lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: karsten at rohrbach.de (Karsten W. Rohrbach)
Subject: Teen hacker controls ebay

Florian Weimer(fw@...eb.enyo.de)@2004.09.10 03:14:10 +0000:
> * Rainer Duffner:
> 
> >> Personally, I can't comprehend how the default for something like that
> >> would be "Yes", 
> >
> > Because, if the ISP is bankrupt, the "YES" will never come.
> 
> And that's a problem because of ...?

Operations. Some of us call it daily business.

> DENIC (the registry) claims to have a direct contractual relationship
> with all domain holders (not "owners", registering a domain doesn't
> grant you ownership, at least most of the time).

Which means what, if you chose a "cheap domain" wholesale provider who
"accidentally" sets himself as admin-c?
Which means what, if you happen to _move_ a domain from one provider to
another, implying consent between the two ISPs involved?

> In theory, you would resolve such a problem with DENIC.  In practice,
> DENIC doesn't have the infrastructure to deal with bankruptcy even of
> a small DENIC member/registrar.

DENIC could not care less, if your current ISP's gone bankrupt or what
not. It is not their business. You mail in a KK (request for "connectivity
coordination") and they process it. Finito. If your ISP does not answer
the request, the KK will be ACKed, which is a good thing.

Also, provider "lock-in" is not possible this way. No provider can block
your domain for transfer without a "NACK", which would have dire
consequences when it hits the courts.

> > IMHO (and several others more involved in the domain-trading biz)
> 
> The problem is that domains are used for more things than just for
> domain trading.  The current focus on easy domain transfers might have
> made sense a few years ago, but now there are some major stakeholders
> which will simply put DENIC out of the loop if the DENIC processes
> can't guarantee stable delegations, for whatever reason.

DENIC is probably just the messenger in this game. Don't shoot'em.

If a 3rd party registry acts on behalf of their customers with DENIC,
they need to play by the rules. If they don't, the customer has a
problem.

FWIW, I get unauthorized KK requests every now and then, which are
passed to me by my ISP. I NACK them, end of story. My ISP plays by the
DENIC rules and passes me the requests in-time, so it's no biggie.

Regards,
/k

-- 
> Love is a snowmobile racing across the tundra and then suddenly it flips
> over, pinning you underneath.  At night, the ice weasels come.
> --Matt Groening
webmonster.de -- InterNetWorkTogether -- built on the open source platform
http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/
GnuPG:   0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4  A113 B393 6BF4 DEC9 48A6
Please do not remove my address from To: and Cc: fields in mailing lists. 10x

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