Re: Teen hacker controls ebay

["Karsten W. Rohrbach" <karsten () rohrbach de>]

Florian Weimer(fw () deneb enyo de)@2004.09.10 03:14:10 +0000:
> * Rainer Duffner:
>
> > > Personally, I can't comprehend how the default for something like that
> > > would be "Yes", 
> >
> > Because, if the ISP is bankrupt, the "YES" will never come.
>
> And that's a problem because of ...?

Operations. Some of us call it daily business.

> DENIC (the registry) claims to have a direct contractual relationship
> with all domain holders (not "owners", registering a domain doesn't
> grant you ownership, at least most of the time).

Which means what, if you chose a "cheap domain" wholesale provider who
"accidentally" sets himself as admin-c?
Which means what, if you happen to _move_ a domain from one provider to
another, implying consent between the two ISPs involved?

> In theory, you would resolve such a problem with DENIC.  In practice,
> DENIC doesn't have the infrastructure to deal with bankruptcy even of
> a small DENIC member/registrar.

DENIC could not care less, if your current ISP's gone bankrupt or what
not. It is not their business. You mail in a KK (request for "connectivity
coordination") and they process it. Finito. If your ISP does not answer
the request, the KK will be ACKed, which is a good thing.

Also, provider "lock-in" is not possible this way. No provider can block
your domain for transfer without a "NACK", which would have dire
consequences when it hits the courts.

> > IMHO (and several others more involved in the domain-trading biz)
>
> The problem is that domains are used for more things than just for
> domain trading.  The current focus on easy domain transfers might have
> made sense a few years ago, but now there are some major stakeholders
> which will simply put DENIC out of the loop if the DENIC processes
> can't guarantee stable delegations, for whatever reason.

DENIC is probably just the messenger in this game. Don't shoot'em.

If a 3rd party registry acts on behalf of their customers with DENIC,
they need to play by the rules. If they don't, the customer has a
problem.

FWIW, I get unauthorized KK requests every now and then, which are
passed to me by my ISP. I NACK them, end of story. My ISP plays by the
DENIC rules and passes me the requests in-time, so it's no biggie.

Regards,
/k

-- 
> Love is a snowmobile racing across the tundra and then suddenly it flips
> over, pinning you underneath.  At night, the ice weasels come.
> --Matt Groening
webmonster.de -- InterNetWorkTogether -- built on the open source platform
http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/
GnuPG:   0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4  A113 B393 6BF4 DEC9 48A6
Please do not remove my address from To: and Cc: fields in mailing lists. 10x

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html