On Mon, 2 Apr 2007, Andy Johnson wrote:
weaknesses wherever they may find them. Today it might be weak verification of domain registry infrastructure, tomorrow it might be exploiting some p2p network.
so, what exactly is the problem with registrations? One of the problems I see is with a seeming lack of follow-through on fraudulently purchased domains. Another is a seemingly long time to remove domains that are 'up to no good'. Taking out of this problem space the 'domain tasting' or 'domain kiting' issue (which is really a use of loopholes there for consumer protection...) If you look at the domain registration system as a legacy process, what would you do differently if re-inventing it? That, it seems to me, is likely the best path forward. Take your opinions/options and get them codified into new policy for registries/registrars to follow. With every relatively static and relatively open set of policies eventually bad-actors will find a set of loopholes or vulnerabilities to get their job done. It seems that re-evaulating the polcies/procedures/requirements would be useful in this matter. -Chris