On Tue, Dec 14, 2021 at 01:34:06PM -0500, Bill Cole wrote:
For example, I could *CLAIM* to be an independent customer of whoever runs scconsult.com as a registry, and I just "registered" billmail.scconsult.com with them, and therefore am completely innocent of the bad behavior by some evil guy who "registered" spammer.scconsult.com.
Yes, totally. This was an issue we experienced with dyndns.org domains, for instance (I used to work there). The ICANN community remit is basically policy over the DNS root zone, and despite the many efforts various people have made to sell them as "the people in charge of the DNS" the DNS, plainly, does not actually work that way.
The legitimacy of eu.org and uk.com *as registries* is unmoored to ICANN policy, just as scconsult.com would be if I ran it as a registry+registrar. I don't follow ICANN activities closely but I believe that they explicitly allow registrars and registries to judge a domain to be used abusively and rescind the registration. Back in the distant past, some would do so.
COM has always been fairly reluctant to cancel things. PIR, who are the registry for ORG, have IMO a fairly robust but narrow meaning of "abuse", which they definitely enforce. There are ICANN consensus policies that make it much easier for the registrar to act than for the registry, however, and that is how the market is designed & so is as it should be. (Full disclosure: I'm the CEO of the Internet Society, and PIR is a supporting organization of the Internet Society. I am not speaking for the Internet Society here and I'm definitely not speaking for PIR.) A -- Andrew Sullivan a...@anvilwalrusden.com
