From: Griffith, Ian N. 
Sent: Monday, 2 June 2003 4:33 PM
To: 'Jo Lim'
Subject: RE: [announce] auDA policy reviews in June 2003


I agree with the limit of 20 inquiries per hour, though I wonder why
that many. Perhaps 20 per day is enough.

However, I wonder how to identify the same person. People can get
another IP address.

People can delete cookies. People can use the phone, internet, etc. If 
inquiries were authorised by using another domain name, how do you
know who it belongs to. etc. In other words, people can get around the 
restriction in most cases.

How can you be sure that one user has had his quota and stop further 
inquiries?


From: Griffith, Ian N. 
Sent: Tuesday, 3 June 2003 10:31 AM
To: 'Jo Lim'
Subject: RE: [announce] auDA policy reviews in June 2003
 
that was my point. You have rules which cannot be enforced.

eg. dial-up user hangs up after 20 attempts and redials. Most ISPs allocate 
IP addresses each time a connection is made. So you say you cannot know who 
is connecting.

Perhaps I should suggest that inquiries can only be made by registered 
organisations. After all, who else would need and be entitled to the info. 
Then you KNOW who is asking, and getting registered should be more complex 
than just filling in a form. Like a company or business registration, fees 
should be charged and full director names etc. need to be listed via 100 
points, etc.