To:
ietf-provreg@cafax.se
From:
budi@alliance.globalnetlink.com
Date:
Thu, 11 Jan 2001 05:18:03 +0700
In-reply-to:
<DF737E620579D411A8E400D0B77E671D750475@regdom-ex01.prod.netsol.com>
Sender:
owner-ietf-provreg@cafax.se
Subject:
RE: Security vs. Authorization
> > I think that this might be problematic. There should be a > > method to allow "override" in the event the single authorized > > registrar is unwilling/unable to make the change. As I (and others) mentioned earlier, if the authority (in a form of certificate, token, whatever authentication technology implemented) is in the registrant hand, this would not be a problem. The registrant can remove/revoke the authority given to the registrar and delegate the authority to another registrar or even to the registry to make changes. This way, only *one* entity (whoever has the token/certificate) can change the record and it is controlled by the registrant (legal concern is technically addressed here). Security and authentication are addressed in a *clean and ellegant* manner. What more could you ask? ;-) Implementation can be tricky, though. But since we are not talking about implementation, we can defer our concern at a later stage. Of course, if we want more complicated implementation we can have the registry holding key escrow :-) (Although, I don't see the reason why such thing is needed since the registry can change the content.) Thus, the registry is responsible for the integrity of the database. Regards -- budi -- TLD-ID -- Homepage: <http://budi.insan.co.id> my presentation materials, papers, scrapbook, ... and more What's your "web.id"? Register your web.id @ http://www.idnic.net.id