To:
"Jordyn A. Buchanan" <jordyn@register.com>
cc:
<ietf-provreg@cafax.se>
From:
Sheer El-Showk <sheer@saraf.com>
Date:
Tue, 7 Aug 2001 16:39:41 -0400 (EDT)
In-Reply-To:
<a05100c10b795e24e2ee0@[217.33.137.193]>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: host transfers
> This is a very good point that I had not thought about at all. This > also raises the issue of authentication at the time of registration > for nameservers outside of the domain, no? (How do we know that the > registrar putting ns1.example.com into the .foo registry really > controls example.com?) This issues seems to have been largely unaddressed before since there has only been one large operational protocol based registry (that I know of). I could, for example register ns1.example.foo at NSI even though in the .foo registry someone else owns example.foo. Other's using ns1.example.foo for .com/.net/.org domains find that its already been registered by someone else at NSI and just start using it as the nameserver for their domains. Then, the registrar who registered it at NSI can just maliciously rename it to ns2.example.foo even though the actual nameserver at the original .foo registry was never modified and break resolution of all the linked domains. I don't know if anything can be done about this until the ROID system is developed more and registries start using it... then perhaps we can use entity authorization information (currently used for registrar-registrar transfers) to authorize use of an extra-registry entity by querying the outside registry. Just a thought. Sheer