Re: On-going Internet Emergency and Domain Names
From: David Conrad <drc@virtualized.org> Subject: Re: On-going Internet Emergency and Domain Names Date: Mon, 2 Apr 2007 17:33:08 -0700
On Apr 2, 2007, at 4:56 PM, Douglas Otis wrote:
The recommendation was for registries to provide a preview of the next day's zone.
I think this might be a bit in conflict with efforts registries have to reduce the turnaround in zone modification to the order of tens of minutes.
This is getting far afield from 'network operations', but the underlying issue is really quite simple: There are *NO*PENALTIES* for registering 'bogus' domains. The registry operator has -no- (financial) incentive to investigate, nor remove, a 'falsified' entry. Once a name is in the database, _anything_ affecting it is an 'un-necessary expense' to the registry operator. Similarly, there is no dis-incentive to a registrar wih regard to _filing_ a bogus registration with a registry. Address _these_ issues, and the domain names "problem" will effectively disappear. One _possible_ approach to dealing with the problem: 1) registry includes in it's contract with registrars a (non-trivial) $$ penalty for any registration filed that is found to contain invalid information. 2) 'formal complaints' to registrar about invalid information must include a 'filing fee' for the complaint. If the complaint is in-accurate, the filer loses their filing fee. HOWEVER, if the complaint _is_ valid, the _original_ filer gets back _more_ than their fee (paid out of the 'fine', see item 1, above, assessed against the registrar) while any additional complainants get all their original money returned. Possible variation: the size of the fine assessed against the registrar for a 'confirmed' complaint depends on the number of complaints recieved within some 'reasonable' time of the first complaint -- and all complaints within that 'window' get the 'bounty' for a valid compliant. 3) Registrars are charged a _sliding-scale_ of fees, with higher fees based on the numbers and/or percentages of 'bogus' registrations submitted recently. (This is similar to the way 'unemployment taxes' are assessed in the U.S. If there are more claims against your company, you pay a higher rate than similar firms with lower claims.) 4) Registrars with higher rates of 'invalid' submissions are _rate-limited_ as to how fast they can submit registrations. Underlying assumptions: A) The 'filing fee' approximates the registry operator cost of performing a basic investigation. B) The 'fine' assessed against a registrar is signficantly higher than the actual 'cost' of the investigation. C) A registrar that has higher per-registration costs is at a competitive disadvantage to those who canprovide equivalent service at a lower price. D) A registrar who has to say "We'll take your application now, but we can't tell you for xx hours (or days) if your application for that name was successful" is at a competitive disadvantage to one who can tell you _now_ 'your application was successful'. *THIS* gives the registry operator an incentive to 'clean house' -- finding and eliminating 'problem listings' is a REVENUE SOURCE. Similarly, registrars have an incentive to ensure that their _own_ house is clean. Lack of diligence costs them extra money, -and- places them at a disadvantage relative to their competition. 'White-hat' registrars can do something similar with regard to registrants. Registrants fall into three broad categories; (a) those who have never filed before, (b) those who _do_ have a history of problem-free filings, and (c) those who have a history of filings where there have been some problems. Those with a 'no problems' history are processed in an expedited manner, suject to checks for 'abnormal' behavior -- e.g. a radical increase in the number/rate of submissions. Those with no histories are subjected to additional cross-checking/verification, and, possibly, higher 'new user' charges. Those with 'problematic' histories get deferred, surcharged, and/or rate- limited processing. One can 'tune' the rate schedules for 'new users', and 'problematic' filers, to reflect the "risk level" that the registrar is willing to incur, -with- the recogition that registrar-level penalties imposed by a registry operator will affect _all_ registrations through that registrar, not just 'problematic' ones. 1
On Mon, 2 Apr 2007, Robert Bonomi wrote:
From: David Conrad <drc@virtualized.org> Subject: Re: On-going Internet Emergency and Domain Names Date: Mon, 2 Apr 2007 17:33:08 -0700
On Apr 2, 2007, at 4:56 PM, Douglas Otis wrote:
The recommendation was for registries to provide a preview of the next day's zone.
I think this might be a bit in conflict with efforts registries have to reduce the turnaround in zone modification to the order of tens of minutes.
