On Apr 1, 2007, at 11:51 AM, Douglas Otis wrote:
Instituting notification of domain name additions before publishing would enable several preemptive defenses not otherwise possible.
How does this help? Are you saying that new domains somehow are somehow to be judged based upon someone's interpretation as to whether or not the domain 'reads' well, or some other factor? Who makes that determination, and by what criteria? Or are you saying that notification of someone whose credit card has been stolen would somehow help? How would the registrar know whether or not an email address given at the time of registration is valid for the purported registree? If there's some kind of 'click-to- validate' system put into place, the miscreants will simply automate the acceptance process (there's been a lot of work done on defeating CAPTCHAs, for example; even if they do it by hand, that would work. And services like Mailinator can make it even easier for the miscreants due to their FIFO nature - no forensics possible). Several registrars offer private domain registration as an option, as well. How does this affect the notification model? I generally agree with you that when possible, time for analysis can be useful (though I'm unsure how that helps in this scenario, see above). But one of the ways registrars compete ison timeliness; last night, for example, I registered a few domains on a whim. If the registrar I chose to use had told me there was some delay in the process for vetting, I would've cancelled the order and gone somewhere else, because I wanted those domains -right then-, before someone else registered them. This is all probably way off-topic for NANOG, anyways. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice Words that come from a machine have no soul. -- Duong Van Ngo