Re: [ISN] FC: More on domain reportedly stolen via fax to Verisign

From: InfoSec News (isnat_private)
Date: Thu Apr 25 2002 - 01:06:16 PDT

  • Next message: InfoSec News: "[ISN] Space tourist lifts off"

    Forwarded from: Gordon Smith <gordon_s_smithat_private>
    At the time that a domain owner requests a domain lock, the domain
    registrar should verify the claim of domain ownership.  Otherwise, the
    domain thief could profit from the very mechanism intended to protect
    the legitimate domain owner by locking stolen domains, thus impeding
    any subsequent ownership resolution process.
    In an ideal world, the registrar asked to lock a domain would verify
    the complete chain of ownership back to the original issuance of the
    domain.  Original documents and other reliable authorities would be
    inspected, rather than merely contacting each previous registrar in
    the chain in search of a "rubber stamp" of a transfer record that
    presumes the legality of a previous domain transfer; however, I
    anticipate that such a search may be onerous.
    It would be helpful if a protocol that combines a reliable level of
    assurance with a high level of automation could be created to verify
    the chain of ownership.
    Thank you for the opportunity to express my thoughts.
    Gordon Smith
    ----Original Message Follows----
    From: InfoSec News <isnat_private>
    Reply-To: InfoSec News <isnat_private>
    To: isnat_private
    Subject: [ISN] FC: More on domain reportedly stolen via fax to 
    Date: Tue, 16 Apr 2002 02:29:42 -0500 (CDT)
    ---------- Forwarded message ----------
    Date: Sat, 13 Apr 2002 09:24:51 -0700
    From: Declan McCullagh <declanat_private>
    To: politechat_private
    Subject: FC: More on domain reportedly stolen via fax to Verisign
    From: adminat_private (admin)
    To: <declanat_private>, <twinsetat_private>
    Subject: RE: Domain heist: reportedly stolen via fax to Verisign
    Date: Sat, 13 Apr 2002 00:43:11 -0400
    Message-ID: <005401c1e2a5$b76ab730$2b483244@CJ52269B>
    The attorney at VeriSign (Network Solutions) who handles these cases is
    Phil Sbarbaro at philsat_private  What the issue is that they get
    fax authorizations to update the admin contact all the time because
    people let their domain records become outdated.  Then there is the
    question of how much work does NSI do in order to verify the
    authenticity of the fax and/or use due dilligence to correct the matter.
    As for getting the domain back via legal means there are generally 2
    ways to do that.  One is the Dispute Policy (UDRP) where the owner would
    claim trademark rights or a court order. johnat_private is
    Many registrars are now allow users to use "registry locking" which is
    essentially the same as locking in your long distance carrier with your
    local phone company.
    Russ Smith
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Apr 25 2002 - 04:10:02 PDT