Roger B.A. Klorese wrote:
Second, email can be made much more secure with a web of trust.
That's just hand-waving. You aren't going to get tens of millions of domain name registrants to implement any kind of more secure e-mail than they're already using. They expect to be able to transfer their domain names using e-mail approval, even if they change e-mail addresses ten times a year, they barely know their own e-mail address, and have lost their registrar password. That's not going to change.
In order for that to be true, though, no part of the confirmation process can pass through a party with an interest in the transaction.
Although there's nothing particularly wrong with that idea, it won't make any difference in 99% of the cases.
Almost all domain name hijackings occur when someone gets access to the "owner's" e-mail account, one way or another. When that happens, it doesn't matter who asks the "owner" for confirmation.
Do you really believe that registrars are intentionally looking the other way, allowing transfers of stolen domain names? All the cost, hassle and bad publicity -- for what? A potential profit of literally a couple of dollars if nobody notices?
Most important, your self-interest -- that of your peers, actually, because I trust you -- is a major part of the problem. The registrars are among the criminals, and their (and your) financial involvement automatically creates a conflict of conflict.
If registrars are actually knowingly allowing the criminal hijackings of domain names by third parties, there are plenty of things that can be done; it's not as if the registrars are anonymous. But nobody has provided any proof that registrars are doing so. In every hijacking case I've seen details of, the same thing probably would have happened if the registry was responsible for getting the confirmation.
You could just as easily claim that the registry has a conflict of interest in approving the transaction. After all, the registry makes more money on a transfer than most registrars do!
-- Robert L Mathews, Tiger Technologies http://www.tigertech.net/
