So, an "oops, I screwed up, and am in a panic" fee, of, say $100 and
a quick but accurate identity check combined would take care of such
an emergency. The fee would pay for the expense of the identity
check, and perhaps provide a bit of profit for the registrar. This
seems reasonable and workable. Or the fee could just be an extra
profit for registrar and registry, raise the cost of doing business
for the abusers, and also be workable.
What purpose does an identity check serve? How do you verify the
identity? If a domain name is already registered, what value is there
to the "identity" check? What identity are you verifying? The
individual requesting the update? The company? What happens when you
find yourself unable to navigate the County Clerk's office at 5:01PM
to look up that fictitious name filing?
If you want to establish identities, the time to do that is at
registration time - not crunch time.
Why not simply limit updates? As a method for stopping rapid update
abuse, limits would seem to be highly effective.
Possible policy:
You get two "instant updates" a month. This is sufficient to handle a
change of nameserver, plus a correction for the inevitable error.
Further updates are allowed once every two days, similar to past policy.
Or maybe even less.
If you need more "instant updates," you pay a fee to the registrar, who
can be made to have an interest in making sure that the transaction is
not a fraud.
... JG
Why not make it so that instant updates require a human to show up in person somewhere and give their fingerprint.
(there are a huge number of businesses out there that make a living handling transactions where identity matters (think western union, etc),
perhaps some of them would be happy to have the business. the fees involved could cover their costs and some profit)
To maintain access I would let many businesses participate in the front end of this (I can pay my phone bill at a number of local businesses in person if I’m too much of a loser to get it done ahead of time with a bank account or credit card)…
(This is probably a stupid idea for some reason I can’t think of at the moment, but it seemed worth mentioning)
...
What purpose does an identity check serve? How do you verify the
identity? If a domain name is already registered, what value is there
to the "identity" check? What identity are you verifying? The
individual requesting the update? The company? What happens when you
find yourself unable to navigate the County Clerk's office at 5:01PM
to look up that fictitious name filing?
If you want to establish identities, the time to do that is at
registration time - not crunch time.
Hello, my name is Joe Greco, I made a bad mistake registering the IP
addresses of dns1.sol.net, dns2.sol.net, dns4.sol.net, and dnsz.sol.net,
and I need you to change them to 216.218.130.2, 216.218.131.2,
216.218.132.2, and 216.218.132.2, respectively. I have deposited $100
to you via PayPal to cover the sudden-change fee.
Now YOU tell ME what purpose an identity check serves. 