Does anyone know if the panix.com domain did, in fact, have an RRP
status of registrar-lock in the .com registry sometime before it was
hijacked?
According to a couple of articles Panix officials insist that the
panix.com domain had been registrar locked while George DeCarlo, vice
president of marketing at Dotster (Panix's registrar), is reported
saying that Panix did not sign onto Dotster's domain-locking service.
If we ignore the serious issue of potential notification failures
and look at just the registrar-lock issue, there are several
possible scenarios:
1) Panix never requested that the panix.com domain be locked.
2) Panix requested the lock, but their registrar did not pass this
request to the .com registry.
3) Panix's registrar requested the lock, but the .com registry
failed to set the lock status.
4) The registrar-lock status was set at the registry, but it was
fraudulently cleared prior to the domain transfer.
5) The registrar-lock status was set at the registry, but the
domain was transferred despite the lock.
Did I miss a scenario? I'd like to know which scenario occurred in
the panix.com hijack, hence my interest in whether the .com registry
was reporting the status of panix.com as registrar-lock prior to the
hijack.
-Richard
<Richard Parker>
George DeCarlo, vice
president of marketing at Dotster (Panix's registrar), is reported
saying that Panix did not sign onto Dotster's domain-locking service.
</Richard Parker>
On a side, customer service-ish note, when the changes took effect,
BulkRegister _told_ me registrar-lock was being enabled on all my domains.
I then had the choice of keeping it that way, or actively shutting the
service off on my domains. I liked that they took the initiative to do
that. Now if I could just get my old employer/current ISP to approve the
transfer to my new employer, then I would be set . . .
Joe Johnson
Based on last month data it did not have in registrar-lock. I believe
registrar lock for all panix domain (including panix.net, access.net)
was added on January 15th.
Based on what I heard in public so far, I'm seeing the following scenario
which paints the picture in which everyone did something that as a whole
led to the panix.com hijacking:
1. ICANN
On November applied new rules allowing for domains to be transfered
without positive authorization. This might have relaxed necessary
transfer requirements at MIT as well as how Dotster reacts to upcoming
transfer requests
2. MelburneIT
Something happened in its process, I can imagine several scenarios:
1. it relied on its Reseller to get authorization and its quite
likely reseller failed to do so in correct way (Note: Not being
MIT reseller, I don't know for sure, but its possible they provide
interface for reseller to tell registrar they have fax authorization
but then don't check on the fax prior to completing the transfer)
2. its possible mechanism for authorizing the transfer in automated
way could be predicated (i.e. one could synthesize web post or
email that would approve transfer based on knowing domain name,
email address of domain administrator and unique id of the domain
within MIT), possibly they faked email coming from panix.com that
seems to have approved the transfer
3. Panix
Its likely that they failed to request registrar lock from Dotster
4. Dotster
It seems likely that they failed to provide notification of the upcoming
transfer to its customer because they considered that its only OPTIONAL
based on ICANN's policies (Note: I maybe wrong here as dotster actually
said they did not even know the domain is being transfered). Its also
possible that Panix.com requested registrar lock and Dotster did not
set it up.
Based on last month data it did not have in registrar-lock. I believe
registrar lock for all panix domain (including panix.net, access.net)
was added on January 15th.
I assume the domain panix.com is excluded from the list of domains locked by
Panix on January 15th, since by then the panix.com domain had been hijacked
and as such was no longer under their administrative control. Correct? I
checked the status of panix.com approximately an hour after the hijack and
and at that time the domain was not locked, presumably because the hijacker
himself had not requested a lock.
If Panix did indeed lock a number of their other domains on January 15th
following the hijack of panix.com, that is circumstantial evidence that when
the hijack occurred the panix.com domain did not have a status of
registrar-lock in the .com registry.
Based on what I heard in public so far, I'm seeing the following scenario
which paints the picture in which everyone did something that as a whole
led to the panix.com hijacking:
Thanks for the informative summary William.
-Richard