Domain transfers/ICANN (and clarifying msg authorship)

[David Farber <dave () farber net>]

Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: November 12, 2004 12:20:58 PM EST
To: dave () farber net
Cc: lauren () vortex com
Subject: Domain transfers/ICANN (and clarifying msg authorship)

Dave,

A couple of comments relating to this topic that hopefully will
clarify the issues a bit:

First, I want to note that on the second message that is under my
name forwarded below (from the original IP msg text) the forwarder
had stripped the reply markers and made it look like the entire
message was authored by me.  In fact, the message was authored by
Arnt Gulbrandsen and I was replying.  I have reinserted the markers
below and annotated for accuracy in the record.

Second, I thought it was clear all along that we were talking about
domain registrar transfers, not domain ownership transfers within a
registrar.  The effects of a unwanted registrar transfer can still be
highly significant, especially given the varying operational policies
of various registrars, and what has been observed to be "spammer
friendliness" on the part of some.  How do you think spammers manage
to get hold of so many throwaway domains so quickly?  Spammers are
apparently among the fastest adopters of supposed "anti-spam"
techniques like SPF (and can be expected to continue operating quite
successfully in the face of Domain Keys as well, for reasons I won't
delve into in this message).

Bottom line: Domains are valuable resources, both to domain owners
and to registrars.  Unwanted transfers of domains between registrars
can still be a very big problem, and the concerns being expressed
over the defaults and timeout periods in the new ICANN policy remain
completely valid.

--Lauren--
Lauren Weinstein
lauren () pfir org or lauren () vortex com or lauren () privacyforum org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR - People For Internet Responsibility - 
http://www.pfir.org
Co-Founder, Fact Squad - http://www.factsquad.org
Co-Founder, URIICA - Union for Representative International Internet
                     Cooperation and Analysis - http://www.uriica.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://www.vortex.com/lauren-blog





------- Forwarded Message

To: Ip <ip () v2 listbox com>
From: David Farber <dave () farber net>
Subject: [IP] more on  ICANN/Domains Sky not falling
Date: Fri, 12 Nov 2004 10:04:41 -0500

Begin forwarded message:

From: Charles Brownstein <charles.brownstein () verizon net>
Date: November 12, 2004 9:06:11 AM EST
To: dave () farber net
Subject: Re: [IP] ICANN/Domains Sky not falling

ICANN's new policy not as bad as I thought it was
posted November 11, 2004 at 01:07 pm

Update: It looks like Netcraft was a little overzealous in reporting
the dangers this policy change poses and I misunderstood what is at
issue here. Michael Moncur explains:


1. This policy is for registrar transfers, not ownership transfers. It
doesn't make it any easier for a domain to be hijacked, except perhaps
by a corrupt registrar.

2. The gaining registrar is still required to confirm the transfer: A
transfer must not be allowed to proceed if no confirmation is received
by the Gaining Registrar.


The policy change is to keep registrars from holding domains hostage
when people wish to transfer them, which is a worthy goal. I don't want
my domains to go to another registrar, so I've still got them transfer
locked, but it's unlikely that anyone will have to cancel their
vacation just to keep an eye on their domain names. Embarrassed
apologies for any panic induced...my ass has been fact checked and it's
a little sore.

  -----

  Many of you are domain owners and have probably seen this elsewhere
lately, but in case you haven't, pay attention. ICANN has a new policy
about domain name transfers which will make hijacking domains much
easier:
  At 02:49 PM 11/11/2004, you wrote:



Begin forwarded message: (This is a reply to Arnt from Lauren)

  From: Lauren Weinstein <lauren () vortex com>
  Date: November 11, 2004 1:06:27 PM EST
  To: Arnt Gulbrandsen <arnt () gulbrandsen priv no>
  Cc: Lauren Weinstein <lauren () vortex com>, neumann () vortex com,
  dave () farber net
  Subject: Re: ICANN/Domains

>  Well... I know several people who've been in deep deep trouble because
>  netsol wouldn't transfer or otherwise change their domains, so a 
> policy
>  change to castrate recalcitrant registrars is necessary.

  I agree, penalties applied to registrars would be appropriate,
  but insane "OK" defaults and 5 day timeouts are not!


>  Here's how to check whether your domains are locked using whois.
>  For .com and .net, there should be a line saying "Status:
>  REGISTRAR-LOCK". For .org you should see "Status:CLIENT TRANSFER
>  PROHIBITED". If you see OK or ACTIVE instead, the domain is open to
>  transfer.

  This apparently only works for the Web-based WHOIS queries.
  That status line does not seem to appear on the command line WHOIS
  output.

  I just checked and indeed my .COM and .NET domains are all locked
  by NetSol.  The .ORGs are not, as one might expect.

  The effects of a false transfer would almost always be much worse
  than the effects of a delayed transfer.  I'd like to know how
  this ICANN policy was developed, when was the public comment period,
  etc.?  Somehow this one slipped under my radar.

  --Lauren--

  -------------------------------------
  You are subscribed as charles.brownstein () verizon net
  To manage your subscription, go to
    http://v2.listbox.com/member/?listname=ip

 --- End forwarded msg

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/