To:
ietf-provreg@cafax.se
From:
Jarle Greipsland <jarle@uninett.no>
Date:
Wed, 08 Aug 2001 13:16:25 +0200 (CEST)
Sender:
owner-ietf-provreg@cafax.se
Subject:
EPP reliance on registrar sponsorship model
Hi,
first I am sorry for not getting in to the game at an earlier stage.
I have just recently read through the protocol requirements document,
and I found it a good read, and most of its contents to be independent
of whatever registry model a registry follows. However, the concept
of registrar sponsorships permeates a couple of the chapters,
particularly 3.4.5 Object Transfer. Searching through the mailing
list archives I found indications that not all registries have a
notion of registrar sponsorships, but that their registrars to a large
degree operates as brokers or resellers. The requirement ("MUST")
that a registry behave in a specified way towards the registrars,
e.g. the original sponsoring registrar MUST have the opportunity to
reject or accept an object transfer, this, will prove difficult to
implement if the registry does not recognize registrar sponsorships.
To me it seems that the requirements document mostly uses the
registrar sponsorships as an authorization mechanism, i.e. the
registrar is authorized to make changes to whatever objects it
sponsors, while other non-sponsoring registrars have a much more
limited sets of rights with regards to the objects (i.e. typically
only a right to reference the object or initiate a transfer). This of
course fits well with the current operational models of the existing
gTLDs.
I think we would be better served by having the registrar sponsorship
concept replaced by a more general authorization mechanism.
Registries that wish to work within the registrar sponsorship model
can then do so by (explicitly or implicitly) authorizing the "current
registrar" to make any changes to a given object, including the right
to reject or accept a transfer. Registries that wish to operate
within another model, e.g. the registry will register digital
certificates for individuals or organizations, and attach attributes
to objects authorizing certificate holders to perform a given set of
operations on the object (provided the request is properly signed by
the holder) no matter what registrar forwards the request to the
registry, can then do so.
A more general authorization model will also make it possible to
restrict the referencing of registry objects. This can be useful in
situations where for instance an ISP is working hard to decommision an
old name server, and don't want referenced in any new domain name
registrations. If the registry supports a notion of "reference
approvals", the ISP can put an attribute on the name server object
that rejects any new references.
Thoughts?
-jarle