ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

[ga] New gTLD's and user/consumers privacy and security

  • To: "ga@xxxxxxxxxxxxxx" <ga@xxxxxxxxxxxxxx>, courriel@xxxxxxxxxxxxxx, aarptx@xxxxxxxx, erinegan@xxxxxx, sdelbianco@xxxxxxxxxxxxx, Alvaro_Bedoya@xxxxxxxxxxxxxxxxxxxxxxxx, craigs@xxxxxxxxxxxxxx, jacobs@xxxxxxxx, ccalabrese@xxxxxxxxxx, Cheri_McGuire@xxxxxxxxxxxx, Sophie.KWASNY@xxxxxxx, aaron@xxxxxxx, irusu@xxxxxxxxxxxx, bethg@xxxxxxxxxxxxxxxxx, pdixon@xxxxxxxxxxxxxxxxxxxxx, gwen <gwen@xxxxxxx>, "Heidi.Ullrich" <Heidi.Ullrich@xxxxxxxxx>, James Campbell <campbell@xxxxxxxxxxxxxxxxxxxxxx>, lmcknigh <lmcknigh@xxxxxxx>, robin@xxxxxxxxxxxxx, Wendy Seltzer <wendy@xxxxxxxxxxx>, vint@xxxxxxxxxx
  • Subject: [ga] New gTLD's and user/consumers privacy and security
  • From: Jeffrey Williams <jwkckid2@xxxxxxxxx>
  • Date: Fri, 18 May 2012 00:56:28 -0700

All,

  Providing for the trust of online customers is vital for the success of
any company that requires sensitive data to be transmitted over the
Web. Most users/consumers are concerned that their sensitive information
will be intercepted in-transit, or perhaps the destination web site, hosting
company, registrar/registry is operated/intercepted by imposters with
malicious intent which can and has been on occasion achieved without
the knowledge of hosting company/provider, registrar/registry.  So these
sorts of companies/providers have an obligation to provide for a strong
level of security and privacy for everyone.

  Verisign/Symantec has provided a reasonably good white paper in part
discussing this important subject area.  Given ICANN's intent to introduce
many more new gTLD's the need for ensuring for consumer/user security
up front is soon to become much more important.  Yet thus far ICANN seems
to be a little bit weak in it's earnestness and oversight thus far in ensuring
that such gTLD operators have done so as well as ICANN accredited Registries
and Registrars.

Verisign/Symantec's White paper can be located here:
http://resources.idgenterprise.com/original/AST-0019630_security_and_trust.pdf
It's a good read although a good part of it is marketing jargon.  No offense to
Verisign/Symantec.

  Currently more and more users/consumers have been compromised in various
ways and to various levels as a result of a lack of good Domain Name
registration
requirements with regard to security as weak encryption or none at all seems to
still largely be the norm.  It doesn't appear obvious that ICANN is
picking up the
gauntlet on the behalf of the consumer/user.  This needs to either change or
the outcry from same will become significant.  Lets all hope that
recent communication
from DOC/NTIA has adequately impressed upon ICANN this growing need as other
nation states have come on board with as well through implementing new
legislation
and regulation accordingly.

Respectful regards and god bless,

Jeffrey A. Williams
"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B; liability
depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 4/18/12
CISO, CISSP, MCS, MMA, BCS
Phone: 214-245-2647



<<< Chronological Index >>>    <<< Thread Index >>>