- Impact
- 3,203
Following up from the prior thread about the ICANN transfers policy, I've just published a new article:
https://freespeech.com/2022/08/09/making-domain-name-transfers-more-secure/
on my blog about how to make domain name transfers more secure, with two ideas.
The first one involves giving registrants the choice as to whether or not they want to use the ACK/NACK mechanism as an extra layer of security (on an opt-in basis).
The second idea is a bigger change, that would make knowledge of the EPP AuthInfo code (or TAC code, as it's going to be renamed according to the working group) useless to an attacker. Instead, one would get a transaction ID at the gaining registrar, and use that at the losing registrar. By doing so, the ability to misuse an AuthInfo code is diminished, since there'd no longer be one!
Read the entire article for more details.
Lastly, ICANN still refuses to extend the comments deadline until mid-September. If folks can help to get that deadline extended, it would assist the public considerably and provide sufficient time for a quality response (I may not even submit a comment to ICANN, given the current unreasonable deadline).
https://freespeech.com/2022/08/09/making-domain-name-transfers-more-secure/
on my blog about how to make domain name transfers more secure, with two ideas.
The first one involves giving registrants the choice as to whether or not they want to use the ACK/NACK mechanism as an extra layer of security (on an opt-in basis).
The second idea is a bigger change, that would make knowledge of the EPP AuthInfo code (or TAC code, as it's going to be renamed according to the working group) useless to an attacker. Instead, one would get a transaction ID at the gaining registrar, and use that at the losing registrar. By doing so, the ability to misuse an AuthInfo code is diminished, since there'd no longer be one!
Read the entire article for more details.
Lastly, ICANN still refuses to extend the comments deadline until mid-September. If folks can help to get that deadline extended, it would assist the public considerably and provide sufficient time for a quality response (I may not even submit a comment to ICANN, given the current unreasonable deadline).
