[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: First come/First served

On Tue, 19 Nov 1996, Pierre Beyssac wrote:

> Michael Dillon writes:
> > We don't need domain names to be authenticated; we just need a guaranteed
> > way to find the real-world identity of the domain owner. IMHO the IAHC
> > would do well to address the issue of bogus contact email addresses and
> > P.O. Box addresses. 
> 
> Could you elaborate on that, please? i.e. I fail to see why it is
> necessary to do this via postal mail.

If we want to tell people to work out their disputes in the courts then we
must ensure that the information they need to do this is freely available. 
Therefore, if we are going to allow the .biz registry to give 
ibm.biz to International Ballon Manufacturers we must ensure that IBM
Corp. can identify who has registered ibm.biz in order to take direct
legal action without involving the IAHC, IANA or the .biz registry.

A DNS registry is not like a corporate names registry. If you form a
corporation you apply to the government and they compare your proposed
name with all other company names that are known within the same legal
jurisdiction (province, state, country). They reject names that may be
confused with some other company. But a DNS registry is doing something
different. It is providing a way for a company to publish a name which is
not currently in use. The registry certifies nothing other than the
uniqueness of the name and the address of the organization. To prevent
organizations from keeping secrets the registry should ensure that

  a. the IP addresses given by the applicant really do work
     and really do belong to the domain in question.

  b. the email addresses given by the applicant really do exist
     and really do reach a person who will respond within a
     reasonable time period.

  c. the so-called postal address given by the applicant really
     does exist and can be used by anybody to serve legal documents
     upon the organization registering the name. Il faut que nous
     savons où présenter la citation.

> Domains don't exist out of thin air: they are hosted somewhere, on
> a physical machine at a physical location on a physical network.
> The network owner can generally be identified through his IP
> provider. The network owner can in turn easily determine the owner
> of the machine the domain (DNS server) is hosted on. etc. In short,
> maybe it would be enough to identify network owners.

The DNS is a public announcement. We should not require people to be
detectives to discover who has registered a particular name.

> > And it's not too much to demand that the so-called mailing address for a 
> > domain be an actual physical location where a warrant or other legal
> > document can be served if need be, not a P.O. Box address. If this means
> > that registries need to maintain separate mailing address and legal
> > address, then so be it. If this means that a registry cannot register
> > a domain without some real-world proof of identity then so be it.
> 
> Looks like a North-American-centric point of view to me. How can
> you reliably check the identity of users in hundreds of countries?

Use an agent that resides in each country.

Michael Dillon                   -               ISP & Internet Consulting
Memra Software Inc.              -                  Fax: +1-604-546-3049
http://www.memra.com             -               E-mail: michael@memra.com