ICANN/DNSO
DNSO Mailling lists archives

[ga-full]


<<< Chronological Index >>>    <<< Thread Index >>>

RE: [ga] RE: WLS Input



I'm sorry Jeff, I honestly don't see the conflict in these two very
consistent statements.

I also don't see why any of this is relevant to the WLS Proposal - which,
again, has absolutely nothing to do with security products.  If you want to
start a new thread on security products, feel free.

-RW

> -----Original Message-----
> From: Jeff Williams [mailto:jwkckid1@ix.netcom.com] 
> Sent: Wednesday, January 16, 2002 10:00 PM
> To: Ron Wiener
> Cc: 'k@widgital.com'; Cameron Powell; ga@dnso.org
> Subject: Re: [ga] RE: WLS Input
> 
> 
> Ron and all assembly members,
> 
>   Interesting here Ron.  Your comments earlier see: 
> http://www.dnso.org/clubpublic/ga/Arc09/msg00583.html
> In which I quote in part seem to be in direct conflict to
> what you are saying below to wit you stated:
> "Of course I'm in agreement that there is a significant security gap. 
> That's
>  why we introduced SnapBack 13 months ago as a safety 
> countermeasure for  those who are concerned about such 
> security risks." And also in your post: 
> http://www.dnso.org/clubpublic/ga/Arc09/msg00574.html
> You seem to be contradicting your comments below also in 
> which you stated to wit: "When we conduct CLE classes 
> (continuing legal  education courses, for credits) we always 
> educate attorneys that the best  strategy is to register for 
> long periods of time.  Besides being far more  economical, 
> it's far more sensible.  Some companies, however, have so 
> much  at stake in a single domain name that they want the 
> extra insurance of a  SnapBack.  One reason is that it 
> provides "early warning" of tampering with  the domain 
> record, e.g. when a webmaster changes the admin contact to 
> his  yahoo account before leaving the company."
> 
> Ron Wiener wrote:
> 
> > Jeff,
> >
> > To my knowledge neither SnapNames nor VeriSign has *ever* 
> touted WLS 
> > as a security product.  To the contrary.  Some of the proposal's 
> > opponents, in seeking to blemish the WLS concept, continue 
> to espouse 
> > the notion - rather ridiculously - that the existence of WLS would 
> > compel current registrants to take subscriptions out on their own 
> > names.  This preposterous allegation has been spread, like 
> folk lore, 
> > to the far corners of these boards, and now apparently 
> being deemed as 
> > fact by innocent bystanders.  If you scan every document or 
> e-mail put 
> > out by VGRS or SnapNames on the WLS you will not find, I 
> assure you, 
> > any hint of the idea that WLS should be viewed as a 
> security product.
> >
> > To be clear: SnapBack and WLS are two entirely different 
> product.  WLS 
> > is a subset of the SnapBack functionality and includes NO security 
> > monitoring.
> >
> > Thanks for the courtesy allowing me to clear the air on this.
> >
> > Cheers,
> > Ron
> >
> >
> > > -----Original Message-----
> > > From: Jeff Williams [mailto:jwkckid1@ix.netcom.com]
> > > Sent: Wednesday, January 16, 2002 8:15 PM
> > > To: Ron Wiener
> > > Cc: 'k@widgital.com'; Cameron Powell; ga@dnso.org
> > > Subject: Re: [ga] RE: WLS Input
> > >
> > >
> > > Ron and all assembly members,
> > >
> > > Ron Wiener wrote:
> > >
> > > > Jeff,
> > > >
> > > > Of course I'm in agreement that there is a significant
> > > security gap.
> > > > That's why we introduced SnapBack 13 months ago as a safety 
> > > > countermeasure for those who are concerned about such
> > > security risks.
> > > > While it's not my area of expertise (we have other people
> > > here who are
> > > > much more knowledgable than I on the RRP/EPP/SRS et al) 
> I'm pretty 
> > > > sure this issue is entirely outside of the scope of the WLS.
> > >
> > >   Security is one of my areas of expertise.  WLS however is being 
> > > touted as is your product, Snapback as in part, an attempt to 
> > > address the security related existing problems, as you 
