ICANN Set To Review Accreditation Policy

← Back to Stories (view on slashdot.org)

ICANN Set To Review Accreditation Policy

Posted by Zonk on Thursday March 22, 2007 @09:17AM from the at-least-something-will-come-of-this dept.

tinkertim writes "ICANN is re-evaluating the scope and purpose of its accreditations, apparently sparked by the recent collapse of garage domain name registrar Registerfly. In a press release dated March 21, 2007, President and CEO of ICANN, Dr Paul Twomey is quoted as saying : 'What has happened to registrants with RegisterFly.com has made it clear there must be comprehensive review of the registrar accreditation process and the content of the RAA.' Dr. Twomey is blaming (in part) 'weaknesses in the RAA' for severe and undue hardships that many registrants encountered when trying to transfer names away from the failing registrar, Registerfly. Many new points to be discussed include allowing registrants to view the performance of registrars in an 'independent comparative way', as well as new language to allow ICANN to forcibly intercede in the face of wide spread, persistent and consistent complaints. 10 good points for discussion are listed by Dr. Twomey in the release, who invites all ICANN stakeholders to participate in re-evaluating the RAA. Registerfly, the catalyst for this re-write does not officially lose their accredited status until March 31, 2007, and continues to display the ICANN seal on their web site."

23 of 31 comments (clear)

Min score:

Reason:

Sort:

70Gs by mastershake_phd · 2007-03-22 09:28 · Score: 1

You already need $70,000 just to become a registrar, is making the requirements any higher going to help?

--
Libertarian Leaning Political Discussion Forum.
Harumph. by Creepy+Crawler · 2007-03-22 09:43 · Score: 1

The more and more I hear about Registrars and ICANT, the more I hate them.

I wonder what it'd take to develop a new registry for domain names. Just something to get us away from the current set of registrars and their ilk. .edu and .gov can handle things rather well. Why not .com? That's right... That commerical aspect.
--
- Mod parent up! by Anonymous Coward (Score:1) Thurs, Nov 31, @13:37
1. Re:Harumph. by cswiger · 2007-03-22 10:34 · Score: 1
  
  The more and more I hear about Registrars and ICANT, the more I hate them.
  I hear that, although my reaction is more one of contempt: if you're going to claim responsibility the way ICANN has, then do the job you agreed to do.
  I wonder what it'd take to develop a new registry for domain names.
  Not too much, from the technical side: ISC's BIND is fully capable of operating as a root nameserver...the issue of being a registrar involves convincing people to use you, to accept the domains you provide NS records for as "legit", and to provide WHOIS services. Most people like to have some web-based tool to manage their domains.
  
  --
  "The human race's favorite method for being in control of the facts is to ignore them." -Celia Green
2. Re:Harumph. by stry_cat · 2007-03-23 00:51 · Score: 1
  
  I wonder what it'd take to develop a new registry for domain names. Just something to get us away from the current set of registrars and their ilk.
  
  Check out OpenNIC. They've got a whole scheme of new TLD's and a system to register names within their TLD's.
  
  They're not perfect. Instead of fighting when ICANN usurped their .biz TLD, the basically rolled over. However the fact that they're still around means there is support for a non-ICANN system. They just need to learn to stand up to ICANN and we'll have a real alternative.
Proxy registrations by Baricom · 2007-03-22 09:43 · Score: 4, Interesting

Personally, my biggest concern about the proposed agenda is discussions about proxy registrations. I hold proxy registrations on three domains, and I feel it's important to me -- important enough that I would seriously consider dropping my domains if they were done away with.

Proxy registrations are necessary because of what I consider a flaw with domain name registration as it exists today. You should NOT require personal domain owners to broadcast their street address, home phone number, and e-mail address to the world via WHOIS. It's an extreme privacy breach.

