To:
"Ietf-Provreg" <ietf-provreg@cafax.se>
From:
"Paul George" <pgeorge@saraf.com>
Date:
Tue, 9 Jan 2001 15:03:58 -0500
Importance:
Normal
Sender:
owner-ietf-provreg@cafax.se
Subject:
Security vs. Authorization
I would like to bring up a point about the difference between the security aspects (which should NOT be a part) of the RRP and the authorization (and consequently protection) of each "entity" during transaction processing. While I agree that we should not dictate security protocols and such, I think it is important that we discuss what role the protocol should play in protecting the entities during each transaction. For instance, should the protocol recognize the fact that, while we are defining interactions between only two parties (registry - registrar), there are actually (at least) three parties in almost every conceivable form of real world implmentation? For example, I think the protection of the third party (the registrant) is important and needs to be considered when defining the protocol. Even if it is something as simple as saying that the protocol SHOULD allow for some means of authorizing some or all of the RRP transactions. I don't want to ruffle feathers if this has been rehashed too often, but I would like other people's thoughts on this matter. Thanks a bunch! Paul George SARAF Software Solutions