[Full-Disclosure] Teen hacker controls ebay
Karsten W. Rohrbach
karsten at rohrbach.de
Fri Sep 10 12:18:30 BST 2004
Florian Weimer(fw at deneb.enyo.de)@2004.09.10 03:14:10 +0000:
> * Rainer Duffner:
> >> Personally, I can't comprehend how the default for something like that
> >> would be "Yes",
> > Because, if the ISP is bankrupt, the "YES" will never come.
> And that's a problem because of ...?
Operations. Some of us call it daily business.
> DENIC (the registry) claims to have a direct contractual relationship
> with all domain holders (not "owners", registering a domain doesn't
> grant you ownership, at least most of the time).
Which means what, if you chose a "cheap domain" wholesale provider who
"accidentally" sets himself as admin-c?
Which means what, if you happen to _move_ a domain from one provider to
another, implying consent between the two ISPs involved?
> In theory, you would resolve such a problem with DENIC. In practice,
> DENIC doesn't have the infrastructure to deal with bankruptcy even of
> a small DENIC member/registrar.
DENIC could not care less, if your current ISP's gone bankrupt or what
not. It is not their business. You mail in a KK (request for "connectivity
coordination") and they process it. Finito. If your ISP does not answer
the request, the KK will be ACKed, which is a good thing.
Also, provider "lock-in" is not possible this way. No provider can block
your domain for transfer without a "NACK", which would have dire
consequences when it hits the courts.
> > IMHO (and several others more involved in the domain-trading biz)
> The problem is that domains are used for more things than just for
> domain trading. The current focus on easy domain transfers might have
> made sense a few years ago, but now there are some major stakeholders
> which will simply put DENIC out of the loop if the DENIC processes
> can't guarantee stable delegations, for whatever reason.
DENIC is probably just the messenger in this game. Don't shoot'em.
If a 3rd party registry acts on behalf of their customers with DENIC,
they need to play by the rules. If they don't, the customer has a
FWIW, I get unauthorized KK requests every now and then, which are
passed to me by my ISP. I NACK them, end of story. My ISP plays by the
DENIC rules and passes me the requests in-time, so it's no biggie.
> Love is a snowmobile racing across the tundra and then suddenly it flips
> over, pinning you underneath. At night, the ice weasels come.
> --Matt Groening
webmonster.de -- InterNetWorkTogether -- built on the open source platform
http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/
GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6
Please do not remove my address from To: and Cc: fields in mailing lists. 10x
Full-Disclosure is hosted and sponsored by Secunia.