On Sun, 23 Jan 2005 03:40:11 EST, John Curran said:
At 12:55 AM -0500 1/23/05, Valdis.Kletnieks@vt.edu wrote:
Do you have a requirement that the domain remain unchanged even in the face of fraud on the part of the registry itself?
I indicated failure or fraud by registrars being the problem, not the registry.
Right, and I asked whether fraud on the part of the registry itself was something you felt a need to defend against. Remember that we've caught some registries doing less-than-exemplary things, so being worried about fraud by registrars while blissfully ignoring a rogue registry is probably a bad idea...
ability to clear it without the same explicit direction. So, where's the lock the domain name holder sets which simply can't be cleared without *their* consent?
"We have a doesn't-LOOK-forged authorization from you on file..." ;)
Ideally, a digitally signed request backed by a known chain of CA's, followed by a reasonable out-of-band verification process performed by the registry with a positive affirmation loop. There's known art in this area (ref: financial services) and it definitely doesn't look like the current Intra-Registrar domain transfer policy.
OK.. that gives us all a *much* better idea of what level of protection you want.. Looks sane, looks sensible, proper selection of "known chain" even helps with the rogue registry problem, looks like something that companies in a particular mindset would want. All we need now is for somebody to make a workable business model out of it.. ;)