At 12:55 AM -0500 1/23/05, Valdis.Kletnieks@vt.edu wrote:
On Sun, 23 Jan 2005 00:00:29 EST, John Curran said:
If you believe that REGISTRAR LOCK meets the need, then I've failed to adequately communicate my requirements. The requirement is my domain remains unchanged despite complete failure or fraud of any number of registrars.
Do you have a requirement that the domain remain unchanged even in the face of fraud on the part of the registry itself?
I indicated failure or fraud by registrars being the problem, not the registry. The moment that the registrars took it upon themselves to set registrar-lock without explicit direction of the domain holder, they implicitly picked up the ability to clear it without the same explicit direction. So, where's the lock the domain name holder sets which simply can't be cleared without *their* consent?
And what level of "Yes I really mean it" documentation do you consider sufficient to turn this *off* in case you *do* need to change something? Does it have to resist a forged e-mail? Forged fax and hacking your phone system so they can answer the confirmation callback? Forged notarized forms mailed to the registry rescinding the lock? A determined "black helicopter" attack on the part of a competitor?
It needs to survive random errors of omission (unlike the present lock...) Ideally, a digitally signed request backed by a known chain of CA's, followed by a reasonable out-of-band verification process performed by the registry with a positive affirmation loop. There's known art in this area (ref: financial services) and it definitely doesn't look like the current Intra-Registrar domain transfer policy. /John