From: Rishab Aiyer Ghosh <rishab@best.com>
Date: Thu, 1 Feb 1996 00:17:56 +0800
To: erice@internic.net
Subject: Domain hijacking, Guardian objects
Message-ID: <199601311537.HAA07915@shellx.best.com>
MIME-Version: 1.0
Content-Type: text/plain



Eric,

It is good that you're open to suggestions on the Guardian
bject draft, but is just me or have you been rather quiet about it? I haven't
seen this blared from the rooftops, or even discussed in security/admin
groups with anywhere near the prominence it merits.

My main worry with the latest draft is that it seems
rather daunting. That is perhaps not so important anymore, as
teh days of DIY domain registrations are over, with most people
going through ISPs (unless they're pretty experienced themselves).
And I wonder what you've planned to do about the huge existing
domain base. When you make the announcement, and include
guardians in domain forms, new registrations will be OK. But it
will be a free for all as far as the others are concerned -
as the same evil.org could register a Guardian Object for victim.com,
making it impossible for poor victim.com to do simply file another
(unauthenticated) update, as is possible right now. There will
be simply nothing InterNIC could do either, as the admin and technical
contacts will all be (guarded) addresses of the evil.org owners,
so verification will be almost impossible without legal action
(for which, mind you, some may hold the InterNIC liable).

Perhaps the solution would be NOT TO ALLOW GUARDIAN OBJECTS
TO COVER OLD DOMAINs (and hosts, etc).  At least, not initially.
When the next payment comes in to cover the entry, it should
include a Guardian object application, so that will authenticate
the association between the organisation in the real world of
money, and its Net presence. Another option would be to
prevent modification of domains and other objects that are
'known' to be static, such as mit.edu. I don't know how 
thei would be practical for most domains, though.

Regards,
Rishab

ps. a new peer-review journal on the Internet is starting soon, with
an editorial board full of big names. I'm the international
editor with  additional charge, as it were, for technical and
security issues.  This is an informal call for papers on not-
so-obvious security holes and bottlenecks, such as the InterNIC's
lack of authentication. I'd be interested in a paper on Guardian
Objects; I'm open to writers from within the InterNIC/NSI itself.