DNSO Mailling lists archives


<<< Chronological Index >>>    <<< Thread Index >>>

RE: [nc-transfer] EPP Authorization Information and Domain Transfers

All, I've asked Ross to invite Scott to a discussion on our next Transfer call/as a guest.
Of course, any TF member always has the ability to ask questions. Should any of you 
wish to make a presentation of a technical focus, email me offline so I can allocate time for you as a speaker. that is only if you are stepping out of your role as a TF member and becoming a "speaker".  or RECOMMEND A DIFFERENT SPEAKER. BUT REMEMBER THE RELEVANCE OF THIS TO THE REST OF THE WORK LOAD... 


-----Original Message-----
From: Ross Wm. Rader [mailto:ross@tucows.com]
Sent: Wednesday, October 30, 2002 8:45 PM
To: Neuman, Jeff; Cade,Marilyn S - LGA; Hollenbeck, Scott;
Subject: Re: [nc-transfer] EPP Authorization Information and Domain

I agree that we need to deal with the reality as it relates to the
recommendations, but that unless we, as a TF, understand what the potential
of the protocol is, our thinking will be constrained by the current

I'm not advocating that we set policy per the spec - we must continue to be
practical, but it might lead us down new paths of consideration that we
haven't explored before.


----- Original Message -----
From: "Neuman, Jeff" <Jeff.Neuman@neustar.us>
To: "'Cade,Marilyn S - LGA'" <mcade@att.com>; "Hollenbeck, Scott"
<shollenbeck@verisign.com>; <nc-transfer@dnso.org>
Sent: Wednesday, October 30, 2002 18:58 Moo!
Subject: RE: [nc-transfer] EPP Authorization Information and Domain

> While I welcome Scott's contribution, I believe that how the protocol was
> originally designed has been overtaken with the political realities of the
> Registry/Registrar relationship.  For example, I am not sure there are
> registrars that would support the idea of the Registry directly
> communicating with the Registrant.  In addition, the contractual realities
> would not protect the registries from fraudulent transfers especially
> because there is no legal relationship.
> That being said, we should listen to Scott, but then I would like a chance
> to explain to the group why the "pure" EPP may not work in reality.
> Thanks.
> Jeff
> -----Original Message-----
> From: Cade,Marilyn S - LGA [mailto:mcade@att.com]
> Sent: Wednesday, October 30, 2002 3:53 AM
> To: Hollenbeck, Scott; nc-transfer@dnso.org
> Subject: RE: [nc-transfer] EPP Authorization Information and Domain
> Transfers
> Scott, I welcome this submission.
> I think this is worth further discussion. I don't know if you envision
> co-existence of the two? However, I wonder whether also, some registrants
> might comment on whether registrant management has limitations due to the
> reality that many registrants are extremely ... could I suggest,
> I don't know enough at this point about what you are envisioning and
> some further dialogue with the TF will be helpful to us. I've asked Ross
> Rader if he can coordinate with you toward such a dialogue.
> -----Original Message-----
> From: Hollenbeck, Scott [mailto:shollenbeck@verisign.com]
> Sent: Tuesday, October 29, 2002 4:16 AM
> To: 'nc-transfer@dnso.org'
> Subject: [nc-transfer] EPP Authorization Information and Domain
> Transfers
> During today's transfer task force presentation in Shanghai I noted the
> description of EPP authorization information (called "authorization codes"
> during the presentation) with interest.  As the author of EPP I'd like to
> suggest an alternative to the method of sharing authorization information
> with registrants as described during the presentation [1] and as currently
> practiced by some registrars:
> When I originally envisioned the authorization information concept, I
> believed it would be most useful if a registrant provided the registrar
> their desired authorization information as part of the process of managing
> the registration of a domain name.  That is, when a name is registered the
> authorization information (typically a password) would be provided by the
> registrant as part of the registration process and passed through the
> registrar to the registry.  If forgotten, the authorization information
> could be retrieved for the registrant from the registry through the
> registrar.  The registrant would thus possess the authorization
> at all times, and nothing would need to be collected from the registrar to
> facilitate a transfer.
> EPP does not require a registrar to solicit authorization information from
> registrant, nor does it require the registrar to create authorization
> information for registrants to be returned when requested.  The specific
> method of generating authorization information is a matter of registry and
> registrar business practice, with the protocol being flexible enough to
> support different business practices.
> Anyway, to cut to the chase I'd like to simply suggest that the task force
> consider that there is at least one other way to use authorization
> information to facilitate domain name transfers.  Registrar management of
> authorization information is one option.  Registrant management of
> authorization information is another.
> Scott Hollenbeck
> VeriSign Global Registry Services
> [1]
> "Registrars must provide Registrants with authorization codes (where
> applicable) within 72 hours."

<<< Chronological Index >>>    <<< Thread Index >>>