Comments from a constituency member re: the registry auth-code
presentation this afternoon.
Ross,
Sorry I could not attend the call.
I
think this is a good document.
The
trouble I foresee is registrars not giving the authcode to
registrants.
(in
your "issues" section to be discussed next week)
A
solution, which I believe .ca registry does (could be wrong on that
though),
is
for the registry to email the auth code to the registrant email
address
directly on request from a registrar, as a back-up method if the
losing registrar
is
unable/does not give out the auth code to registrant.
One
problem I see with this solution (unfortunately there is
always
something it seems), is that if a badguy gets ahold of a domain
name
that
is used as part of the email address on a number of other
names,
those other names could easily be hijacked. Another problem is
that it
makes the system less secure. It effectively turns the system
security
into
"mail-to/from". Another problem is that
losing registrars will rely on this less-secure method and not
implement anything.
But
at least it puts pressure on losing registrars to implement
something
otherwise, their registration base is at security risk. The
problem is the
registrars who do offer the authocode to registrants are also at
risk.
The
solution to *that* is maybe registrars could "opt out", if they
attest
(or
even they could be tested by the registry like when registrars are
tested
before making registrations at a particular
registry)
that
they giveout the authcode to registrants via their registrar
website.
thats all I could think of now.
Is
the next week call scheduled?
feel
free to post on TF list
Best,
Paul
Please find attached a copy of the presentation made this afternoon by
the registry constituency during the transfers task for call that deals with
some of the facts surrounding the implementation of auth-info codes in EPP
based registries (thick and thin) as it relates to the transfers issue that
the TF is dealing with.
If
there are any questions or comments, I would be pleased to answer them or pass
them back to the TF for commentary or inclusion in the
record.
-rwr
"There's a fine line between fishing and standing on
the shore like an idiot."
- Steven Wright
Please review our ICANN
Reform Proposal:
http://www.byte.org/heathrow
Here
is an outline of the Registry Presentation today.
Thanks.
Jeff,
Enclosed is the outline of my presentation on
Transfers in Thick Registries. Could you please forward this to the
Transfers Task Force?
Best Regards,
Ram
--------------------------------------------------------
Ram Mohan
Vice President, Business Operations
Afilias.INFO
p:
+1-215-706-5700; f: +1-215-706-5701
e: rmohan@afilias.info
--------------------------------------------------------