To:
Sheer El-Showk <sheer@saraf.com>
Cc:
ietf-provreg@cafax.se
From:
Martin Oldfield <m@mail.tc>
Date:
Thu, 15 Feb 2001 14:23:18 +0000 (GMT)
In-Reply-To:
<Pine.LNX.4.21.0102141842390.24130-100000@laudanum.saraf.com>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: draft-hollenbeck-grrp-reqs-06 [Was Re: Interim Meeting]
>>>>> "Sheer" == Sheer El-Showk <sheer@saraf.com> writes a splendid >>>>> email in which the benefits of assigning each object in the >>>>> registry its own key are discussed. (I hope that's not too great >>>>> a misrepresentation.) I think there are two other disadvantages of this approach when compared to a scheme in which `contacts' (for want of a better word) authenticate themselves, and access rights are confered on the basis of the inter-object relationships. 1. Typically the registrant will have a whole bunch of objects in the database. If each one of these has its own key, then I think most registrants will get confused. 2. Concentrating on the case of a domain being transfered for a moment, I think giving the domain its own key makes this harder. If registrant A sells the domain to B, then after the sale A really shouldn't have access rights. If the access to the domain is controlled on the basis of its contacts then all well and good; if its on the basis of a public key then one needs to ensure that all the key management happens in synchrony. Cheers, -- Martin Oldfield, AdamsNames Ltd.