<<<
Chronological Index
>>> <<<
Thread Index
>>>
RE: [ga] RE: WLS Input
I'm sorry Jeff, I honestly don't see the conflict in these two very
consistent statements.
I also don't see why any of this is relevant to the WLS Proposal - which,
again, has absolutely nothing to do with security products. If you want to
start a new thread on security products, feel free.
-RW
> -----Original Message-----
> From: Jeff Williams [mailto:jwkckid1@ix.netcom.com]
> Sent: Wednesday, January 16, 2002 10:00 PM
> To: Ron Wiener
> Cc: 'k@widgital.com'; Cameron Powell; ga@dnso.org
> Subject: Re: [ga] RE: WLS Input
>
>
> Ron and all assembly members,
>
> Interesting here Ron. Your comments earlier see:
> http://www.dnso.org/clubpublic/ga/Arc09/msg00583.html
> In which I quote in part seem to be in direct conflict to
> what you are saying below to wit you stated:
> "Of course I'm in agreement that there is a significant security gap.
> That's
> why we introduced SnapBack 13 months ago as a safety
> countermeasure for those who are concerned about such
> security risks." And also in your post:
> http://www.dnso.org/clubpublic/ga/Arc09/msg00574.html
> You seem to be contradicting your comments below also in
> which you stated to wit: "When we conduct CLE classes
> (continuing legal education courses, for credits) we always
> educate attorneys that the best strategy is to register for
> long periods of time. Besides being far more economical,
> it's far more sensible. Some companies, however, have so
> much at stake in a single domain name that they want the
> extra insurance of a SnapBack. One reason is that it
> provides "early warning" of tampering with the domain
> record, e.g. when a webmaster changes the admin contact to
> his yahoo account before leaving the company."
>
> Ron Wiener wrote:
>
> > Jeff,
> >
> > To my knowledge neither SnapNames nor VeriSign has *ever*
> touted WLS
> > as a security product. To the contrary. Some of the proposal's
> > opponents, in seeking to blemish the WLS concept, continue
> to espouse
> > the notion - rather ridiculously - that the existence of WLS would
> > compel current registrants to take subscriptions out on their own
> > names. This preposterous allegation has been spread, like
> folk lore,
> > to the far corners of these boards, and now apparently
> being deemed as
> > fact by innocent bystanders. If you scan every document or
> e-mail put
> > out by VGRS or SnapNames on the WLS you will not find, I
> assure you,
> > any hint of the idea that WLS should be viewed as a
> security product.
> >
> > To be clear: SnapBack and WLS are two entirely different
> product. WLS
> > is a subset of the SnapBack functionality and includes NO security
> > monitoring.
> >
> > Thanks for the courtesy allowing me to clear the air on this.
> >
> > Cheers,
> > Ron
> >
> >
> > > -----Original Message-----
> > > From: Jeff Williams [mailto:jwkckid1@ix.netcom.com]
> > > Sent: Wednesday, January 16, 2002 8:15 PM
> > > To: Ron Wiener
> > > Cc: 'k@widgital.com'; Cameron Powell; ga@dnso.org
> > > Subject: Re: [ga] RE: WLS Input
> > >
> > >
> > > Ron and all assembly members,
> > >
> > > Ron Wiener wrote:
> > >
> > > > Jeff,
> > > >
> > > > Of course I'm in agreement that there is a significant
> > > security gap.
> > > > That's why we introduced SnapBack 13 months ago as a safety
> > > > countermeasure for those who are concerned about such
> > > security risks.
> > > > While it's not my area of expertise (we have other people
> > > here who are
> > > > much more knowledgable than I on the RRP/EPP/SRS et al)
> I'm pretty
> > > > sure this issue is entirely outside of the scope of the WLS.
