Eric, It is good that you're open to suggestions on the Guardian bject draft, but is just me or have you been rather quiet about it? I haven't seen this blared from the rooftops, or even discussed in security/admin groups with anywhere near the prominence it merits. My main worry with the latest draft is that it seems rather daunting. That is perhaps not so important anymore, as teh days of DIY domain registrations are over, with most people going through ISPs (unless they're pretty experienced themselves). And I wonder what you've planned to do about the huge existing domain base. When you make the announcement, and include guardians in domain forms, new registrations will be OK. But it will be a free for all as far as the others are concerned - as the same evil.org could register a Guardian Object for victim.com, making it impossible for poor victim.com to do simply file another (unauthenticated) update, as is possible right now. There will be simply nothing InterNIC could do either, as the admin and technical contacts will all be (guarded) addresses of the evil.org owners, so verification will be almost impossible without legal action (for which, mind you, some may hold the InterNIC liable). Perhaps the solution would be NOT TO ALLOW GUARDIAN OBJECTS TO COVER OLD DOMAINs (and hosts, etc). At least, not initially. When the next payment comes in to cover the entry, it should include a Guardian object application, so that will authenticate the association between the organisation in the real world of money, and its Net presence. Another option would be to prevent modification of domains and other objects that are 'known' to be static, such as mit.edu. I don't know how thei would be practical for most domains, though. Regards, Rishab ps. a new peer-review journal on the Internet is starting soon, with an editorial board full of big names. I'm the international editor with additional charge, as it were, for technical and security issues. This is an informal call for papers on not- so-obvious security holes and bottlenecks, such as the InterNIC's lack of authentication. I'd be interested in a paper on Guardian Objects; I'm open to writers from within the InterNIC/NSI itself.