Forwarded from: Gordon Smith <gordon_s_smithat_private> At the time that a domain owner requests a domain lock, the domain registrar should verify the claim of domain ownership. Otherwise, the domain thief could profit from the very mechanism intended to protect the legitimate domain owner by locking stolen domains, thus impeding any subsequent ownership resolution process. In an ideal world, the registrar asked to lock a domain would verify the complete chain of ownership back to the original issuance of the domain. Original documents and other reliable authorities would be inspected, rather than merely contacting each previous registrar in the chain in search of a "rubber stamp" of a transfer record that presumes the legality of a previous domain transfer; however, I anticipate that such a search may be onerous. It would be helpful if a protocol that combines a reliable level of assurance with a high level of automation could be created to verify the chain of ownership. Thank you for the opportunity to express my thoughts. Gordon Smith gordon_s_smithat_private ----Original Message Follows---- From: InfoSec News <isnat_private> Reply-To: InfoSec News <isnat_private> To: isnat_private Subject: [ISN] FC: More on hoopla.com domain reportedly stolen via fax to Verisign Date: Tue, 16 Apr 2002 02:29:42 -0500 (CDT) ---------- Forwarded message ---------- Date: Sat, 13 Apr 2002 09:24:51 -0700 From: Declan McCullagh <declanat_private> To: politechat_private Subject: FC: More on hoopla.com domain reportedly stolen via fax to Verisign --- From: adminat_private (admin) To: <declanat_private>, <twinsetat_private> Subject: RE: Domain heist: Hoopla.com reportedly stolen via fax to Verisign Date: Sat, 13 Apr 2002 00:43:11 -0400 Message-ID: <005401c1e2a5$b76ab730$2b483244@CJ52269B> The attorney at VeriSign (Network Solutions) who handles these cases is Phil Sbarbaro at philsat_private What the issue is that they get fax authorizations to update the admin contact all the time because people let their domain records become outdated. Then there is the question of how much work does NSI do in order to verify the authenticity of the fax and/or use due dilligence to correct the matter. As for getting the domain back via legal means there are generally 2 ways to do that. One is the Dispute Policy (UDRP) where the owner would claim trademark rights or a court order. johnat_private is Many registrars are now allow users to use "registry locking" which is essentially the same as locking in your long distance carrier with your local phone company. Russ Smith http://TheNIC.com - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Apr 25 2002 - 04:10:02 PDT