IETF provreg mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Sheer El-Showk <sheer@saraf.com>, <ietf-provreg@cafax.se>
From: "Jordyn A. Buchanan" <jordyn@register.com>
Date: Tue, 7 Aug 2001 23:58:12 +0100
In-Reply-To: <Pine.LNX.4.33.0108071630450.3322-100000@laudanum.saraf.com>
Sender: owner-ietf-provreg@cafax.se
Subject: Re: host transfers

At 4:39 PM -0400 8/7/01, Sheer El-Showk wrote:
>  > This is a very good point that I had not thought about at all.  This
>>  also raises the issue of authentication at the time of registration
>>  for nameservers outside of the domain, no?  (How do we know that the
>>  registrar putting ns1.example.com into the .foo registry really
>>  controls example.com?)
>
>This issues seems to have been largely unaddressed before since there has
>only been one large operational protocol based registry (that I know of).

There are others.  I'm pretty sure that all of .uk (sort of), .ca, 
.tv, .ws,, and .cc have "protocol based" registration mechanisms.  I 
think there may be others:  .nu, .la spring to mind.  Did Tucows ever 
get .vc up and running with OpenXRS?  I don't think there's been a 
good forum for them to talk about issues like this, however.  There 
are probably related issues that this isn't the proper forum to deal 
with either, for that matter.

>I could, for example register ns1.example.foo at NSI even though in the
>.foo registry someone else owns example.foo.  Other's using
>ns1.example.foo for .com/.net/.org domains find that its already been
>registered by someone else at NSI and just start using it as the
>nameserver for their domains.   Then, the registrar who registered it at
>NSI can just maliciously rename it to ns2.example.foo even though the
>actual nameserver at the original .foo registry was never modified and
>break resolution of all the linked domains.

This is true, and was the issue I was attempting to highlight.

>
>I don't know if anything can be done about this until the ROID system is
>developed more and registries start using it... then perhaps we can use
>entity authorization information (currently used for registrar-registrar
>transfers) to authorize use of an extra-registry entity by querying the
>outside registry.  Just a thought.

This points to an issue that Scott Hollenbeck and Eric 
Brunner-Williams had words about a few days back.  Since it's come up 
twice in the last week, I'll throw the question(s) out there:

Does EPP need a registry-to-registry communication mechanism?
If not, does a registry-to-registry communication mechanism need to 
exist separate from EPP?

Jordyn

Follow-Ups:
- Re: host transfers
  - From: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>

References:
- Re: host transfers
  - From: Sheer El-Showk <sheer@saraf.com>

Prev by Date: problems with info command
Next by Date: RE: problems with info command
Prev by thread: Re: host transfers
Next by thread: Re: host transfers
Index(es):
- Date
- Thread

Home | Date list | Subject list