ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] Opposed to VeriSign's proposed com/net Anti-Abuse Policy, due to lack of due process

  • To: GNSO GA Mailing List <ga@xxxxxxxxxxxxxx>
  • Subject: Re: [ga] Opposed to VeriSign's proposed com/net Anti-Abuse Policy, due to lack of due process
  • From: George Kirikos <gkirikos@xxxxxxxxx>
  • Date: Tue, 11 Oct 2011 05:42:19 -0700 (PDT)

Thanks for your feedback.

This is also a very poor tool, in that it can cause immense collateral damage. 
If there's some malware on a subdomain, for example on http://blog.example.com/ 
to make one up, (i.e. perhaps one has WordPress installed, and it gets hacked), 
instead of contacting the host to fix the issue on the single subdomain, 
VeriSign would shut the entire domain name off. This would affect 
www.example.com, and all other services (e.g. email).

For sites with many subdomains (e.g. LiveJournal, WordPress) or services, you 
can see where the collateral damage from this "blunt" tool can wreak havoc. A 
more targeted tool that escalates the response would be a far better approach.

Sincerely,

George Kirikos
http://www.leap.com/



----- Original Message -----
From: Joop Teernstra <terastra@xxxxxxxxxxxxxx>
To: George Kirikos <gkirikos@xxxxxxxxx>; GNSO GA Mailing List 
<ga@xxxxxxxxxxxxxx>
Cc: 
Sent: Tuesday, October 11, 2011 1:33 AM
Subject: Re: [ga] Opposed to VeriSign's proposed com/net Anti-Abuse Policy, due 
to lack of due process

Thank you, George for flagging the issue..
>From the application I lift these questions and Verisign's answer:

d. Were consultations with end users appropriate? Which groups were consulted? 
What were the nature and
content of these consultations?:
answer:
"As a registry operator, Verisign did not consult with the registrants of 
.com/.net/.name domain names."

Interesting answer.  "As a registry operator", Verisign has all the means to 
consult its registrants and poll them on  issues of due process.

I agree with George that consultations with registrants should take place, 
because they would be entirely appropriate.

ICANN needs to reject  applications that lack due process or it needs to make 
it possible for such consultations to take place in a credible way, prior to 
approval.

The issue of registrant representation in ICANN needs to be revisited. Elected 
representatives can phrase the questions that Registry operators need to submit 
for a wide online poll.

Joop


----- Original Message ----- From: "George Kirikos" <gkirikos@xxxxxxxxx>
To: "GNSO GA Mailing List" <ga@xxxxxxxxxxxxxx>
Sent: Tuesday, October 11, 2011 3:26 PM
Subject: [ga] Opposed to VeriSign's proposed com/net Anti-Abuse Policy, due to 
lack of due process


> 
> Hi folks,
> 
> VeriSign has submitted an application to ICANN for an Anti-Abuse policy for 
> com/net domain names:
> 
> http://www.icann.org/en/registries/rsep/#2011008
> 
> 
> We oppose that application, as it does not provide any due process to domain 
> name registrants. VeriSign would become the judge, jury and executioner, able 
> to suspend or delete domain names that are allegedly "abusive".
> 
> VeriSign even recognizes that legitimate domain names will be affected. To 
> attempt to mitigate these "false positives", VeriSign proposes that 
> legitimate registrants would only be able to protest *after* VeriSign has 
> already taken action. Such action would have already damaged the innocent 
> registrants and their users.
> 
> This is counter to the domain name registrants' rights to due process. 
> Instead, VeriSign should be compelled to prove the alleged abuse in an 
> appropriate legal forum (e.g. a court), where the registrants can face their 
> accuser, before being allowed to suspend or delete a domain name.
> 
> If ICANN is going to permit this policy to go forward without due process 
> changes, VeriSign should be required to carry liability insurance in the 
> amount of $100 million for each act of suspension/deletion. This would allow 
> registrants to recover financially in the event that VeriSign is found guilty 
> of suspending/deleting a domain name that was not in fact "abusive."
> 
> Sincerely,
> 
> George Kirikos
> http://www.leap.com/
> 
> 




<<< Chronological Index >>>    <<< Thread Index >>>