To:
shollenbeck@verisign.com (Hollenbeck, Scott)
Cc:
pgeorge@saraf.com ('Paul George'), ietf-provreg@cafax.se (Ietf-Provreg)
From:
Bill Manning <bmanning@ISI.EDU>
Date:
Wed, 10 Jan 2001 08:06:40 -0800 (PST)
In-Reply-To:
<DF737E620579D411A8E400D0B77E671D75045C@regdom-ex01.prod.netsol.com> from "Hollenbeck, Scott" at Jan 10, 2001 08:57:44 AM
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: Security vs. Authorization
Are there lessons to be learned from the RIPE registry/db experience? % We've talked about authorization a bit in the context of transfers, but % perhaps it also makes sense to consider an authorization requirement for % other operations that can change the state of an object, such as renews, % updates, and deletes. Would anyone object to adding a requirement like this % to sections 3.6 (Object Update), 3.8 (Object Renewal/Extension), and 3.10 % (Object Deletion): % % [n] The protocol MUST provide services to confirm registrar authorization to % [delete|renew|update|transfer] an object. % % (This is a minor rewording of the transfer requirement change suggested by % Jordyn.) % % <Scott/> -- --bill