[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [icann-eu] Where are the ALM-Directors?
Answers to Marc and Jeff
> A DoS attack is not done by a domain name, but by a host, most easily
> identified by an IP number. With my (limited) knowledge of how these
> things work, I would say that the domain is irrelevant in tracking and
> fighting crackers. What I understand is that even IP numbers are
> 'fake' in these attacks. Do you seriously believe the host/domainname
> involved is real, let alone trackable to the people who are
> responsible?
To shorten the msg I've probably used the wrong term. A DoS in the domain
name field is when one registers a name of an upcoming event (often an
event of social or public interest...we say for example 'sidney2000.com' ) for
the specific purpose of blackmailing who would like to give it (to the real life
event) an internet visibility. In general, availability and correctness of contact
details is more appropriately needed to fight cybersquatting rather than
hacking or cracking..
>
> As for infringing: how can this be done, unless the domain is actually
> used, which would mean there is a server for whom someone is
> trackable etc.?
>
The same reasons apply, infringing is to be intended as praticing
cybersquatting which is indeed a way to infringe other people rights.
The play field here is the 'domain name crimes' not bringing other people
servers down or grabbing passwords or similar activities.
> > On the other hand the
> > same kind of information may be used to track down and phisically reach
> > and endanger or at least disturb someone who is expressing a different point
> > of view about an argument or topic.
>
> Also people may want to anonymously express opinions.
>
Sure, I was talking about what actions has to be avoided from those who
dislike anonymous opinions.
> > I personally think that:
> > 1- Registry MUST have all data and have an immediate drop policy if
> > such data is proven unsuitable for the scope to reach/identify the registrant.
>
> Why? The registrars really only want my credit card number and name.
> That is enough to do the deal.
>
It is important in order to deal effectively with cybersquatting to shorten the
time needed to setup a dispute. . what you say it is indded what actually
gTLD are doing...because they do look at the money first (to some extent
they don't care from where this money is coming in) In several ccTLDs thare
is a more strict policy about contact details because they mean the domain
name service as a public interest service rather than a (easy) way to make
money.
> Whois info is completely useless to fight crime. I do find it useful
We cannot fight 'crime' in general but we have a better tool against
cybersquatting.
With consistent whois info it takes less time for a registrant (or potential
registrant) to identify the source of the problem and take any appropriate
action.(may be a MAP or a court litigation )
> for all sorts of other purposes, not in the least to satisfy my
> curiosity at times. I see no reason, however, why people cannot chose
> they do not like me being nosy about their name, address, and phone
> number.
It is a subjective matter how much one likes other people know about its own
phone number,address and so on. (this is why I was telling about that
allowing for a static detail exposure is just a matter of registrant will..)
It is more or less like having unpublished phone numbers... just privacy
issues....
As with unpublished numbers someone ( the telephone company in this
case) knows, given the number, who is the people which holds it.
This will be disclosed on specific purpose like police investigations, court
orders and so on...on the domain name side a MAP may be a reasonable
reason. (still the word joke...sorry)
To Jeff:
I followed early discussion on the topic... but even if publishing a contact
details like phone numbers or address may be reasonable for a company, it
is - to some extent - questionable if we talk about individuals... and many
domain names are being registered by individuals.
A publicily exposed name and an email should suffice.
Unless there are specific reasons to ask for more (for a MAP for example
and in general for whatever allowed by registry/TLD rules in a well
established and written down 'privacy policy') this will work like an 'answering
machine' filtering which is a quite common method - in real life - to maintain
a little bit of privacy from 'unavoidable' public exposure.
Best regards.
Giorgio Griffini