ietf
[Top] [All Lists]

Re: A DNS security issue that might actually have impact eventually

2014-01-16 14:16:57
From: Phillip Hallam-Baker <hallam(_at_)gmail(_dot_)com>

What is worrying here is not just the lack of oversight in these particular
cases. If these practices become a regular occurrence they are going to be
interpreted as an attack and countermeasures will begin to emerge.

What appears is that certain organizations have been asserting rights
that they don't have.  Which is really a rather common practice in the
real world.  The central problem, IMO, is that the registrar, Public
Domain Registry, fell for these assertions.

In a sense, the registrar had sufficient oversight applied to it, as
EasyDNS took them to arbitration and won.  But it shouldn't take that
much effort to get a registrar to follow the rules.

It seems that the oversight that is needed is to ensure that
registrars are sufficiently punished for not following the rules that
they do follow the rules.

The analogy is with other organizations that hold valuable property
belonging to others.  For instance, a bank holds money that belongs to
other people.  People would not be particularly surprised if a random
person walked into a bank and attempted to obtain the money that
belonged to another person.  But they would be aghast if the bank did
give it to them.

Dale

<Prev in Thread] Current Thread [Next in Thread>