For some operations or situations 24 hours would be too long a time to
wait. There would need to be some mechanism where the delay could be
bypassed.
What operation requires a new domain be published within 24 hours? Even
banks require several days before honoring checks as protection against
fraud. A slight delay allows preemptive enforcement measures. It seems
most if not all operations could factor in this delay into their
planning.
Doug and I completely agree on this issue.
So again, I ask: When does a policy breakdown become an operational
issue?
I would posit that it does when criminals are able to abuse the
system.
Certainly, in a case where everything works according to plan.
What about the inputs to the system, however, and the potential for abuse? Who decides the legigitmacy/reputational value of a particular domain? What about mistakes and collateral damage?
I would posit that it does when criminals are able to abuse the
system.
Almost any system can be abused by people with bad intentions. I
am a strong advocate to not holding back on features, tools, new
technologies or whatever merely because someone could abuse with
it. The problem is the abuser, not the tool. We need to stop the
abusers, not the tools.
We should certainly always attempt to improve the tools, better
the routines and so forth but always keep in mind that no matter
what we do they will adapt and find another angle.
If we add a 24h period to domain registrations, what harm will it
REALLY do to the abusers? They will just register a myriad of the
domains they want, have them stored and push them out when needed
instead of at once.
If we add some checkups on who registers a domain name, they will
get middlemen to do it for them. Just look at the captcha stuff
added on various sites to prevent spammers that lead to spammers
paying people small amounts of money for each captcha solved, or
put up fake pr0n sites where the visitors got free images when
they solved a captcha (that was linked from the actual site).
If we block low TTL from functioning we would break tools that
use the low TTL setting for fast changing environments, load
balancing or whatever and we would also block ourselves from a
quick merger from one system to another for our customers.
I don't want to sound all negative to efforts suggested that we
may have use for in a _current_ problem; but we should consider
what they will do next when we make major changes to a general
system that will likely bother ourselves more than them.