To:
Olivier Guillard <Olivier.Guillard@nic.fr>, "Hollenbeck, Scott" <shollenbeck@verisign.com>
Cc:
"'Paul George'" <pgeorge@saraf.com>, Ietf-Provreg <ietf-provreg@cafax.se>
From:
"Jordyn A. Buchanan" <jordyn@register.com>
Date:
Wed, 10 Jan 2001 12:27:07 -0500
In-Reply-To:
<20010110180253.B26632@james.nic.fr>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: Security vs. Authorization
At 06:02 PM 1/10/2001 +0100, Olivier Guillard wrote: > > [n] The protocol MUST provide services to confirm registrar > authorization to > > [delete|renew|update|transfer] an object. > >What happen if the registrant want to change something and the registrar >doesn't want to do it? > >What happen if the registrar declare himself has the registrant? > >Are you sure that the registrar is the only one entitle do performe any >change? I really think this is an issue of policy more than one of technology. We're building a protocol by which registrars and similar entitites can interact with registries, not a communications channel by which registrants can communicate directly with the registry. If a registrar isn't doing what they're supposed to be doing for a registrant, the registrant can transfer the domain to a different registrar, or use whatever contracts or polices exist in order to bludgeon the registrar into taking appropriate action. Jordyn