> stated above 
> > > in your comments, to RRP/SRS.  Hence I am a bit confused 
> as to the 
> > > context and tone of this response in general, and in specific to 
> > > those known security problems/concerns.  Hence my statements to 
> > > address the central problem instead of address that 
> central problem
> > > (Security) as it is directly also related to the Delete issue
> > > through a more concerted effort to develop a solution that
> > > encompasses these directly corresponding or related issues...
> > >
> > > >
> > > >
> > > > Thanks,
> > > > Ron
> > > >
> > > > > -----Original Message-----
> > > > > From: Jeff Williams [mailto:jwkckid1@ix.netcom.com]
> > > > > Sent: Wednesday, January 16, 2002 6:45 PM
> > > > > To: Ron Wiener
> > > > > Cc: 'k@widgital.com'; Cameron Powell; ga@dnso.org
> > > > > Subject: Re: [ga] RE: WLS Input
> > > > >
> > > > >
> > > > > Ron and all assembly members,
> > > > >
> > > > >   Ron, I think that one of the things or central area 
> of concern 
> > > > > here that you are missing is that the problem is really
> > > deeper than
> > > > > you seem to be articulating.  The RRP, SRS and Whois DB's are 
> > > > > not secure or secure enough to thwart simple circumvention in
> > > the case
> > > > > of the RRP.  Hence, the delete problem has legs for
> > > hackers (And not
> > > > > ever really slick ones) to circumvent or otherwise 
> compound the 
> > > > > delete issue, not to mention make record changes as to
> > > ownership of
> > > > > Domain names in the RRP DB.  Same is true for SRS, but to a 
> > > > > lesser degree, and Whois as well.  GIve me a monkey 
> and enough 
> > > > > bananas and I can do just about anything I want with 
> RRP data if 
> > > > > a very short period of time.  Hence a more complete 
> solution for 
> > > > > the delete problem is needed.
> > > > >
> > > > > Ron Wiener wrote:
> > > > >
> > > > > > K, good question.
> > > > > >
> > > > > > There appears to be some confusion between SnapBack -
> > > which is a
> > > > > > monitoring AND waiting list service, and the proposed WLS -
> > > > > which has
> > > > > > no monitoring component.  We have many IP clients including
> > > > > most major
> > > > > > IP law firms, government agencies and many major
> > > corporations who
> > > > > > employ SnapBack primarily for its monitoring capability
> > > and only
> > > > > > secondarily as a double safety net in case their name
> > > accidentally
> > > > > > deletes due to clerical error or registry/registrar
> > > error.  When
> > > > > > we conduct CLE classes (continuing legal education courses,
> > > > > for credits)
> > > > > > we always educate attorneys that the best strategy is to
> > > > > register for
> > > > > > long periods of time.  Besides being far more
> > > economical, it's far
> > > > > > more sensible.  Some companies, however, have so much
> > > at stake in
> > > > > > a single domain name that they want the extra insurance of a
> > > > > SnapBack.
> > > > > > One reason is that it provides "early warning" of tampering
> > > > > with the
> > > > > > domain record, e.g. when a webmaster changes the admin
> > > > > contact to his
> > > > > > yahoo account before leaving the company.  Another reason
> > > > > is that very
> > > > > > often the billing and admin contacts will have left the
> > > > > company in 5
> > > > > > or 10 years when the registration renewal comes up again,
> > > > > and they do
> > > > > > not want to take the risk.  The protection against an
> > > > > illegal transfer
> > > > > > (cyber-jacking) or employee sabotage is far more important 
> > > > > > than accidental cancellation protection, when common sense
> > > is practiced
> > > > > > (i.e. important names are registered for 5 to 10 years).
> > > > > >
> > > > > > Frankly, K, protective use of SnapBack represents low
> > > > > single digits of
> > > > > > the sales of the product.  We have some resellers, e.g. 
> > > > > > NameEngine, that provide domain name management