Instead, I would suggest that individuals (not businesses) be permitted to hide their registrations but remain the legal owners. This would be analogous to the way PO boxes are rented - businesses must consent to the release of their street address when renting, while individuals need not.
1. Re:Proxy registrations by mandelbr0t · 2007-03-22 10:01 · Score: 3, Insightful
  
  Except that hosting an Internet domain could be construed as having broadcast equipment. Personally, I can't see how you have any honest intentions in hiding the fact that you are domain owner. Where do abuse reports get sent when someone starts sending spam using your domain name? What about take-down notices when someone posts copyrighted material on a website with your domain name? An Internet domain isn't a passive entity: it can be the source of a broadcast as well as the end-point. If you want to have an anonymous webspace, then use one of the many options that are available to you. The Internet is already too anonymous without domain owners being willing to take responsibility for their own domain.
  
  --
  "Please describe the scientific nature of the 'whammy'" - Agent Scully
2. Re:Proxy registrations by packeteer · 2007-03-22 10:10 · Score: 3, Informative
  
  Could you perhaps just get a personal PO box? Wouldn't that shield you from giving away your home address while still letting you receive official mail about your domain?
  
  --
  unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep
3. Re:Proxy registrations by BlueCollarCamel · 2007-03-22 10:12 · Score: 1
  
  Where do abuse reports get sent when someone starts sending spam using your domain name? What about take-down notices when someone posts copyrighted material on a website with your domain name? Yeah!
  Where do police go to hunt down political dissidents?
  Where do people who disagree with your political beliefs go to threaten you and your family?
  Granted, there are alternatives such as free hosting and what not.
  
  --
  1&1 - Cheap domain and web hosting.
4. Re:Proxy registrations by cswiger · 2007-03-22 10:58 · Score: 1
  
  Personally, my biggest concern about the proposed agenda is discussions about proxy registrations. I hold proxy registrations on three domains, and I feel it's important to me -- important enough that I would seriously consider dropping my domains if they were done away with.
  You've got a point, but note that you can set up as many private domains for yourself and your company or clients as you like, without ever publicizing anything to anyone else. However, if you want your domains to be part of the world-wide consensus view of the DNS namespace, these domains have to be publicly available in order to function. If a domain is publically available, then there has to be some way to contact the domain's owner in order to deal with spam and other forms of network abuse.
  
  --
  "The human race's favorite method for being in control of the facts is to ignore them." -Celia Green
5. Re:Proxy registrations by wytcld · 2007-03-22 11:13 · Score: 1
  
  Where do abuse reports get sent when someone starts sending spam using your domain name?
  
  Even the most obscure domain names get used for forged from addresses on spam. And, guess what, there's nothing the domain owner can do about that (well, SPF records may help a little - but I can tell you not much). So those abuse reports do nobody, nowhere, any good at all.
  
  As for takedown notices, it's easy to see, if I can't see who the domain owner is, who the service provider is. So if you haven't been good enough to give me your own contact info, and I can show obvious copyright violation, I can most likely get your whole site pulled down. That should be motivation enough for those allowing possibly copyrighted stuff on their domains to give valid contact info - as I do. Why make a hard rule about it?
  
  --
  "with their freedom lost all virtue lose" - Milton
6. Re:Proxy registrations by Dan541 · 2007-03-22 11:53 · Score: 1
  
  I use a POBox for all my domain registrations and a skypein phone number. The advantage of this is that if my email goes down (its hosted at one of my domains) I can still verify myself as the owner by phone call or snailmail.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
7. Re:Proxy registrations by tinkertim · 2007-03-22 13:33 · Score: 1
  
  Except that hosting an Internet domain could be construed as having broadcast equipment.
  
  You are correct, and much like any other broadcast equipment, yours should not interfere with the functionality of anyone elses.
  Where do abuse reports get sent when someone starts sending spam using your domain name?
  
  People usually just circumvent the middle man and send these types of things directly to the abuse desk of whoever owns your web site's IP address (typically the data center that hosts your host). From there your host gets contacted (or you directly if you maintain your own servers) and you are alerted of the issue.
  