> > >
> > > Security is one of my areas of expertise. WLS however is being
> > > touted as is your product, Snapback as in part, an attempt to
> > > address the security related existing problems, as you
> stated above
> > > in your comments, to RRP/SRS. Hence I am a bit confused
> as to the
> > > context and tone of this response in general, and in specific to
> > > those known security problems/concerns. Hence my statements to
> > > address the central problem instead of address that
> central problem
> > > (Security) as it is directly also related to the Delete issue
> > > through a more concerted effort to develop a solution that
> > > encompasses these directly corresponding or related issues...
> > >
> > > >
> > > >
> > > > Thanks,
> > > > Ron
> > > >
> > > > > -----Original Message-----
> > > > > From: Jeff Williams [mailto:jwkckid1@ix.netcom.com]
> > > > > Sent: Wednesday, January 16, 2002 6:45 PM
> > > > > To: Ron Wiener
> > > > > Cc: 'k@widgital.com'; Cameron Powell; ga@dnso.org
> > > > > Subject: Re: [ga] RE: WLS Input
> > > > >
> > > > >
> > > > > Ron and all assembly members,
> > > > >
> > > > > Ron, I think that one of the things or central area
> of concern
> > > > > here that you are missing is that the problem is really
> > > deeper than
> > > > > you seem to be articulating. The RRP, SRS and Whois DB's are
> > > > > not secure or secure enough to thwart simple circumvention in
> > > the case
> > > > > of the RRP. Hence, the delete problem has legs for
> > > hackers (And not
> > > > > ever really slick ones) to circumvent or otherwise
> compound the
> > > > > delete issue, not to mention make record changes as to
> > > ownership of
> > > > > Domain names in the RRP DB. Same is true for SRS, but to a
> > > > > lesser degree, and Whois as well. GIve me a monkey
> and enough
> > > > > bananas and I can do just about anything I want with
> RRP data if
> > > > > a very short period of time. Hence a more complete
> solution for
> > > > > the delete problem is needed.
> > > > >
> > > > > Ron Wiener wrote:
> > > > >
> > > > > > K, good question.
> > > > > >
> > > > > > There appears to be some confusion between SnapBack -
> > > which is a
> > > > > > monitoring AND waiting list service, and the proposed WLS -
> > > > > which has
> > > > > > no monitoring component. We have many IP clients including
> > > > > most major
> > > > > > IP law firms, government agencies and many major
> > > corporations who
> > > > > > employ SnapBack primarily for its monitoring capability
> > > and only
> > > > > > secondarily as a double safety net in case their name
> > > accidentally
> > > > > > deletes due to clerical error or registry/registrar
> > > error. When
> > > > > > we conduct CLE classes (continuing legal education courses,
> > > > > for credits)
> > > > > > we always educate attorneys that the best strategy is to
> > > > > register for
> > > > > > long periods of time. Besides being far more
> > > economical, it's far
> > > > > > more sensible. Some companies, however, have so much
> > > at stake in
> > > > > > a single domain name that they want the extra insurance of a
> > > > > SnapBack.
> > > > > > One reason is that it provides "early warning" of tampering
> > > > > with the
> > > > > > domain record, e.g. when a webmaster changes the admin
> > > > > contact to his
> > > > > > yahoo account before leaving the company. Another reason
> > > > > is that very
> > > > > > often the billing and admin contacts will have left the
> > > > > company in 5
> > > > > > or 10 years when the registration renewal comes up again,
> > > > > and they do
> > > > > > not want to take the risk. The protection against an
> > > > > illegal transfer
> > > > > > (cyber-jacking) or employee sabotage is far more important
> > > > > > than accidental cancellation protection, when common sense
> > > is practiced
> > > > > > (i.e. important names are registered for 5 to 10 years).
> > > > > >
> > > > > > Frankly, K, protective use of SnapBack represents low
> > > > > single digits of
> > > > > > the sales of the product. We have some resellers, e.g.
