To:
Sheer El-Showk <sheer@saraf.com>, <ietf-provreg@cafax.se>
From:
"Jordyn A. Buchanan" <jordyn@register.com>
Date:
Tue, 7 Aug 2001 23:58:12 +0100
In-Reply-To:
<Pine.LNX.4.33.0108071630450.3322-100000@laudanum.saraf.com>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: host transfers
At 4:39 PM -0400 8/7/01, Sheer El-Showk wrote: > > This is a very good point that I had not thought about at all. This >> also raises the issue of authentication at the time of registration >> for nameservers outside of the domain, no? (How do we know that the >> registrar putting ns1.example.com into the .foo registry really >> controls example.com?) > >This issues seems to have been largely unaddressed before since there has >only been one large operational protocol based registry (that I know of). There are others. I'm pretty sure that all of .uk (sort of), .ca, .tv, .ws,, and .cc have "protocol based" registration mechanisms. I think there may be others: .nu, .la spring to mind. Did Tucows ever get .vc up and running with OpenXRS? I don't think there's been a good forum for them to talk about issues like this, however. There are probably related issues that this isn't the proper forum to deal with either, for that matter. >I could, for example register ns1.example.foo at NSI even though in the >.foo registry someone else owns example.foo. Other's using >ns1.example.foo for .com/.net/.org domains find that its already been >registered by someone else at NSI and just start using it as the >nameserver for their domains. Then, the registrar who registered it at >NSI can just maliciously rename it to ns2.example.foo even though the >actual nameserver at the original .foo registry was never modified and >break resolution of all the linked domains. This is true, and was the issue I was attempting to highlight. > >I don't know if anything can be done about this until the ROID system is >developed more and registries start using it... then perhaps we can use >entity authorization information (currently used for registrar-registrar >transfers) to authorize use of an extra-registry entity by querying the >outside registry. Just a thought. This points to an issue that Scott Hollenbeck and Eric Brunner-Williams had words about a few days back. Since it's come up twice in the last week, I'll throw the question(s) out there: Does EPP need a registry-to-registry communication mechanism? If not, does a registry-to-registry communication mechanism need to exist separate from EPP? Jordyn