ICANN/DNSO
DNSO Mailling lists archives

[nc-transfer]


<<< Chronological Index >>>    <<< Thread Index >>>

[nc-transfer] EPP Authorization Information and Domain Transfers


During today's transfer task force presentation in Shanghai I noted the
description of EPP authorization information (called "authorization codes"
during the presentation) with interest.  As the author of EPP I'd like to
suggest an alternative to the method of sharing authorization information
with registrants as described during the presentation [1] and as currently
practiced by some registrars:

When I originally envisioned the authorization information concept, I
believed it would be most useful if a registrant provided the registrar with
their desired authorization information as part of the process of managing
the registration of a domain name.  That is, when a name is registered the
authorization information (typically a password) would be provided by the
registrant as part of the registration process and passed through the
registrar to the registry.  If forgotten, the authorization information
could be retrieved for the registrant from the registry through the
registrar.  The registrant would thus possess the authorization information
at all times, and nothing would need to be collected from the registrar to
facilitate a transfer.

EPP does not require a registrar to solicit authorization information from a
registrant, nor does it require the registrar to create authorization
information for registrants to be returned when requested.  The specific
method of generating authorization information is a matter of registry and
registrar business practice, with the protocol being flexible enough to
support different business practices.

Anyway, to cut to the chase I'd like to simply suggest that the task force
consider that there is at least one other way to use authorization
information to facilitate domain name transfers.  Registrar management of
authorization information is one option.  Registrant management of
authorization information is another.

Scott Hollenbeck
VeriSign Global Registry Services

[1]
"Registrars must provide Registrants with authorization codes (where
applicable) within 72 hours."



<<< Chronological Index >>>    <<< Thread Index >>>