Re: [registrars] Re: Credit Card Proposal

[Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>]

> ipaddress, domain, and hash(credit card)

You'll want to know if the ip addr originates from a dhcp lease pool.
If so, it isn't likely to have a persistent association with any one
computer. That said, given an addr and a date-stamp, the dial-up endpoint
(originating phone number), or the ethernet or cable modem MAC address,
and the subscriber information, can be determined.

You'll want to think about if the set of possible data values is small
enough that all possible hashed values can be generated and compared with
the value that someone is attempting to reverse. I don't know if the pool
of credit card identifiers associated with charge-backs have this property.
If they do, then a one-way cryptographic hash would not be considered
non-reversible, and I don't know what the consequences of that are. Maybe
none.

As I mentioned via phone, domains isn't hard, and it should make transfer
from charge-back impossible, except for those registrars that choose not
to check. The mechanism can be a) unstructured list, someone suggested yet
another constituency listserv (YACLS), b) an ultra-lightweight registry,
c) in the DNS A records, d) in a stop-list similar to the Sunrise
mechanisms of the .info/.biz roll-outs.

What ever it is, it needs to cost no more than current wastage, and not
be conditional upon the conduct of 3rd parties (registries and CC shops),
and cause cost and benefit that meet LOB criteria sufficient to make the
thing attractive, more attractive than the alternatives.

> If anyone would like to collaborate on building such a project I'd be
> happy to lend a hand. just contact me off list.

Ditto.

Eric