> > > > > > NameEngine, that provide domain name management
> > > services to very
> > > > > > large corporations, and they have some protection
> products in
> > > > > > which they bundle SnapBack. There have been some very
> > > > > > high-profile names that we've recovered for
> corporate clients
> > > > > > using SnapBack, like entertainmenttonight.com and
> > > > > > americanexpress.net, as a couple of examples that come to
> > > > > > mind.
> > > > > >
> > > > > > As for what we will do in the future to help trademark
> > > holders: We
> > > > > > will continue to offer some form of free monitoring service
> > > > > as we do
> > > > > > today with our SnapShot product, but we plan on introducing
> > > > > a low-cost
> > > > > > security monitoring product separate from SnapBack which
> > > > > will provide
> > > > > > the same security features, plus some new enhancements over
> > > > > > the current SnapBack product, but without the waiting list
> > > > > function. This
> > > > > > will be a product that all registrars will be able to offer
> > > > > to their
> > > > > > customers. It should be ready by Q2.
> > > > > >
> > > > > > Hope that's helpful. If you have any further questions
> > > > > about how we
> > > > > > can assist trademark holders please feel free to contact
> > > > > our Customer
> > > > > > Support department, and ask for one of the legal
> > > > > professionals on the
> > > > > > staff.
> > > > > >
> > > > > > Cheers,
> > > > > > Ron
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: k@widgital.com [mailto:k@widgital.com]
> > > > > > > Sent: Wednesday, January 16, 2002 7:29 AM
> > > > > > > To: Ron Wiener
> > > > > > > Cc: cameronp@snapnames.com; ga@dnso.org
> > > > > > > Subject: RE: WLS Input
> > > > > > >
> > > > > > >
> > > > > > > ><snip> And many of these customers are trademark owners
> > > > > > > >re-acquiring names in which they consider themselves to
> > > > > > > >have intellectual property rights. See
> > > > > > > >http://www.snapnames.com/corporate_clients.html.
> > > > > > > >
> > > > > > > >(All contents of SnapNames' website are protected
> > > from direct
> > > > > > > >copying by applicable copyright laws.)
> > > > > > > >
> > > > > > - snip -
> > > > > >
> > > > > > >
> > > > > > >
> > > > > > > What will you do to support the Trademark owners
> who already
> > > > > > > have the domains that match their trademarks and do
> > > not wish to
> > > > > > > discontinue use of them at any time? None of your
> > > > > > > literature permits these folks to opt-out of your
> automated
> > > re-registration
> > > > > > > program.
> > > > > > >
> > > > > > > :)
> > > > > > >
> > > > > > > ~k
> > > > > >
> > > > >
> > > > > Regards,
> > > > > --
> > > > > Jeffrey A. Williams
> > > > > Spokesman for INEGroup - (Over 121k members/stakeholdes
> > > > > strong!) CEO/DIR. Internet Network Eng/SR. Java/CORBA
> > > > > Development Eng. Information Network Eng. Group. INEG. INC.
> > > > > E-Mail jwkckid1@ix.netcom.com Contact Number: 972-244-3801 or
> > > 214-244-4827
> > > > > Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
> > > > >
> > > > >
> > >
> > > Regards,
> > > --
> > > Jeffrey A. Williams
> > > Spokesman for INEGroup - (Over 121k members/stakeholdes
> > > strong!) CEO/DIR. Internet Network Eng/SR. Java/CORBA Development
> > > Eng. Information Network Eng. Group. INEG. INC. E-Mail
> > > jwkckid1@ix.netcom.com Contact Number: 972-244-3801 or
> 214-244-4827
> > > Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
> > >
> > >
>
> Regards,
> --
> Jeffrey A. Williams
> Spokesman for INEGroup - (Over 121k members/stakeholdes
> strong!) CEO/DIR. Internet Network Eng/SR. Java/CORBA
> Development Eng. Information Network Eng. Group. INEG. INC.
> E-Mail jwkckid1@ix.netcom.com Contact Number: 972-244-3801
> or 214-244-4827
> Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
>
--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|