RE: [dow1tf] Preliminary Report v. 5

[Paul Stahura <stahura@xxxxxxxx>]

Phising scams are scams where people spoof, say a bank, and send you an
email asking for you to log into your account at the bank to update some of
your records.  Little do you know that the domain that the email directs you
to is not under the control of the bank, but is actually under the control
of the scammer, who is "fishing" (get it?) for scam-ees who are stupid
enough to enter their bank password's without checking the domain, let alone
making sure they have a lock icon in their browser.

I do not believe being able to access whois data on domain names will
prevent denial of service attacks.  I believe what they mean is whois data
on IP addresses, which is not in our area.  IMO, having super-accurate, and
reliable domain name whois (with access to all) will not prevent (or even
help much) DoS attacks. 

-----Original Message-----
From: owner-dow1tf@xxxxxxxxxxxxxx [mailto:owner-dow1tf@xxxxxxxxxxxxxx] On
Behalf Of Neuman, Jeff
Sent: Monday, May 24, 2004 3:30 PM
To: Neuman, Jeff; 'dow1tf@xxxxxxxxxxxxxx'
Subject: RE: [dow1tf] Preliminary Report v. 5

All,

I have just looked through the section added by Jeremy on Needs and
Justifications of Whois information and propose changing that section to
state:

"In statements collected by the Task Force from the previous Whois task
forces as well as ICANN workshops and our recent survey, some groups have
indicated that unfettered access to accurate, up-to-date, and reliable Whois
data has become an important tool for a variety of Internet users.
Consumers as well as consumer protection authorities frequently use Whois to
discover with whom they are dealing online.  The United States Federal Trade
Commission, for example, often uses Whois to investigate online fraud,
identity theft, and "phising" scams, particularly in the cross-border
context.  Law enforcement officials likewise access Whois information to
combat online crimes.  Intellectual property owners, both copyright and
trademark owners, use Whois as a tool to fight online piracy and
cybersquatting.  In addition, trademark owners and other business users use
Whois as a way of managing trademark portfolios, conducting due diligence
for the purpose of corporate acquisitions, and identifying company assets in
bankruptcies or insolvencies.  

Previous materials also indicate that individuals responsible for network
security  access to Whois data to prevent denial of service attacks and
identify other threats to networks stability.  ICANN's Security and
Stability Advisory Committee recently noted the importance of Whois data and
recommended that "[t]he accuracy of Whois data used to provide contact
information for the party responsible for an Internet resource must be
improved, both at the time of its initial registration and at regular
intervals." 

This would I believe eliminate some of the subjective language.  Also, what
are "phising scams."  I did not know if that was a typo or a real term.

Please let me know your thoughts.

Jeff 

-----Original Message-----
From: Neuman, Jeff [mailto:Jeff.Neuman@xxxxxxxxxx]
Sent: Sunday, May 23, 2004 7:18 PM
To: 'dow1tf@xxxxxxxxxxxxxx'
Subject: [dow1tf] Preliminary Report v. 5


All,

Enclosed is the latest version of the Preliminary Report as well as a
separate Redline Document.  We are getting close.  

Please be prepared to discuss on Tuesday and please also send comments to
the draft via e-mail.  I think we should also plan on having a call this
Thursday to finalize all of the details.

Thanks.

Jeff

 <<Whois TF 1 - Preliminary Report v 0.5.doc>>  <<Redline.doc>> 

Jeffrey J. Neuman, Esq. 
Director, Law & Policy 
NeuStar, Inc. 
Loudoun Tech Center 
46000 Center Oak Plaza 
Building X 
Sterling, VA 20166 
p: (571) 434-5772 
f: (571) 434-5735 
e-mail: Jeff.Neuman@xxxxxxxxxx