on 1/19/05 9:14 PM, William Allen Simpson at wsimpson@greendragon.com wrote:
However, that still looks to me like "Users can only ask that domains be locked." Unless you are claiming that users can send the lock request directly to the registry, and monitor its status.
William, as a registrar operator I am certain that Mark Jeftovic knows more about this subject than I do, but I do not believe that there is any generally recognized mechanism for an individual domain holder to directly request that the .com registry lock his domain. However, all domain holders can directly monitor the status of their domain using the .com registry's whois server - including whether or not their domain has a status of registrar-lock. They do not have to rely on their registrar to tell them if their domain is locked or not.
I repeat, the domain locking red-herring has absolutely nothing to do with this domain hijacking.
I don't think registrar-lock is a red-herring. In the wake of the panix.com hijack holders of domain names are naturally going to want to know what they can do to prevent something similar happening to them. The ability to request registrar-lock is one the few defenses domain holders have. If the panix.com domain had indeed been in registar-lock at the time the transfer took place then domain holders would have had every right to be concerned that their own locked domains could fall victim to a similar hijack. The fact that panix.com was not in registar-lock at the time of the hijack provides a little comfort to those worried about a hijack of their own domains.
Gosh officer, if she'd only had a big padlock on her purse, I wouldn't have stolen it.
Gosh judge, if she'd only worn running shoes instead of those sexy high heels, I couldn't catch and rape her; the shoes made me do it.
Stop blaming the victim!
I haven't seen anyone on NANOG claim that Panix is not a victim. Clearly a serious error occurred in the process Melbourne IT uses to authenticate transfers. However, your analogies seem unnecessarily inflammatory. Another analogy might be to describe Panix as a bank. If a bank's vault is robbed the bank is certainly the victim of a crime. If my valuables are secured in a similar bank across town, I might be concerned that the robbers will hit my bank next and steal my valuables, particularly if my bank used the same style of vault. Once learning that the first bank hadn't installed a door on their vault might be somewhat comforting if I check my own bank and see that it has a secure vault door. However, a customer of the first bank might well be upset at the loss of his valuables if he discovered that his bank's vault did not have a door - and it would not be surprising if he was not entirely satisfied if the bank responded by saying "we asked our vault vendor to install a door." -Richard