RE: [nc-transfer] EPP Authorization Information and Domain Transfers

["Hollenbeck, Scott" <shollenbeck@verisign.com>]

Marilyn,

Yes, I believe it's very possible for multiple methods of authorization
information management to co-exist.  The options may well foster the kind of
business practice differentiation that allows registrars to develop
different business models and different consumer services.

Forgetful registrants?  Of course.  In such situations a registrant would
then have to rely on the registrar to retrieve the authorization information
from the registry to return it to the registrant, which does get us back to
a possible registrar responsiveness issue if the registrar doesn't make it
easy to recover forgotten information.  There's never any risk of the
information itself being lost if forgotten.

I'm available at the convenience of the task force to provide whatever
explanatory information might be useful in completing your task.

-Scott-

> -----Original Message-----
> From: Cade,Marilyn S - LGA [mailto:mcade@att.com]
> Sent: Wednesday, October 30, 2002 3:53 AM
> To: Hollenbeck, Scott; nc-transfer@dnso.org
> Subject: RE: [nc-transfer] EPP Authorization Information and Domain
> Transfers
> 
> 
> Scott, I welcome this submission.
> 
> I think this is worth further discussion. I don't know if you 
> envision co-existence of the two? However, I wonder whether 
> also, some registrants might comment on whether registrant 
> management has limitations due to the reality that many 
> registrants are extremely ... could I suggest, forgetful?  I 
> don't know enough at this point about what you are 
> envisioning and believe some further dialogue with the TF 
> will be helpful to us. I've asked Ross Rader if he can 
> coordinate with you toward such a dialogue.
> 
> -----Original Message-----
> From: Hollenbeck, Scott [mailto:shollenbeck@verisign.com]
> Sent: Tuesday, October 29, 2002 4:16 AM
> To: 'nc-transfer@dnso.org'
> Subject: [nc-transfer] EPP Authorization Information and Domain
> Transfers
> 
> 
> During today's transfer task force presentation in Shanghai I 
> noted the
> description of EPP authorization information (called 
> "authorization codes"
> during the presentation) with interest.  As the author of EPP 
> I'd like to
> suggest an alternative to the method of sharing authorization 
> information
> with registrants as described during the presentation [1] and 
> as currently
> practiced by some registrars:
> 
> When I originally envisioned the authorization information concept, I
> believed it would be most useful if a registrant provided the 
> registrar with
> their desired authorization information as part of the 
> process of managing
> the registration of a domain name.  That is, when a name is 
> registered the
> authorization information (typically a password) would be 
> provided by the
> registrant as part of the registration process and passed through the
> registrar to the registry.  If forgotten, the authorization 
> information
> could be retrieved for the registrant from the registry through the
> registrar.  The registrant would thus possess the 
> authorization information
> at all times, and nothing would need to be collected from the 
> registrar to
> facilitate a transfer.
> 
> EPP does not require a registrar to solicit authorization 
> information from a
> registrant, nor does it require the registrar to create authorization
> information for registrants to be returned when requested.  
> The specific
> method of generating authorization information is a matter of 
> registry and
> registrar business practice, with the protocol being flexible 
> enough to
> support different business practices.
> 
> Anyway, to cut to the chase I'd like to simply suggest that 
> the task force
> consider that there is at least one other way to use authorization
> information to facilitate domain name transfers.  Registrar 
> management of
> authorization information is one option.  Registrant management of
> authorization information is another.
> 
> Scott Hollenbeck
> VeriSign Global Registry Services
> 
> [1]
> "Registrars must provide Registrants with authorization codes (where
> applicable) within 72 hours."
>