Re: [nc-transfer] EPP Authorization Information and Domain Transfers
It might make some sense to invite Scott to brief us further on this
comment. While we have heard much about how registries have implemented EPP,
I'm not sure that we have a complete understanding of the protocol itself.
If there is an interest, please send me a note off-list and I will see what
I can arrange with Scott. Also, if there are additional elements of "pure"
EPP that you think we should hear about, also drop me a line so that we can
give Scott a heads-up regarding our expectations and extend a "fair"
invitation to him.
----- Original Message -----
From: "Hollenbeck, Scott" <email@example.com>
Sent: Tuesday, October 29, 2002 04:16 Moo!
Subject: [nc-transfer] EPP Authorization Information and Domain Transfers
> During today's transfer task force presentation in Shanghai I noted the
> description of EPP authorization information (called "authorization codes"
> during the presentation) with interest. As the author of EPP I'd like to
> suggest an alternative to the method of sharing authorization information
> with registrants as described during the presentation  and as currently
> practiced by some registrars:
> When I originally envisioned the authorization information concept, I
> believed it would be most useful if a registrant provided the registrar
> their desired authorization information as part of the process of managing
> the registration of a domain name. That is, when a name is registered the
> authorization information (typically a password) would be provided by the
> registrant as part of the registration process and passed through the
> registrar to the registry. If forgotten, the authorization information
> could be retrieved for the registrant from the registry through the
> registrar. The registrant would thus possess the authorization
> at all times, and nothing would need to be collected from the registrar to
> facilitate a transfer.
> EPP does not require a registrar to solicit authorization information from
> registrant, nor does it require the registrar to create authorization
> information for registrants to be returned when requested. The specific
> method of generating authorization information is a matter of registry and
> registrar business practice, with the protocol being flexible enough to
> support different business practices.
> Anyway, to cut to the chase I'd like to simply suggest that the task force
> consider that there is at least one other way to use authorization
> information to facilitate domain name transfers. Registrar management of
> authorization information is one option. Registrant management of
> authorization information is another.
> Scott Hollenbeck
> VeriSign Global Registry Services
> "Registrars must provide Registrants with authorization codes (where
> applicable) within 72 hours."