<<<
Chronological Index
>>> <<<
Thread Index
>>>
RE: [registrars] An Opportunity to Prove A Point - Hi-Jacked Name At GoDaddy
Folks,
I rarely enter into these discussions, while I always enjoy reading
them, and will have little of substance to add here. With your
permission I would just post this in an attempt to put the debate back
in the perspective of a civil discussion on an important issue among
people who generally respect each other and show that.
In the last seven years I have had the true pleasure of getting to know
many of you to varying degrees. What I have found is a group of
extraordinarily bright people who have very different views on the best
business model and on what is best for the long term health of this
marvelous new medium, the Internet, and its users. I have found almost
all of you to be people of great honesty and character. Yes, there are
always a few "bad actors" in a group as large as ours, but they are
amazingly few and much overweighed by the genuinely good people in our
midst. Whether it is Dr. John Berryhill's pithy but always humorous wit
or Elliot's enlightened passion, you are caring, concerned and well
motivated, as well as stimulating and spirited in debate. Most of the
time you are also a lot of fun to be around and show each other a high
degree of respect, as is due, even in a spirited debate.
It is unusual to find fierce competitors such as you who can also share
camaraderie and civility. So my one suggestion would be that we all
value the rather unique chemistry of relationship that exist in this
group and not allow our passion for the right as we see it to damage
that. I fear if that chemistry is lost it will never be recovered.
On the issue, I do not think anyone spoke and wrote more openly of the
myriad defects in the transfer policy before its adoption than did I. It
has more holes than Swiss cheese. We have all struggled, usually in
reasonable cooperation, to try and make it work. Unless there is
fundamental change we will probably just continue to have to struggle
together in the real world of the domain industry to find patches for a
flawed structure.
Elliot and Bob, I understand all the points you make about the lack of
effectiveness of competition in resolving these issues. There is merit
to what you say. However, at the end of the day history shows that only
one of two models can work. Either we have regulation to keep order and
protect the interests of the various parties or we let that be sorted
out by competition. In 2001 and 2002, when going around attempting to
sell the first massive budget increases for ICANN, Paul made a number of
promises of how the money would be put to use to regulate excesses that
were developing in the industry. I will not offer any polemic on ICANN
and merely say that it has not worked out that way. So in truth, it
seems to me that we are left with competition. Competition may not in
this case be either perfect or efficient in addressing the issue, but it
is better than nothing.
I hope this finds you all well. Best, Champ
W. G. Champion Mitchell
Chairman
O: (703) 668-5200 | www.networksolutions.com
-----Original Message-----
From: owner-registrars@xxxxxxxxxxxxxx
[mailto:owner-registrars@xxxxxxxxxxxxxx] On Behalf Of elliot noss
Sent: Saturday, February 23, 2008 5:11 AM
To: Nevett, Jonathon
Cc: John Berryhill; Registrar Constituency; Tim Ruiz
Subject: Re: [registrars] An Opportunity to Prove A Point - Hi-Jacked
Name At GoDaddy
first things first. there are have been some unconstructive
contributions to this thread, not the least of which was mine. imho,
john should not have posted this on a public list. most importantly, I
should NOT have thrown a log on the fire with my post. it is my semi-
annual reminder to i) wait ii) re-read iii) only then hit send.
next, I was not intending to demean phil sbarbaro in my earlier post
(although I seemed to have opened the door for others to do so). my
apologies to phil. in the first year or two of the srs phil was stuck
dealing with the hijackings that resulted from nsi's poor business
processes (well before champ or jon or....). we worked together to
deal with a number of these. that co-operation started a fine
tradition that the vast majority of registrars honour.
the freedom to transfer between registrars and standardize policy was
an extremely hard-won battle. it took a long time, was much more
frustrating than this argument and, in the end, we were successful at
a policy level. sadly, that has not been backed up with compliance.
there are two important FACTS that all of the below ignores.
FACT ONE. ICANN's lack of enforcement of transfer policy brings the
whole contract regime and policy development process into disrepute.
we are already reviewing the old policy, now three years old, before
we start enforcing the existing policy. ICANN has allowed contracted
parties to do as they please despite what is now years of very public
complaining. they have made assurances in delhi that this will change.
I will take them at their word and wait and hope.
FACT TWO. every day there are registrants who wish to use the supplier
of their choice and are unable to transfer because of these violations
of transfer policy. if the rest of us were to enact these tactics as
"SOP" there would be a huge number of people who want to transfer to
go daddy who would be unable to. of course we would just be
"protecting" "our" customers at that point.
just about everyone on this list knows how the two violations work in
concert:
- registrant want to change suppliers and needs to update old contact
information, which, of course, happens most often in the last 60 days
of registration;
- transfer refused due to the first violation;
- registrant waits the 60 days, tries again;
- transfer refused due to second violation.
as I understand the position of those who do this, this person has
suffered no harm because they are still being supplied by the great
supplier they previously had. of course the registrant feels
differently.
