ICANN/DNSO
DNSO Mailling lists archives

[registrars]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [registrars] EPP Informed Consent



Mike,

> (1) the registrant and/or admin contact can only get the auth code from his
> registrar (losing registrar), thus adequate safeguards can be implement
> here;
>
> NOTE: Under the PIR (.ORG) agreement and my .US proposal, the registrar auth
> codes must be unique (added security)

under origional design the AuthInfo in EPP were to be used as a passowrd,
a humanly remberable string.

your proposal breaks this assumption and much of the design for AuthInfo
in epp; infact it might even break some business models of registrars so
please be careful of your recomendations and you might even want to
circulate them with some the the folks that implement this stuff on the
client side.

Its not added security if folks have to write them down some place because
they aren't able to keep all their domains with the same AuthInfo token.

-rick




<<< Chronological Index >>>    <<< Thread Index >>>