On Tue, 18 Jan 2005, Richard Parker wrote:
Does anyone know if the panix.com domain did, in fact, have an RRP status of registrar-lock in the .com registry sometime before it was hijacked?
Based on last month data it did not have in registrar-lock. I believe registrar lock for all panix domain (including panix.net, access.net) was added on January 15th. Based on what I heard in public so far, I'm seeing the following scenario which paints the picture in which everyone did something that as a whole led to the panix.com hijacking: 1. ICANN On November applied new rules allowing for domains to be transfered without positive authorization. This might have relaxed necessary transfer requirements at MIT as well as how Dotster reacts to upcoming transfer requests 2. MelburneIT Something happened in its process, I can imagine several scenarios: 1. it relied on its Reseller to get authorization and its quite likely reseller failed to do so in correct way (Note: Not being MIT reseller, I don't know for sure, but its possible they provide interface for reseller to tell registrar they have fax authorization but then don't check on the fax prior to completing the transfer) 2. its possible mechanism for authorizing the transfer in automated way could be predicated (i.e. one could synthesize web post or email that would approve transfer based on knowing domain name, email address of domain administrator and unique id of the domain within MIT), possibly they faked email coming from panix.com that seems to have approved the transfer 3. Panix Its likely that they failed to request registrar lock from Dotster 4. Dotster It seems likely that they failed to provide notification of the upcoming transfer to its customer because they considered that its only OPTIONAL based on ICANN's policies (Note: I maybe wrong here as dotster actually said they did not even know the domain is being transfered). Its also possible that Panix.com requested registrar lock and Dotster did not set it up. -- William Leibzon Elan Networks william@elan.net