On Wed, Apr 04, 2007 at 10:06:18AM -0500, Joe Greco wrote: ...
If you seriously want to propose something:
If you're going to do any vetting, the time to do it is at registration, not at crunch time.
If what you're talking about is the identity of the person registering, yes. If what you're talking about is the identity of the person submitting the request for change, no. If you do the former, and can establish (what is today's password, please?) that the latter is the former, then you have done the latter fairly quickly and easily - and can trace any abuse or attempted perfidy [such as I was trying to do to you in the last message].
Limiting rapid updates makes sense. Eliminating them does not.
Yes.
Fixing the brokenness which allows for domain tasting makes perfect sense.
Yes.
Designing a system which doesn't allow for some level of anonymity (let's say for whistleblower/bloggers) requires some serious debate that goes far beyond "what are the security implications."
Yes.
Etc.
-- Joe Yao Analex Contractor