I think it would be very helpful in talking about reasonableness to
get some data. jon, tim, how many transfers are refused each month due
to i) the 60 day hold for changed information and ii) being in the
grace period. and please, at some point, could I have your
justifications for denying transfers in the grace period!
lastly, your market comments simply fly in the face of market
realities. these are items that cost $0.75/month (of which $0.55 goes
to our friendly taxing authorities verisign and ICANN). the
"disclosure" you talk about is buried in clickthrough agreements that
nobody reads. the cost in time and effort for people to move is simply
outweighed by the benefit. again, roger cochetti redux.
you talk about theoretical situations that are simply not NSIs or go
daddy's. provide the data and let's have a substantive debate about
reasonableness instead of evoking fears of bogeymen. we have all well
learned that when someone tells us they are "protecting" us they are
probably limiting our freedoms.
at the end of the day, even debating that is, as I have said over and
over, simply wrong because the rules don't allow you to do it. your
arguments are clever sophistry. your job is well done. now staff have
to do theirs.
Regards
On Feb 22, 2008, at 2:04 PM, Nevett, Jonathon wrote:
>
> Let me throw another one out for consideration:
>
> 7. A domain name was already in "lock status" provided that the
> Registrar provides a readily accessible and reasonable means for the
> Registered Name Holder to remove the lock status.
>
> In the example that Christine gave, Go Daddy locks a name after a
> Whois contact change for 60 days. If the customer tries to transfer
> during the 60 day period, then the transfer could be denied under #7
> as it was already in lock status. The issue comes down to whether
> the customer has a reasonable means to lift the lock.
>
> Is it reasonable for a registrar to require a registrant to appear
> in person at the registrar's offices in order to authorize the
> transfer (I understand that one registrar actually does this)? The
> first reaction likely would be no. Would it change your mind,
> however, if this were the policy for only two or three character
> domain names valued at over $1 million? Would it change your mind
> if the customer was so worried about hijackings that it agreed to
> this requirement in writing as a security measure? What if the
> customer was a prior victim of hijacking and saw its domain name
> travel to three or four registrars around the world before getting
> it back six months later? Would it change your mind if the customer
> requested and actually paid the registrar to be provided with this
> additional security measure?
>
> Is it reasonable to deny transfers for 60 days after a Whois Admin
> or Primary Contact change, which is typical in hijacking cases? Is
> it reasonable to lock names for 60 days after a Whois Admin or
> Primary Contact change and require additional verification of the
> contact information in order to transfer during that 60 day period?
>
> Issues of reasonableness under law are anything, but black and
> white. Therefore, the rhetoric that we recently have read and heard
> about "clear violations" is just that -- rhetoric.
>
> Who should decide what is reasonable in these difficult scenarios?
> Should it be ICANN staff, the GNSO PDP process already looking at
> these specific issues, or the market? If customers don't like Go
> Daddy's (or Network Solutions') security policy, then the
> competitive marketplace could provide a solution. Other registrars
> could market to customers who care less about security and
> hijackings and don't want to wait 60 days or provide additional
> verification after a Whois Admin or Primary Contact change. In a
> competitive marketplace, there is a great deal of room for market
> differentiation. This could and should be a differentiator. We
> would be hurting registrants if we didn't have the ability to
> provide additional security protections.
>
> Thanks.
>
> Jon
>
> -----Original Message-----
> From: owner-registrars@xxxxxxxxxxxxxx
[mailto:owner-registrars@xxxxxxxxxxxxxxx
> ] On Behalf Of John Berryhill
> Sent: Friday, February 22, 2008 9:39 AM
> To: G2L52; 'Christine Jones'
> Cc: 'elliot noss'; 'Bruce Tonkin'; 'Tim Ruiz'; 'Adam Dicker';
registrars@xxxxxxxxxxxxxx
> Subject: RE: [registrars] An Opportunity to Prove A Point - Hi-
> Jacked Name At GoDaddy
>
>
>
>> 1. Evidence of fraud
>
> One bit of evidence might be a contact change to the domain of an
> applicant
> in Colorado originating from an IP address in Iran. Of course, I
> was not
> suggesting that one data point constitute a totality of one's
> investigation.
> However, on top of the other data, having a reason to investigate
> further, a
> quick look at the quite neutral records of the Colorado Secretary of
> State,
> and at such domain data as that for marriage.org, along with the
> unlikelihood that a party with a definite view on the subject of
> marriage
> would suddenly sell a domain name after 12 years to someone
> advertising, for
> example, "extramarital dating sites", does paint a larger picture.
>
> I believe my point was obscured by some who had not attended the
> recent
> meeting. My intention was to point out a definite situation in
> which,
> regardless of one's interpretation of the policy, someone is
> breathing a
> deep sigh of relief over the fact that the domain name is not
> subject to a
> further registrar transfer for a while. My comments on this
> particular
> event appear to have been misinterpreted to some degree, since it was
> suggested emphatically to me that the anti-hijacking utility of the
> GoDaddy
> policy was some sort of fiction.
>
> We've heard from the anti-phishing group on the subject of "fast
> flux" DNS
> and its problems. Having to chase hi-jacked domains name hither and
> yon,
> suggests that there needs to be a balance between a distributed
> inconvenience for many, versus a catastrophic event for a few.
>
>
>
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|