FW: [registrars] FW: [nc-transfer] FW: Transfers In Thick Registries
Title: Message Comments from a constituency member re: the registry auth-code
presentation this afternoon.
-----Original Message-----
From: Paul Stahura [mailto:stahura@enom.com] Sent: Thursday, August 15, 2002 6:04 PM To: 'ross@tucows.com' Subject: RE: [registrars] FW: [nc-transfer] FW: Transfers In Thick Registries Ross,
Sorry
I could not attend the call.
I
think this is a good document.
The
trouble I foresee is registrars not giving the authcode to
registrants.
(in
your "issues" section to be discussed next week)
A
solution, which I believe .ca registry does (could be wrong on that
though),
is for
the registry to email the auth code to the registrant email
address
directly on request from a registrar, as a back-up method if the
losing registrar
is
unable/does not give out the auth code to registrant.
One
problem I see with this solution (unfortunately there is
always
something it seems), is that if a badguy gets ahold of a domain
name
that
is used as part of the email address on a number of other
names,
those
other names could easily be hijacked. Another problem is that
it
makes
the system less secure. It effectively turns the system
security
into
"mail-to/from". Another problem is that
losing
registrars will rely on this less-secure method and not implement
anything.
But at
least it puts pressure on losing registrars to implement
something
otherwise, their registration base is at security risk. The problem
is the
registrars who do offer the authocode to registrants are also at
risk.
The
solution to *that* is maybe registrars could "opt out", if they
attest
(or
even they could be tested by the registry like when registrars are
tested
before
making registrations at a particular registry)
that
they giveout the authcode to registrants via their registrar
website.
thats
all I could think of now.
Is the
next week call scheduled?
feel
free to post on TF list
Best,
Paul
-----Original Message-----
From: Ross Wm. Rader [mailto:ross@tucows.com] Sent: Thursday, August 15, 2002 2:02 PM To: registrars@dnso.org Subject: [registrars] FW: [nc-transfer] FW: Transfers In Thick Registries Please
find attached a copy of the presentation made this afternoon by the registry
constituency during the transfers task for call that deals with some of the
facts surrounding the implementation of auth-info codes in EPP based registries
(thick and thin) as it relates to the transfers issue that the TF is dealing
with.
If
there are any questions or comments, I would be pleased to answer them or pass
them back to the TF for commentary or inclusion in the
record.
-rwr -----Original Message-----
From: owner-nc-transfer@dnso.org [mailto:owner-nc-transfer@dnso.org] On Behalf Of Neuman, Jeff Sent: Thursday, August 15, 2002 2:10 PM To: 'nc-transfer@dnso.org' Subject: [nc-transfer] FW: Transfers In Thick Registries Here
is an outline of the Registry Presentation today.
Thanks. -----Original Message-----
From: Ram Mohan [mailto:rmohan@afilias.info] Sent: Thursday, August 15, 2002 2:09 PM To: Neuman, Jeff; Neuman, Jeff Subject: Transfers In Thick Registries Jeff,
Enclosed is the outline of my presentation on
Transfers in Thick Registries. Could you please forward this to the
Transfers Task Force?
Best Regards,
Ram
--------------------------------------------------------
Ram Mohan Vice President, Business Operations Afilias.INFO p: +1-215-706-5700; f: +1-215-706-5701 e: rmohan@afilias.info -------------------------------------------------------- |