[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [icann-eu] Where are the ALM-Directors?

Answers to Marc and Jeff

> A DoS attack is not done by a domain name, but by a host, most easily
> identified by an IP number. With my (limited) knowledge of how these
> things work, I would say that the domain is irrelevant in tracking and
> fighting crackers. What I understand is that even IP numbers are
> 'fake' in these attacks. Do you seriously believe the host/domainname
> involved is real, let alone trackable to the people who are
> responsible?

To shorten the msg I've probably used the wrong term. A DoS in the domain 
name field is when one registers a name of an upcoming event (often an 
event of social or public interest...we say for example 'sidney2000.com' ) for 
the specific purpose of blackmailing who would like to give it (to the real life  
event) an internet visibility. In general, availability and correctness of contact 
details is more appropriately needed to fight cybersquatting rather than 
hacking or cracking..
> As for infringing: how can this be done, unless the domain is actually
> used, which would mean there is a server for whom someone is
> trackable etc.?
The same reasons apply, infringing is to be intended as praticing 
cybersquatting which is indeed a way to infringe other people rights.
The play field here is the 'domain name crimes' not bringing other people 
servers down or grabbing passwords or similar activities.

> > On the other hand the 
> > same kind of information may be used to track down and phisically reach 
> > and endanger or at least disturb someone who is expressing a different point 
> > of view about an argument or topic.
> Also people may want to anonymously express opinions. 
Sure, I was talking about what actions has to be avoided from those who 
dislike anonymous opinions. 

> > I personally think that:
> > 1- Registry MUST have all data and have an immediate drop policy if
> > such data is proven unsuitable for the scope to reach/identify the registrant.
> Why? The registrars really only want my credit card number and name.
> That is enough to do the deal.
It is important in order to deal effectively with cybersquatting to shorten the 
time needed to setup a dispute. . what you say it is indded what actually 
gTLD are doing...because they do look at the money first (to some extent 
they don't care from where this money is coming in) In several ccTLDs thare 
is a more strict policy about contact details because they mean the domain 
name service as a public interest service rather than a (easy) way to make 

> Whois info is completely useless to fight crime. I do find it useful
We cannot fight 'crime' in general but we have a better tool against 
With consistent whois info it takes less time for a registrant (or potential 
registrant) to identify the source of the problem and take any appropriate 
action.(may be a MAP or a court litigation ) 

> for all sorts of other purposes, not in the least to satisfy my
> curiosity at times. I see no reason, however, why people cannot chose
> they do not like me being nosy about their name, address, and phone
> number. 

It is a subjective matter how much one likes other people know about its own 
phone number,address and so on. (this is why I was telling about that 
allowing for a static detail exposure is just a matter of registrant will..)
It is more or less like having unpublished phone numbers... just privacy 
As with unpublished numbers someone ( the telephone company in this 
case)  knows, given the number, who is the people which holds it. 
This will be disclosed on specific purpose like police investigations, court 
orders and so on...on the domain name side a MAP may be a reasonable 
reason. (still the word joke...sorry)

To Jeff:

I followed early discussion on the topic... but even if publishing a contact 
details like phone numbers or address may be reasonable for a company, it 
is - to some extent - questionable if we talk about individuals... and many 
domain names are being registered by individuals.
A publicily exposed name and an email should suffice.
Unless there are specific reasons to ask for more (for a MAP for example 
and in general for whatever allowed by registry/TLD rules in a  well 
established and written down 'privacy policy') this will work like an 'answering 
machine' filtering which is a quite common method - in real life - to maintain 
a little bit of privacy from 'unavoidable' public exposure.

Best regards.
Giorgio Griffini