To:
ietf-provreg@cafax.se
From:
Jarle Greipsland <jarle@uninett.no>
Date:
Wed, 08 Aug 2001 13:16:25 +0200 (CEST)
Sender:
owner-ietf-provreg@cafax.se
Subject:
EPP reliance on registrar sponsorship model
Hi, first I am sorry for not getting in to the game at an earlier stage. I have just recently read through the protocol requirements document, and I found it a good read, and most of its contents to be independent of whatever registry model a registry follows. However, the concept of registrar sponsorships permeates a couple of the chapters, particularly 3.4.5 Object Transfer. Searching through the mailing list archives I found indications that not all registries have a notion of registrar sponsorships, but that their registrars to a large degree operates as brokers or resellers. The requirement ("MUST") that a registry behave in a specified way towards the registrars, e.g. the original sponsoring registrar MUST have the opportunity to reject or accept an object transfer, this, will prove difficult to implement if the registry does not recognize registrar sponsorships. To me it seems that the requirements document mostly uses the registrar sponsorships as an authorization mechanism, i.e. the registrar is authorized to make changes to whatever objects it sponsors, while other non-sponsoring registrars have a much more limited sets of rights with regards to the objects (i.e. typically only a right to reference the object or initiate a transfer). This of course fits well with the current operational models of the existing gTLDs. I think we would be better served by having the registrar sponsorship concept replaced by a more general authorization mechanism. Registries that wish to work within the registrar sponsorship model can then do so by (explicitly or implicitly) authorizing the "current registrar" to make any changes to a given object, including the right to reject or accept a transfer. Registries that wish to operate within another model, e.g. the registry will register digital certificates for individuals or organizations, and attach attributes to objects authorizing certificate holders to perform a given set of operations on the object (provided the request is properly signed by the holder) no matter what registrar forwards the request to the registry, can then do so. A more general authorization model will also make it possible to restrict the referencing of registry objects. This can be useful in situations where for instance an ISP is working hard to decommision an old name server, and don't want referenced in any new domain name registrations. If the registry supports a notion of "reference approvals", the ISP can put an attribute on the name server object that rejects any new references. Thoughts? -jarle