Re: [nc-transfer] EPP Authorization Information and Domain Transfers
I agree that we need to deal with the reality as it relates to the
recommendations, but that unless we, as a TF, understand what the potential
of the protocol is, our thinking will be constrained by the current
I'm not advocating that we set policy per the spec - we must continue to be
practical, but it might lead us down new paths of consideration that we
haven't explored before.
----- Original Message -----
From: "Neuman, Jeff" <Jeff.Neuman@neustar.us>
To: "'Cade,Marilyn S - LGA'" <email@example.com>; "Hollenbeck, Scott"
Sent: Wednesday, October 30, 2002 18:58 Moo!
Subject: RE: [nc-transfer] EPP Authorization Information and Domain
> While I welcome Scott's contribution, I believe that how the protocol was
> originally designed has been overtaken with the political realities of the
> Registry/Registrar relationship. For example, I am not sure there are
> registrars that would support the idea of the Registry directly
> communicating with the Registrant. In addition, the contractual realities
> would not protect the registries from fraudulent transfers especially
> because there is no legal relationship.
> That being said, we should listen to Scott, but then I would like a chance
> to explain to the group why the "pure" EPP may not work in reality.
> -----Original Message-----
> From: Cade,Marilyn S - LGA [mailto:firstname.lastname@example.org]
> Sent: Wednesday, October 30, 2002 3:53 AM
> To: Hollenbeck, Scott; email@example.com
> Subject: RE: [nc-transfer] EPP Authorization Information and Domain
> Scott, I welcome this submission.
> I think this is worth further discussion. I don't know if you envision
> co-existence of the two? However, I wonder whether also, some registrants
> might comment on whether registrant management has limitations due to the
> reality that many registrants are extremely ... could I suggest,
> I don't know enough at this point about what you are envisioning and
> some further dialogue with the TF will be helpful to us. I've asked Ross
> Rader if he can coordinate with you toward such a dialogue.
> -----Original Message-----
> From: Hollenbeck, Scott [mailto:firstname.lastname@example.org]
> Sent: Tuesday, October 29, 2002 4:16 AM
> To: 'email@example.com'
> Subject: [nc-transfer] EPP Authorization Information and Domain
> During today's transfer task force presentation in Shanghai I noted the
> description of EPP authorization information (called "authorization codes"
> during the presentation) with interest. As the author of EPP I'd like to
> suggest an alternative to the method of sharing authorization information
> with registrants as described during the presentation  and as currently
> practiced by some registrars:
> When I originally envisioned the authorization information concept, I
> believed it would be most useful if a registrant provided the registrar
> their desired authorization information as part of the process of managing
> the registration of a domain name. That is, when a name is registered the
> authorization information (typically a password) would be provided by the
> registrant as part of the registration process and passed through the
> registrar to the registry. If forgotten, the authorization information
> could be retrieved for the registrant from the registry through the
> registrar. The registrant would thus possess the authorization
> at all times, and nothing would need to be collected from the registrar to
> facilitate a transfer.
> EPP does not require a registrar to solicit authorization information from
> registrant, nor does it require the registrar to create authorization
> information for registrants to be returned when requested. The specific
> method of generating authorization information is a matter of registry and
> registrar business practice, with the protocol being flexible enough to
> support different business practices.
> Anyway, to cut to the chase I'd like to simply suggest that the task force
> consider that there is at least one other way to use authorization
> information to facilitate domain name transfers. Registrar management of
> authorization information is one option. Registrant management of
> authorization information is another.
> Scott Hollenbeck
> VeriSign Global Registry Services
> "Registrars must provide Registrants with authorization codes (where
> applicable) within 72 hours."