On Sun, 2007-04-01 at 08:41 -0700, David Conrad wrote:
It is my understanding that the various domain registries answer to ICANN policy
_Some_ registries answer to ICANN policy, those that have entered into contracts with ICANN. Others, e.g., all the country code TLD registries, don't. However, even in those cases in which there are contractual agreements, ICANN's role is typically quite limited (by design: ICANN isn't the Internet's mommy).
if ICANN policy allows them to operate in a manner which is conducive to allowing criminals to manipulate the system, then the buck stops with ICANN, and ICANN needs to rectify the problems in the policy framework.
Sorry, I still haven't figured out what the problem is you're trying to lay at ICANN's door...
When providers daily accept payment for thousands of accounts with unique, valid, albeit stolen credit card numbers, preventing abuse remains difficult without using time as a remedy. No doubt, domain tasting represents a retreat from dealing with fallout created by such fraud. In addition, several security strategies could become more comprehensive and rely less upon specific OS threat recognitions. Instituting notification of domain name additions before publishing would enable several preemptive defenses not otherwise possible. A notice of change does not alter the core, but instead enables defensive strategies at the edge. These strategies are not limited to white-outs, but might be in the form of alerts or warnings. It takes time to push defensive information to the edge. A notification of change before it occurs reduces the significant advantage now afforded bad actors who are heavily exploiting DNS. -Doug