  It is painfully obvious that e-mail sent by someone else pretending to be from your domain is in fact forged, just looking at the headers.
  
  There is no practical reason whatsoever to make PII (Personally Identifiable Information) available as public registrant records.
  An Internet domain isn't a passive entity: it can be the source of a broadcast as well as the end-point. If you want to have an anonymous webspace, then use one of the many options that are available to you. The Internet is already too anonymous without domain owners being willing to take responsibility for their own domain.
  
  This isn't really about proxy domains, its a symptom of a bigger problem. This is about a bunch of crooks in Jersey who took money from people for domain registration and bought themselves liposuction instead (yes, I'm serious).
  
  Domain registration businesses are just as attractive to crooks as parking lots are to the Mafia, because of the swiss cheese accreditation agreement. I'm really happy its being re-done and still allowing the industry to self regulate.
  
  Getting governments world wide to agree on how to work together to fully regulate domain names is like asking a fire hydrant to run the 50 yard dash. Not going to happen unless physics as we know it is ripped from the fabric of the universe, so the industry *has* to remain self regulating in order for it to work.
  
  This isn't a problem that can be dismantled and solved in pieces then put back together later and expected to work.
8. Re:Proxy registrations by Tim+C · 2007-03-23 00:48 · Score: 1
  
  Where do abuse reports get sent when someone starts sending spam using your domain name?
  
  What precisely do you expect me to do about that? My domain name is in use in forged From: headers in spam, and has been for a year or two now. There is nothing that I can do about it. Believe me, I'd love to shut the low life scum down, I'm sick to death of the 2000+ spams, errors, bounces and abusive replies I get every single day because of it. Send me all the abuse complaints you want, but the emails aren't from me or any machine under my control.
  
  What about take-down notices when someone posts copyrighted material on a website with your domain name?
  
  To the contact details that the registrar can supply on receipt of a formal request (or if they get difficult, a subpoena). This does not require that those details are available via a whois request.
  
  The Internet is already too anonymous without domain owners being willing to take responsibility for their own domain.
  
  I absolutely take responsibility for my domain, and it absolutely does not require that my home address and telephone number be available to anyone who cares to run a whois query on it. Now to be honest I'm personally not that fussed, as I don't have a web presence on it, I just use it for email. However I really don't see that you make a persuasive case for disallowing proxy registrations.
  
  --
  It's official. Most of you are morons.
9. Re:Proxy registrations by stonecypher · 2007-03-23 07:11 · Score: 1
  
  Personally, I can't see how you have any honest intentions in hiding the fact that you are domain owner.
  
  Almost half of all domains are registered privately. All but one of mine are; I don't want people to be able to look up my home address or phone number just because they know one of my domains.
  
  Where do abuse reports get sent when someone starts sending spam using your domain name?
  
  Uh, abuse@domain, just like before.
  
  What about take-down notices when someone posts copyrighted material on a website with your domain name?
  
  abuse@ is one fine place. I'd *never* anon-register a site where other people could post content. That said, most of the web is still non-interactive, and there's no point at which anyone would ever send me a content copy cease and desist, since I don't post other people's content on my web page.
  
  There are a lot of good reasons for private registration, and private registration has worked well for more than a decade. Pretending otherwise is turning a blind eye to the internet as it is today.
  
