ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

[ga] VeriSign to offer 2-factor security and better registry lock

  • To: GNSO GA Mailing List <ga@xxxxxxxxxxxxxx>
  • Subject: [ga] VeriSign to offer 2-factor security and better registry lock
  • From: George Kirikos <gkirikos@xxxxxxxxx>
  • Date: Mon, 29 Jun 2009 05:23:08 -0700 (PDT)


Hi folks,

VeriSign intends to offer 2-factor security and a better registry lock, see 
requests 200904 and 200905:

http://www.icann.org/en/registries/rsep/
http://www.icann.org/registries/rsep/verisign-auth-request-25jun09.pdf
http://www.icann.org/registries/rsep/verisign-reglock-request-25jun09.pdf

I've long been in favour of 2-factor security, so this might be very positive. 
However, it concerns me that VeriSign might be abusing its monopoly to 
overcharge for the services relative to what the price would be with 
competition, in agreement with what Danny mentioned yesterday:

http://gnso.icann.org/mailing-lists/archives/ga-200709/msg03045.html

Indeed, for those who've cared about "tiered pricing" you'll note they even use 
the phrase in the section on pricing for the registry lock service (i.e. page 
4, "VeriSign intends to charge registrars based on the market value of the 
Registry Lock Service. VeriSign expects to offer a tiered pricing model").

Furthermore, given the lawsuit out there attempting to break VeriSign's abusive 
monopoly, which would hopefully eventually lead to regular tender process for 
dot-com (and other gTLDs) it is important to ensure that these new services 
don't help VeriSign solidify vendor lock-in, and that they can be transitioned 
to a new registry operator should a competitor end up winning a future tender 
process.

Also in general it's a good idea to raise security for *everyone* and not just 
those willing and able to pay a premium. One will note PayPal only charges a 
one-time fee of $5 for their security key (for their 2-factor security) or $0 
for SMS, and then the ongoing costs are $0.

https://www.paypal.com/securitykey

That security key that PayPal uses comes from VeriSign:

http://www.infoworld.com/d/security-central/paypal-ebay-offer-security-key-us-customers-724

VeriSign should not be able to abuse its monopoly by overcharging for 
long-needed security updates for registrants.

Sincerely,

George Kirikos
http://www.leap.com/



<<< Chronological Index >>>    <<< Thread Index >>>