North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: summarising [was: Re: ICANNs role]

  • From: Dorn Hetzel
  • Date: Wed Apr 04 10:42:04 2007
  • Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=VfJJH+2kCHN3L6/dGK6gGr1yfbpMU0EuFCUC3gCOXy7sBDpcyN9c6+/iyoEkVb5sf5iOhhqbcHJYGPXhRzGfFbyTQ2S+xn/i+N3XxALV1fOnjAkSyAlT/dJsumgs9DbKxHZ9eU5B/YRlgV6NEGpa9zt+WiXi/7Awn3Mto/bZO28=
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=e9UU5i/ntW17twYGGOIYuHNBrMR+sc35KAXUKw39Ty8nqo3nL2bcu55DOtH8ydJT4KgeOuiA1w6PD7aawZregc81Hf2A40oie8pMxsPffzyLUNmkQkXX9teA8YStAKjQWwVseGf+zYZBCvyzFfv9W029MMTfJk3WaZ38lU/bFtg=

Why not make it so that instant updates require a human to show up in person somewhere and give their fingerprint.
(there are a huge number of businesses out there that make a living handling transactions where identity matters (think western union, etc),
perhaps some of them would be happy to have the business.  the fees involved could cover their costs and some profit)
To maintain access I would let many businesses participate in the front end of this (I can pay my phone bill at a number of local businesses in person if I'm too much of a loser to get it done ahead of time with a bank account or credit card)...
 
(This is probably a stupid idea for some reason I can't think of at the moment, but it seemed worth mentioning)

 
On 4/3/07, Joe Greco <[email protected]> wrote:

> So, an "oops, I screwed up, and am in a panic" fee, of, say $100 and
> a quick but accurate identity check combined would take care of such
> an emergency. The fee would pay for the expense of the identity
> check, and perhaps provide a bit of profit for the registrar. This
> seems reasonable and workable. Or the fee could just be an extra
> profit for registrar and registry, raise the cost of doing business
> for the abusers, and also be workable.

What purpose does an identity check serve?  How do you verify the
identity?  If a domain name is already registered, what value is there
to the "identity" check?  What identity are you verifying?  The
individual requesting the update?  The company?  What happens when you
find yourself unable to navigate the County Clerk's office at 5:01PM
to look up that fictitious name filing?

If you want to establish identities, the time to do that is at
registration time - not crunch time.

Why not simply limit updates?  As a method for stopping rapid update
abuse, limits would seem to be highly effective.

Possible policy:

You get two "instant updates" a month.  This is sufficient to handle a
change of nameserver, plus a correction for the inevitable error.

Further updates are allowed once every two days, similar to past policy.
Or maybe even less.

If you need more "instant updates," you pay a fee to the registrar, who
can be made to have an interest in making sure that the transaction is
not a fraud.

... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.