RE: <info> Command and authInfo

[Rick H Wesson <wessorh@ar.com>]

Scott,

ok, my comments were not meant as an ad-hominem attack on you, we have
known each other a long time and I'm not attacking you personally, but I
do have strong opinion on the subject from a long experience with RRP.

registries have a contract with registrars and MUST enforce those
contracts; we should not be designing defense from datamining into the
protocols. registries MUST enforce their contracts and provide appropriate
oversite of the registrars.

We have recent experience of registrars abusing the common resource of a
RRP based registry, just because the Registry does not enforce their
contracts does not mean we should design mechanisms into the protocol to
cover administrative procedures.

I hope this clarifies my previous comment. apologies if you thought they
were of a personal nature directed at you.

personal regards,

-rick



On Mon, 14 Jan 2002, Hollenbeck, Scott wrote:

> > -----Original Message-----
> > From: Rick H Wesson [mailto:wessorh@ar.com]
> > Sent: Monday, January 14, 2002 12:24 PM
> > To: Hollenbeck, Scott
> > Cc: 'ietf-provreg@cafax.se'
> > Subject: Re: <info> Command and authInfo
> >
> >
> >
> > please don't turn this spec into VeriSigns view of a Domain Registry. Up
> > till now you have done a good job of engineering but it seems as though
> > your employer is creeping into your work.
>
> Rick, I really object to any insinuation that there's any employer bias
> creeping into anything here.  My comments on RRP were provided to document
> experience with a similar protocol.  Data mining is a real issue, and the
> current EPP spec has said for a LONG time about the way the info command
> should be implemented -- and it's NOT what you suggested ("the status
> command should be open to all registrars").  Instead of an ad-hominem
> attack, why not address the data mining risk and merit or detriment of the
> change proposal?
>
> -Scott-
>