Re: [nc-transfer] EPP Authorization Information and Domain Transfers

["Ross Wm. Rader" <ross@tucows.com>]

I agree that we need to deal with the reality as it relates to the
recommendations, but that unless we, as a TF, understand what the potential
of the protocol is, our thinking will be constrained by the current
implementations.

I'm not advocating that we set policy per the spec - we must continue to be
practical, but it might lead us down new paths of consideration that we
haven't explored before.

-rwr

----- Original Message -----
From: "Neuman, Jeff" <Jeff.Neuman@neustar.us>
To: "'Cade,Marilyn S - LGA'" <mcade@att.com>; "Hollenbeck, Scott"
<shollenbeck@verisign.com>; <nc-transfer@dnso.org>
Sent: Wednesday, October 30, 2002 18:58 Moo!
Subject: RE: [nc-transfer] EPP Authorization Information and Domain
Transfers


> While I welcome Scott's contribution, I believe that how the protocol was
> originally designed has been overtaken with the political realities of the
> Registry/Registrar relationship.  For example, I am not sure there are
many
> registrars that would support the idea of the Registry directly
> communicating with the Registrant.  In addition, the contractual realities
> would not protect the registries from fraudulent transfers especially
> because there is no legal relationship.
>
> That being said, we should listen to Scott, but then I would like a chance
> to explain to the group why the "pure" EPP may not work in reality.
>
> Thanks.
>
> Jeff
>
> -----Original Message-----
> From: Cade,Marilyn S - LGA [mailto:mcade@att.com]
> Sent: Wednesday, October 30, 2002 3:53 AM
> To: Hollenbeck, Scott; nc-transfer@dnso.org
> Subject: RE: [nc-transfer] EPP Authorization Information and Domain
> Transfers
>
>
> Scott, I welcome this submission.
>
> I think this is worth further discussion. I don't know if you envision
> co-existence of the two? However, I wonder whether also, some registrants
> might comment on whether registrant management has limitations due to the
> reality that many registrants are extremely ... could I suggest,
forgetful?
> I don't know enough at this point about what you are envisioning and
believe
> some further dialogue with the TF will be helpful to us. I've asked Ross
> Rader if he can coordinate with you toward such a dialogue.
>
> -----Original Message-----
> From: Hollenbeck, Scott [mailto:shollenbeck@verisign.com]
> Sent: Tuesday, October 29, 2002 4:16 AM
> To: 'nc-transfer@dnso.org'
> Subject: [nc-transfer] EPP Authorization Information and Domain
> Transfers
>
>
> During today's transfer task force presentation in Shanghai I noted the
> description of EPP authorization information (called "authorization codes"
> during the presentation) with interest.  As the author of EPP I'd like to
> suggest an alternative to the method of sharing authorization information
> with registrants as described during the presentation [1] and as currently
> practiced by some registrars:
>
> When I originally envisioned the authorization information concept, I
> believed it would be most useful if a registrant provided the registrar
with
> their desired authorization information as part of the process of managing
> the registration of a domain name.  That is, when a name is registered the
> authorization information (typically a password) would be provided by the
> registrant as part of the registration process and passed through the
> registrar to the registry.  If forgotten, the authorization information
> could be retrieved for the registrant from the registry through the
> registrar.  The registrant would thus possess the authorization
information
> at all times, and nothing would need to be collected from the registrar to
> facilitate a transfer.
>
> EPP does not require a registrar to solicit authorization information from
a
> registrant, nor does it require the registrar to create authorization
> information for registrants to be returned when requested.  The specific
> method of generating authorization information is a matter of registry and
> registrar business practice, with the protocol being flexible enough to
> support different business practices.
>
> Anyway, to cut to the chase I'd like to simply suggest that the task force
> consider that there is at least one other way to use authorization
> information to facilitate domain name transfers.  Registrar management of
> authorization information is one option.  Registrant management of
> authorization information is another.
>
> Scott Hollenbeck
> VeriSign Global Registry Services
>
> [1]
> "Registrars must provide Registrants with authorization codes (where
> applicable) within 72 hours."