Ideally, (i.e., the way things should work according to our charter) NCUC's policy committee, which consists of our elected GNSO Council members, should take the initiative here. If they can draft something - even just a list of bullet points - and send it to the list the rest of us can take it from there. >>> Frannie Wellings <[log in to unmask]> 1/18/2005 4:43:35 PM >>> I understand Marc is hesitant, but I really think NCUC should issue a statement/submit comments about this. ICANN is requesting comments on the transfer policy due February 1. See: http://www.icann.org/announcements/announcement-12jan05.htm How do we want to go about this? Best, Frannie At 4:18 PM -0500 1/18/05, Milton Mueller wrote: >Marc: >Not quite sure whether a TLD wouild have helped panix yet, but I do >know that your analysis of Verisign and DNSSEC is not correct. The >reason DNSSEC cannot be implemented for .com is because there are so >many (tens of millions) of domain names in it. The processing >requirements of DNSSEC applied to that scale is a major problem. > >But the root zone, which contains TLD, does not now and never will >contain millions of records. > >>>> Marc Schneiders <[log in to unmask]> 1/18/2005 2:29:29 PM >>> >On Tue, 18 Jan 2005, at 12:04 [=GMT-0500], Milton Mueller wrote: > >> This incident underscores one of the reasons why ICANN should have a >> policy of regularly adding TLDs to make them available for those who >> need and can operate them. > >Though I agree about adding more TLDs, I don't see how it helps in >hijacking domains. > >> Businesses and noncommercial services that depend entirely on a >domain >> name may want to have the option of owning, rather than "renting," >their >> domain in order to increase security. > >Maybe we can learn something from the trade mark people here as >regards ownership of something that can also become defunct, if you >don't use it? > >> According to my imperfect >> understanding, it is easier to implement DNSSEC at the TLD level than >at >> the SLD level. > >I have little understanding of DNSSEC too. I do understand enough >about it, I think, to know that it would not have helped panix.com. >Also the implementation is most difficult precisely at the TLD level. >An engineer from VeriSign is the one who has time and again pointed >out (on IETF mailing lists, when I still had time to read them) that >the present protocol is impossible for a zone the size of .com. It >would take ages and a very, very powerful machine to sign it. > >Marc Schneiders -- ~~~ Frannie Wellings Policy Fellow, the Electronic Privacy Information Center ~ http://www.epic.org Director, The Public Voice ~ http://www.thepublicvoice.org 1718 Connecticut Ave. N.W., Suite 200 Washington, D.C. 20009 USA [log in to unmask] +1 202 483 1140 x 107 (telephone) +1 202 483 1248 (fax) ~~~