what registrars need to do with no incentive [was: Re: On-going ..]

[Gadi Evron <ge () linuxbox org>]

On Mon, 2 Apr 2007, Robert Bonomi wrote:
> > From: David Conrad <drc () virtualized org>
> > Subject: Re: On-going Internet Emergency and Domain Names
> > Date: Mon, 2 Apr 2007 17:33:08 -0700
> >
> >
> > On Apr 2, 2007, at 4:56 PM, Douglas Otis wrote:
> > > The recommendation was for registries to provide a preview of the  
> > > next day's zone.
> >
> > I think this might be a bit in conflict with efforts registries have  
> > to reduce the turnaround in zone modification to the order of tens of  
> > minutes.
>
> This is getting far afield from 'network operations', but the underlying
> issue is really quite simple:  There are *NO*PENALTIES* for registering
> 'bogus' domains.  The registry operator has -no- (financial) incentive
> to investigate, nor remove, a 'falsified' entry.  Once a name is in the 
> database, _anything_ affecting it is an 'un-necessary expense' to the registry 
> operator.  
>
> Similarly, there is no dis-incentive to a registrar wih regard to _filing_ a 
> bogus registration with a registry.

Or policy.

> Address _these_ issues, and the domain names "problem" will effectively 
> disappear.
>
> One _possible_ approach to dealing with the problem:
>    1) registry includes in it's contract with registrars a (non-trivial) $$ 
>       penalty for any registration filed that is found to contain invalid 
>       information.

And work a bit harder to make sure the information is valid. This can mean
higher costs, of course.

>    2) 'formal complaints' to registrar about invalid information must include
>       a 'filing fee' for the complaint.  If the complaint is in-accurate, the
>       filer loses  their filing fee. HOWEVER, if the complaint _is_ valid, the
>       _original_ filer gets back _more_ than their fee (paid out of the 'fine',
>       see item 1, above, assessed against the registrar) while any additional
>       complainants get all their original money returned.  Possible variation:
>       the size of the fine assessed against the registrar for a 'confirmed'
>       complaint depends on the number of complaints recieved within some 
>       'reasonable' time of the first complaint -- and all complaints within
>       that 'window' get the 'bounty' for a valid compliant.
>    3) Registrars are charged a _sliding-scale_ of fees, with higher fees based
>       on the numbers and/or percentages of 'bogus' registrations submitted
>       recently. (This is similar to the way 'unemployment taxes' are assessed
>       in the U.S.  If there are more claims against your company, you pay
>       a higher rate than similar firms with lower claims.)
>    4) Registrars with higher rates of 'invalid' submissions are _rate-limited_
>       as to how fast they can submit registrations.

Bulk registration should be limited, or at the very least regulated.

Suspending domains registered with a stolen CC (as mentioned) seems
natural, doesn't it?

> Underlying assumptions:
>    A) The 'filing fee' approximates the registry operator cost of performing a 
>       basic investigation.
>    B) The 'fine' assessed against a registrar is signficantly higher than the 
>       actual 'cost' of the investigation.
>    C) A registrar that has higher per-registration costs is at a competitive
>       disadvantage to those who canprovide equivalent service at a lower price.
>    D) A registrar who has to say "We'll take your application now, but we can't
>       tell you for xx hours (or days) if your application for that name was
>       successful" is  at a competitive disadvantage to one who can tell you
>       _now_ 'your application was successful'.
>
> *THIS* gives the registry operator an incentive to 'clean house' -- finding
> and eliminating 'problem listings' is a REVENUE SOURCE.
>
> Similarly, registrars have an incentive to ensure that their _own_ house is
> clean.  Lack of diligence costs them extra money, -and- places them at a
> disadvantage relative to their competition.
>
>
> 'White-hat' registrars can do something similar with regard to registrants.
> Registrants fall into three broad categories;  (a) those who have never
> filed before, (b) those who _do_ have a history of problem-free filings,
> and (c) those who have a history of filings where there have been some 
> problems.  
>
> Those with a 'no problems' history are processed in an expedited manner,
> suject to checks for 'abnormal' behavior -- e.g. a radical increase in
> the number/rate of submissions.
>
> Those with no histories are subjected to additional cross-checking/verification,
> and, possibly, higher 'new user' charges.
>
> Those with 'problematic' histories get deferred, surcharged, and/or rate-
> limited processing.
>
> One can 'tune' the rate schedules for 'new users', and 'problematic' filers,
> to reflect the "risk level" that the registrar is willing to incur, -with-
> the recogition that registrar-level penalties imposed by a registry operator
> will affect _all_ registrations through that registrar, not just 'problematic'
> ones.
>
>
> 1