> > 2) Innocent user owns the domain -- Criminal renews the domain, then when > > the user claims they knew nothing about it (which is true), RSP/OpenSRS > > suspends the domain, and an innocent user has lost the domain after having > > done nothing wrong. > > 2b) A malicious person tries to get someone else's domain revoked/held > by renewing the domain with a fraudulant credit card.
That was the whole point of #2. > 2c) A criminal has a completely untraceable way to verify if a stolen credit > card number works. (Although there are many others) True, although there are plenty of other options out there. > And problem requiring: > > 1) Innocent's domain expires because he forgot the domain admin password, > or employee who had such password was terminated. (Happens way more > often than you'd think). Not only a lost password... Also invalid contact email addresses (owner AND admin), AND the domain has already expired before anyone realized the problem -- This means the billing email address is wrong as well, otherwise they'd have received notifications 90/60/30 days prior to expiry, no? Don't get me wrong, it's a problem, and it needs manual intervention to fix, but it's not as though you can't fix it for days, it just needs someone to pop into the RWI and renew the domain.
