote to tell you the unfortunate news that our > domain name, therpf.com had been stolen. A considerable number of you > have written back to ask for an “official” update, so here you go! > > While we have been able to secure our own server where we are > temporarily hosting the RPF (thereplicapropforum.com) we have NOT been > able to regain ownership of therpf.com at this time. > > To be clear, therpf.com is STILL in the hands of the hacker who has > setup a site which looks almost identical to the real site. Do NOT be > fooled. therpf.com may look like the real site, but is still under > the control of the hacker! > > The real RPF is still being temporarily housed at thereplicapropforum.com > > Some of you have expressed a concern about how you know if these > communications (like the one you are reading now) are legitimate. To > verify, you can go to our facebook page, twitter page, our facebook > group, or even my personal facebook page to verify and learn more. > Below are links to each. > > Official RPF Facebook page: http://www.facebook.com/therpf > Official RPF Facebook GROUP page: http://www.facebook.com/groups/therpf/ > Official RPF Twitter page: http://twitter.com/replicaprops > My personal facebook page: http://www.facebook.com/artandrewsjr > > Our legal team is getting close to completing our dispute of the > illegal transfer of therpf.com and with any luck, we hope to have that > domain back in our possession in roughly 30 days or so, but the legal > process is a slow one and this has been further complicated since it > is also an international issue. > > When we do get the domain back, we will email you again to let you > know it is safe to return to therpf.com but until that time, please > continue to use thereplicapropforum.com and avoid therpf.com. We are > still here, doing what we have always done; sharing our love for > props, costumes and models and talking about the latest movies and > goings-on in the entertainment industry. > > On a final note, hundreds of you have come forward to help support > this community in numerous ways. Thank you for that support! Your > support has shown your devotion and love for this community and we > really appreciate it. Like you, we love this community and are > looking forward to continuing to serve you in the future! > > Sincerely, > Art > www.thereplicapropforum.com … for now… > > > -- > Website: http://hallambaker.com/ > _______________________________________________ > therightkey mailing list > therightkey@ietf.org > https://www.ietf.org/mailman/listinfo/therightkey _______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey
