To:
ietf-provreg@cafax.se
From:
Patrick <patrick@gandi.net>
Date:
Thu, 17 Jan 2002 21:04:15 +0100
Content-Disposition:
inline
In-Reply-To:
<Pine.LNX.4.30.0201171048420.24258-100000@loki.ar.com>
Sender:
owner-ietf-provreg@cafax.se
User-Agent:
Mutt/1.3.24i
Subject:
Re: <info> Command and authInfo
On Thu, Jan 17, 2002 at 10:53:13AM -0800, Rick H Wesson took time to write: > > I agree with Bruce on this : the authinfo should have a bigger scope. > > > > Right now it is only for transfers (and thus should have been called > > transfer auth or something like that, not auth info), and as we > > already see it with some Registries using EPP, transfers are hard. > > so transfers are hard with auth-info, thats what i expected, it may take > some time for registrars and registrants to learn to deal with thisck > registries and epp based ones. My point is : if we added auth_info to handle transfer, and to hope that this will make transfers easier, I am sorry but the point is ALREADY missed, and will be even more in the future. This is fact and reality. This is unfortunate, I know. On the paper, everything is great. In life, not so. Time will not change anything. auth_info for transfers just *adds* another layer of complexity, and do not help _at all_. If it was the contrary then why this last same week, both Afilias and Neulevel sent an email to all Registrars, one explaining again what the auth info is, the other saying that transfers will be blocked because *current* (and they are using EPP...) state does not allow to transfers without problems ? Thus, let at least make something useful to this concept of adding an ``authorisation'' at the domain layer (instead of at the contact layer, like it is done so often). > > IMNSHO auth info should enable someone having it to make > > modifications (that is update at least, maybe delete and renew) > > through any other ways (other Registrars, or even the Registry > > directly). Protocols should make that possible, and then > > local policies should specify if it is to be used or not, and if yes, > > how. > > > the consept is that auth-info aids in identifying an entity with > authorization to transfer. The EPP mind-set is that the sponsoring > registrar can updat their own objects; thus its the sponsoring registrar > to authenticate not the registry except in the case of a transfer where by > the gaining registrar authenticates with the registry by the use of the > auth-info token. > > This approch seems reasonable because it MUST be up to the sponsoring > registrar to authenticate in this three-tear model. It mkaes the most > sense from a client-server perspective too. I am not saying this approach is never reasonable. I just say that sometimes yes, sometimes not. Things should not be done so that it can be the only option, otherwise EPP will never get used by more than 5 Registries (the ``gTLD'' ones). Patrick.