Re: draft-hollenbeck-grrp-reqs-06 [Was Re: Interim Meeting]

["James Seng/Personal" <James@Seng.cc>]

Actually I was watching this lively discussion so I didnt want to
interrupt. :-) But yea, Sheer got the my point.

This is one place whereby certain policy (however reasonable it seem)
leak into the requirements/protocols.

-James Seng

----- Original Message -----
From: "Sheer El-Showk" <sheer@saraf.com>
To: "Brian W. Spolarich" <briansp@walid.com>
Cc: "Patrick" <patrick@gandi.net>; "James Seng/Personal"
<James@Seng.cc>; "Kent Crispin" <kent@songbird.com>;
<ietf-provreg@cafax.se>
Sent: Tuesday, February 06, 2001 11:17 PM
Subject: RE: draft-hollenbeck-grrp-reqs-06 [Was Re: Interim Meeting]


> Actually, all this is missing the point of (James') the original
> posting.  What he was complaining about was that the authority to
register
> a nameserver under a domain resided with the Registrar which held the
> domain, not the registrant.  As a registrant I may register domain D1
with
> registrar R1, but want to register nameserver N1 within D1 (this is an
> important distinction -- the domain of nameservers for a particular
> domain is not restricted, eg foobar.com can have ns1.foobar.tv as its
> nameserver, but any nameservers being registered _within_ a domain
> must be registered by the source of authority for the domain -- the
> registrant or the registrar, eg only the owner of foobar.com should be
> able to register the nameserver ns1.foobar.com as a nameserver) with
> registrar R2.  James was saying that there should be some kind of
token of
> authority (a PGP key?? ;->) that allows me as a registrant to do
> authoritative things for my domain (like register a nameserver under
> it) through any registrar, not just the one with which I registered
the
> domain.
>
> James, is that right?
>
> If it is, then I am definately in agreement with the general
sentiment.  I
> don't think we should leave domain name authority in the hands of the
> registrars ... that's an implementation issue (ie per registry) and
> should certainly not be enforced by the protocol.  I don't think,
however,
> that this is enough ground to say that Scott's doc is a bad basis for
a WG
> (I havn't actually looked over the revised version enough to say
whether I
> like it or not).
>
> Sorry for that complex clarification.  Hope it helps.
>
> Regards,
> Sheer
>
> On Mon, 5 Feb 2001, Brian W. Spolarich wrote:
>
> > | If anyone can register ns1.foobar.com & ns2.foobar.com (with IP)
then
> > | basically anyone can hijack my domain (pointing www.foobar.com to
> > | whatever IP, etc...)
> > |
> > | Thus the nameservers must be only registered by the Registrar who
has
> > | registered foobar.com, and the Registrar must ensure that only
> > | someone with authority on foobar.com (contacts) can create
> > | *.foobar.com
> > |
> > | There is no conflict possible in that case.
> > | A given nameserver can only be registered once (even if it is used
in
> > | many domains) through only a given Registrar.
> >
> >   Okay, I get it. :-)  I figured it was something like that, but was
having
> > a hard time with the language.
> >
> >   I don't see as strong of a coupling between the hostnames
associated with
> > the authoritative nameservers for a domain and the hijacking
problem.  It is
> > ultimately what shows up in the NS records associated with the
domain that
> > matters.  I might choose to delegate foobar.com to ns1.myisp.net and
> > ns2.myisp.net.  If someone registers nameservers ns1.foobar.com and
> > ns2.foobar.com in the registry this is inconvenient and annoying,
but not
> > really a hijcaking issue.
> >
> >   In addition, I'm not sure that this coupling will work well in a
very
> > distributed context.  Lets say that I own 'foobar.com' today,
registered
> > through registrar 'spumco' and I have two nameservers running,
> > ns1.foobar.com and ns2.foobar.com.  I want to register 'foobar.biz'
and
> > 'foobar.info', using my current nameservers, ns{1,2}.foobar.com.
> >
> >   In order to complete the domain registration I'll have to register
my
> > nameservers into the .biz and .info registries.  Registrar 'spumco',
who
> > performed the 'foobar.com' registration, doesn't offer registrations
with
> > .biz and .info, so I go to registrar 'blammo'.
> >
> >   Does this mean that I cannot register my nameservers through
'blammo' with
> > .biz because 'spumco' holds the registration for 'foobar' in .com?
> >
> >   This seems problematic.
> >
> >   As a registrant, the thing that I care about is that the
nameservers that
> > I registered with my domain don't change unless I explicity
authorize the
> > change.
> >
> >   I'm wondering if the problem here is the idea of having separate
> > nameserver and domain objects.  In my mind, the nameserver is an
attribute
> > of the domain, and doesn't have any independent identity.  What
problem does
> > having the nameservers as separate entities solve?
> >
> >   -bws
> >
>
>
>
>
>