[77522] in North American Network Operators' Group
Re: EPP minutia (was: Re: Gtld transfer process)
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Sun Jan 23 05:45:43 2005
To: John Curran <jcurran@istaff.org>
Cc: Bruce Tonkin <Bruce.Tonkin@melbourneit.com.au>, nanog@merit.edu
In-Reply-To: Your message of "Sun, 23 Jan 2005 03:40:11 EST."
<p06020400be190e7a46ff@[192.168.1.102]>
From: Valdis.Kletnieks@vt.edu
Date: Sun, 23 Jan 2005 05:44:30 -0500
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_1106477069_3985P
Content-Type: text/plain; charset=us-ascii
On Sun, 23 Jan 2005 03:40:11 EST, John Curran said:
> At 12:55 AM -0500 1/23/05, Valdis.Kletnieks@vt.edu wrote:
> >Do you have a requirement that the domain remain unchanged even in the
> >face of fraud on the part of the registry itself?
>
> I indicated failure or fraud by registrars being the problem, not the registry.
Right, and I asked whether fraud on the part of the registry itself was something
you felt a need to defend against. Remember that we've caught some registries
doing less-than-exemplary things, so being worried about fraud by registrars while
blissfully ignoring a rogue registry is probably a bad idea...
> ability to clear it without the same explicit direction. So, where's the lock
> the domain name holder sets which simply can't be cleared without *their*
> consent?
"We have a doesn't-LOOK-forged authorization from you on file..." ;)
> Ideally, a digitally signed request backed by a known chain of CA's,
> followed by a reasonable out-of-band verification process performed
> by the registry with a positive affirmation loop. There's known art in
> this area (ref: financial services) and it definitely doesn't look like the
> current Intra-Registrar domain transfer policy.
OK.. that gives us all a *much* better idea of what level of protection you want..
Looks sane, looks sensible, proper selection of "known chain" even helps with
the rogue registry problem, looks like something that companies in a particular
mindset would want. All we need now is for somebody to make a workable
business model out of it.. ;)
--==_Exmh_1106477069_3985P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFB84ANcC3lWbTT17ARAsE9AKChru3bBgMG6nQBgeWn/8wycGaZwACgxAh2
qFu8qZYA7aXIQDHnPMEfwxI=
=IFwJ
-----END PGP SIGNATURE-----
--==_Exmh_1106477069_3985P--
