> If you're going to do any vetting, the time to do it is at
> not at crunch time.
The bulk of the discussion over the past few days was directed at the
practice of rapid updates of BRAND NEW DOMAIN NAMES. Clearly this is
entirely separate from the issue of updating information for an
established domain name.
So... the obvious solution is to start requiring all sorts of odd and
strange vetting requirements? I can't even figure out what problem that
is trying to solve.
The problem of rapid updates for brand new domain names is not entirely
separate from that of established ones. In many cases, established ones
can be caught at auction and the created date never gets updated.
Further, in the future, if you think about what the response is likely
to be, those who are doing bad things will simply allow their domains to
age the necessary year (or whatever) to get around your differentiation
between "new" and "established."
So really this boils down to limiting automated updates to nameservers.
"I believe I made that suggestion previously." Hmm.
> Designing a system which doesn't allow for some level of
> anonymity (let's
> say for whistleblower/bloggers) requires some serious debate that goes
> far beyond "what are the security implications."
That is really a separate issue.
Not really, but it requires a broad view of the bigger picture.
This discussion is about limiting the
damage caused by domains which do rapid NS switching. If we know which
domains are new, DNS operators could put them on probation and only
allow a minimum TTL of 1 day on those names. The domain owner can still
switch NSes but the queries won't chase him, therefore he will sell less
product and quickly stop doing NS switching. If he's not NS switching
then it is easier to track him down, blackhole him, filter him,
Expecting all (or even a significant fraction) of the DNS operators in
the world to do this in order to combat phishing is simply insane. If
that's what you're suggesting, I'll counterpropose space based lasers
with HAL9000 intelligences to roast the culprits off the face of the