> > > services to very
> > > > > > large corporations, and they have some protection 
> products in 
> > > > > > which they bundle SnapBack.  There have been some very 
> > > > > > high-profile names that we've recovered for 
> corporate clients 
> > > > > > using SnapBack, like entertainmenttonight.com and 
> > > > > > americanexpress.net, as a couple of examples that come to 
> > > > > > mind.
> > > > > >
> > > > > > As for what we will do in the future to help trademark
> > > holders: We
> > > > > > will continue to offer some form of free monitoring service
> > > > > as we do
> > > > > > today with our SnapShot product, but we plan on introducing
> > > > > a low-cost
> > > > > > security monitoring product separate from SnapBack which
> > > > > will provide
> > > > > > the same security features, plus some new enhancements over 
> > > > > > the current SnapBack product, but without the waiting list
> > > > > function.  This
> > > > > > will be a product that all registrars will be able to offer
> > > > > to their
> > > > > > customers.  It should be ready by Q2.
> > > > > >
> > > > > > Hope that's helpful.  If you have any further questions
> > > > > about how we
> > > > > > can assist trademark holders please feel free to contact
> > > > > our Customer
> > > > > > Support department, and ask for one of the legal
> > > > > professionals on the
> > > > > > staff.
> > > > > >
> > > > > > Cheers,
> > > > > > Ron
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: k@widgital.com [mailto:k@widgital.com]
> > > > > > > Sent: Wednesday, January 16, 2002 7:29 AM
> > > > > > > To: Ron Wiener
> > > > > > > Cc: cameronp@snapnames.com; ga@dnso.org
> > > > > > > Subject: RE: WLS Input
> > > > > > >
> > > > > > >
> > > > > > > ><snip>  And many of these customers are trademark owners 
> > > > > > > >re-acquiring names in which they consider themselves to 
> > > > > > > >have intellectual property rights.  See 
> > > > > > > >http://www.snapnames.com/corporate_clients.html.
> > > > > > > >
> > > > > > > >(All contents of SnapNames' website are protected
> > > from direct
> > > > > > > >copying by applicable copyright laws.)
> > > > > > > >
> > > > > > - snip -
> > > > > >
> > > > > > >
> > > > > > >
> > > > > > > What will you do to support the Trademark owners 
> who already 
> > > > > > > have the domains that match their trademarks and do
> > > not wish to
> > > > > > > discontinue use of them at any time?  None of your 
> > > > > > > literature permits these folks to opt-out of your 
> automated
> > > re-registration
> > > > > > > program.
> > > > > > >
> > > > > > > :)
> > > > > > >
> > > > > > > ~k
> > > > > >
> > > > >
> > > > > Regards,
> > > > > --
> > > > > Jeffrey A. Williams
> > > > > Spokesman for INEGroup - (Over 121k members/stakeholdes
> > > > > strong!) CEO/DIR. Internet Network Eng/SR. Java/CORBA 
> > > > > Development Eng. Information Network Eng. Group. INEG. INC. 
> > > > > E-Mail jwkckid1@ix.netcom.com Contact Number:  972-244-3801 or
> > > 214-244-4827
> > > > > Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
> > > > >
> > > > >
> > >
> > > Regards,
> > > --
> > > Jeffrey A. Williams
> > > Spokesman for INEGroup - (Over 121k members/stakeholdes
> > > strong!) CEO/DIR. Internet Network Eng/SR. Java/CORBA Development 
> > > Eng. Information Network Eng. Group. INEG. INC. E-Mail 
> > > jwkckid1@ix.netcom.com Contact Number:  972-244-3801 or 
> 214-244-4827
> > > Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
> > >
> > >
> 
> Regards,
> --
> Jeffrey A. Williams
> Spokesman for INEGroup - (Over 121k members/stakeholdes 
> strong!) CEO/DIR. Internet Network Eng/SR. Java/CORBA 
> Development Eng. Information Network Eng. Group. INEG. INC. 
> E-Mail jwkckid1@ix.netcom.com Contact Number:  972-244-3801 
> or 214-244-4827
> Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
> 
--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html



<<< Chronological Index >>>    <<< Thread Index >>>