This is getting far afield from 'network operations', but the underlying issue is really quite simple: There are *NO*PENALTIES* for registering 'bogus' domains. The registry operator has -no- (financial) incentive to investigate, nor remove, a 'falsified' entry. Once a name is in the database, _anything_ affecting it is an 'un-necessary expense' to the registry operator.
Similarly, there is no dis-incentive to a registrar wih regard to _filing_ a bogus registration with a registry.
Or policy.
Address _these_ issues, and the domain names "problem" will effectively disappear.
One _possible_ approach to dealing with the problem: 1) registry includes in it's contract with registrars a (non-trivial) $$ penalty for any registration filed that is found to contain invalid information.
And work a bit harder to make sure the information is valid. This can mean higher costs, of course.
2) 'formal complaints' to registrar about invalid information must include a 'filing fee' for the complaint. If the complaint is in-accurate, the filer loses their filing fee. HOWEVER, if the complaint _is_ valid, the _original_ filer gets back _more_ than their fee (paid out of the 'fine', see item 1, above, assessed against the registrar) while any additional complainants get all their original money returned. Possible variation: the size of the fine assessed against the registrar for a 'confirmed' complaint depends on the number of complaints recieved within some 'reasonable' time of the first complaint -- and all complaints within that 'window' get the 'bounty' for a valid compliant. 3) Registrars are charged a _sliding-scale_ of fees, with higher fees based on the numbers and/or percentages of 'bogus' registrations submitted recently. (This is similar to the way 'unemployment taxes' are assessed in the U.S. If there are more claims against your company, you pay a higher rate than similar firms with lower claims.) 4) Registrars with higher rates of 'invalid' submissions are _rate-limited_ as to how fast they can submit registrations.
Bulk registration should be limited, or at the very least regulated. Suspending domains registered with a stolen CC (as mentioned) seems natural, doesn't it?
Underlying assumptions: A) The 'filing fee' approximates the registry operator cost of performing a basic investigation. B) The 'fine' assessed against a registrar is signficantly higher than the actual 'cost' of the investigation. C) A registrar that has higher per-registration costs is at a competitive disadvantage to those who canprovide equivalent service at a lower price. D) A registrar who has to say "We'll take your application now, but we can't tell you for xx hours (or days) if your application for that name was successful" is at a competitive disadvantage to one who can tell you _now_ 'your application was successful'.
*THIS* gives the registry operator an incentive to 'clean house' -- finding and eliminating 'problem listings' is a REVENUE SOURCE.
Similarly, registrars have an incentive to ensure that their _own_ house is clean. Lack of diligence costs them extra money, -and- places them at a disadvantage relative to their competition.
'White-hat' registrars can do something similar with regard to registrants. Registrants fall into three broad categories; (a) those who have never filed before, (b) those who _do_ have a history of problem-free filings, and (c) those who have a history of filings where there have been some problems.
Those with a 'no problems' history are processed in an expedited manner, suject to checks for 'abnormal' behavior -- e.g. a radical increase in the number/rate of submissions.
Those with no histories are subjected to additional cross-checking/verification, and, possibly, higher 'new user' charges.
Those with 'problematic' histories get deferred, surcharged, and/or rate- limited processing.
One can 'tune' the rate schedules for 'new users', and 'problematic' filers, to reflect the "risk level" that the registrar is willing to incur, -with- the recogition that registrar-level penalties imposed by a registry operator will affect _all_ registrations through that registrar, not just 'problematic' ones.
1
On Mon, Apr 02, 2007 at 09:53:19PM -0500, Robert Bonomi wrote: ...
This is getting far afield from 'network operations', but the underlying issue is really quite simple: There are *NO*PENALTIES* for registering 'bogus' domains. The registry operator has -no- (financial) incentive to investigate, nor remove, a 'falsified' entry. Once a name is in the database, _anything_ affecting it is an 'un-necessary expense' to the registry operator. ...
See the aforementioned "restock fees" presented to ICANN. How much of a disincentive would they be? -- Joe Yao Analex Contractor
participants (3)
-
Gadi Evron -
Joseph S D Yao -
Robert Bonomi