Re: [nc-transfer] CHANGE: SUGGESTED ONLINE WORK ON AUTH-INFO

["Ross Wm. Rader" <ross@tucows.com>]

>
> Can I ask why the registries do not randomly generate an Authinfo code for
> each domain name upon registration and mandate that this information be
> supplied by the registrar to the registrant?  Would that not be a solution
> to the problems that Rick Wesson highlights?

From Rick Wesson...

"The authors of the EPP Internet-Drafts intended the AuthInfo to be created
by the Registrant so that it would be easily remembered. Randomly generated
tokens are often hard for humans to remember and reproduce."

I'm not sure that it would solve the problem given Rick's explanation. The
real issue that the Registries are dealing with is in ensuring that
Registrars actually provide Registrants with the facilities that they need
to generate the tokens, educating Registrants what the value and meaning of
the tokens is and ensuring that the appropriate policy is in place
surrounding the use and exchange of the tokens.

There are no real quick fixes here - to paraphrase from West Wing,
"education is the silver bullet". Other than ensuring that this TF has a
good understanding of the fundamental issues surrounding transfers, I submit
that we have very little work to do from a policy perspective as far as
autho _info codes go. This is an area where we should be ensuring that we
are doing no harm rather than specifying policy in an uncharted operational
area.

-rwr