  --
  StoneCypher is Full of BS
Important issues to consider by davidwr · 2007-03-22 10:03 · Score: 2, Insightful
- Will there be "provisional accreditation" for registrars who are either very new or who have failed to meet all the requirements for full accreditation but are improving? Will these registrars be required to identify themselves as less-than-fully-accredited?
- Will every registrar have an "involuntary end-of-life" plan, and is funding backed by a bond or insurance policy?
- Will every registrar have a disaster-recovery plan if its data center or a substantial number of employees become unavailable, say, due to war?
- Will "proxied" registrations be escrowed and will the escrow agent have similar end-of-life and disaster-recovery plans?
- Will there be provisions to put an expiring domain on "indefinite hold," unavailable to squatters, if it is expiring due to registrar negligence?
- Will there be provisions to alert search engines when a domain really expires, so they can either purge their data or segregate it from data put in by the new domain owner?
- Will there be provisions to make all expiring domains "dark" for a minimum length of time, say, 7 or 30 days after expiration, to prevent the illusion of continuity when none exists? I think there is something like that now.
--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Strong need for confidentiality by davidwr · 2007-03-22 10:10 · Score: 2, Interesting
While you should be required to publish an email address and an address where you can receive legal documents, you shouldn't have to publish your own. The whole "proxy" system needs to be formalized and standardized, so if someone needs to reach you for technical or legal reasons or they need your real address so they can subpoena you, they can get it.

There are many reasons for privacy. Some of the more obvious ones are:
- your site hosts content that upsets people, and you want to avoid physical confrontations with net.kooks.
- You are in hiding, for example, from an ex-spouse
- You want to talk about your family life and don't want people tracking down your kids
- Just because
And of course
- You are a woman and don't want /. nerds dropping by asking for a date *cue rim-shot*
--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Privacy by HomelessInLaJolla · 2007-03-22 10:28 · Score: 1

The primary opposing argument to privacy is when people begin registering domain names as "George Ballcup" and then using those domains to host trojans.

If people think they're secure enough to be able to maintain a domain name then they should provide some reliable contact information.
Some of the more obvious ones are While I agree, in principle, I still feel that people with such problems obviously have much larger concerns than registering a domain name. It's a matter of priorities.

--
the NPG electrode was replaced with carbon blac
confidentiality vs anonymity by davidwr · 2007-03-22 10:38 · Score: 1

I'm not advocating total anonymity, only confidentiality.

Confidentiality can be broken with good cause, such as when legal action is required.

I'm also not advocating hiding behind a pseudonym to avoid answering technical queries. Anyone registering a domain name should register a valid administrative and technical contact email. In many cases, this will be a forwarding address provided by a registration-proxy service.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
1. Re:confidentiality vs anonymity by HomelessInLaJolla · 2007-03-22 10:43 · Score: 1
  
  such as when legal action is required Legal action is required but no attorney has responded to my inquiry.
  
  I still think that the internet medium is anonymous enough for legitimate use. The valid information for registration rules should be preserved.
  
  --
  the NPG electrode was replaced with carbon blac
The UK already do this by a16 · 2007-03-22 10:54 · Score: 2, Interesting

The UK already have a similar system, registrants who declare themselves to be "individuals" can opt-out of the whois database, and just have their name shown on lookups. .eu domains have something similar, except you still need a valid technical contact I believe.
"need for confidentiality" irrelevant by lamber45 · 2007-03-22 14:35 · Score: 2, Informative

You actually can register a domain with a PO box and an e-mail address at the same domain. If you have a good relationship with your hosting-company, you can list their phone number as the tech-contact phone. What really annoyed me when I used to try finding the sources of fraudulent spam on a regular basis was the domains that had been registered with an unrelated third party's address--- possibly just randomly pulled off the 'net. You don't even need a valid postal address to register a domain; you can flip open to a random page of the White Pages and borrow someone's identity, and some registrars will let you keep the domain for at least a month or two even in the face of repeated complaints.
prohibiting registrar to... by wikes82 · 2007-03-22 17:17 · Score: 2

suspend domain name because myspace ask them to do so.... http://seclists.org/nmap-hackers/2007/0000.html
accredited registrars in unstable countries by davidwr · 2007-03-23 02:52 · Score: 1

Actually, I was thinking of accredited registrars that set up shop in countries at risk of war or revolution.

Speaking of LA, remember the LA riots in the '80s or '90s? If my registrar's data center got burned down due to a street protest, I'd hope he had a contingency plan.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.