To:
<ietf-provreg@cafax.se>
From:
Dan Cohen <dcohen@register.com>
Date:
Wed, 10 Jan 2001 15:49:16 -0500
In-Reply-To:
<NEBBLCENNOFNBFFFGCEIMECKCAAA.pgeorge@saraf.com>
Sender:
owner-ietf-provreg@cafax.se
Subject:
RE: Security vs. Authorization
At 03:04 PM 01/10/2001 -0500, Paul George wrote: >I believe we should ensure data integrity so far as technology is concerned. >But, does "data integrity" address the concern I brought up in the first >place? Which was: > > "what role the protocol should play in protecting > the entities during each transaction." > >When I say "entities" I mean ALL entities, not just the Registrar and the >Registry. Even though I think we probably could come up with technical ways to protect registrants from registrar's bad behavior, I don't think we should. The whole point of having gTLD registrars separate from the registry is that the registrars are responsible to the registrants, and the competition between registrars and the ability to transfer causes registrants to get better service. I realize that most of the ccTLDs don't have this model, but that just means that ccTLD registries don't have to protect registrants from registrars. The registrants enter into agreements with the registrars, and the registrars are legally responsible to provide the registrant with appropriate levels of service. Also, registrars have agreements with ICANN (and probably with the registries as well) that require them to provide an appropriate level of service to the registrants. These agreements, plus general business sense, should be enough to keep registrars (and their employees) in line. Adding extra authentication that the registrant is responsible for will greatly inconvenience all of the "entities" involved, and really raise the cost for everyone (think of all the extra customer service interactions the registries would now have to handle if they had to assist registrants that lost their authenticating information). Dan Dan Cohen Manager of Software Engineering Register.Com, Inc. 212-798-9260