EPP minutia (was: Re: Gtld transfer process)

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Sun Jan 23 10:44:30 UTC 2005

On Sun, 23 Jan 2005 03:40:11 EST, John Curran said:
> At 12:55 AM -0500 1/23/05, Valdis.Kletnieks at vt.edu wrote:

> >Do you have a requirement that the domain remain unchanged even in the
> >face of fraud on the part of the registry itself? 
> I indicated failure or fraud by registrars being the problem, not the registry.

Right, and I asked whether fraud on the part of the registry itself was something
you felt a need to defend against.  Remember that we've caught some registries
doing less-than-exemplary things, so being worried about fraud by registrars while
blissfully ignoring a rogue registry is probably a bad idea...

> ability to clear it without the same explicit direction.   So, where's the lock
> the domain name holder sets which simply can't be cleared without *their*
> consent?

"We have a doesn't-LOOK-forged authorization from you on file..." ;)

> Ideally, a digitally signed request backed by a known chain of CA's,
> followed by a reasonable out-of-band verification process performed
> by the registry with a positive affirmation loop.  There's known art in
> this area (ref: financial services) and it definitely doesn't look like the
> current Intra-Registrar domain transfer policy.

OK.. that gives us all a *much* better idea of what level of protection you want.. 

Looks sane, looks sensible, proper selection of "known chain" even helps with
the rogue registry problem,  looks like something that companies in a particular
mindset would want.  All we need now is for somebody to make a workable
business model out of it.. ;)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20050123/9644a344/attachment.sig>

More information about the NANOG mailing list