To:
"Patrick" <patrick@gandi.net>, <ietf-provreg@cafax.se>
From:
"Ross Wm. Rader" <ross@tucows.com>
Date:
Thu, 17 Jan 2002 16:31:47 -0500
Reply-To:
"Ross Wm. Rader" <ross@tucows.com>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: <info> Command and authInfo
> > Or the command was badely designed. > (it seems to me that if a Registry using EPP right now says that the > current state is not ok to do transfers... then it is not a social > problem of someone not willing to do something...) Sounds pretty social to me... "We also understand that many registrars are just now becoming familiar with the capabilities and functionality of the "auth-info" tokens provided by the so-called "thick registries" including .biz and .info. However, overall knowledge of the thick registry transfer process, particularly at the Registrant level, is still minimal or non-existent. Some of the problems that have come to our attention include (a) that some Registrars are generating blanket (common) tokens for all domain name registrants; (b) other registrars are not providing tokens to their customers at all; (c) registrants are neither requesting tokens nor do they have an adequate understanding about the need or use for tokens. Finally, there do not yet exist secure and efficient systems for token retrieval (re-issuance) in cases where a token is lost or stolen. The net result is that few unique, secure and valid tokens are getting into the hands of registrants, and hence to potential gaining Registrars. While this is not the result of bad faith or bad practice by Registrars, it is currently causing a gap in the education of the Registrar community and with our ultimate consumers, the Registrants. The industry and end-user population have simply not been educated in the proper use of "auth-info" tokens. This is the fault and responsibility of NeuLevel as much as anyone. We feel that it is both our responsibility and obligation to ensure that systems for the proper issue, storage and processing of tokens are institutionalized within the industry. ... Therefore, we intend to freeze .BIZ transfers for a period of 30 to 60 days and engage in a program of channel/user education regarding transfers with tokens. In this program we will work with you to create systems and awareness for the issue, storage and processing of secure, unique, valid tokens. We do not believe this is an insurmountable task. We are at fault for not initiating it sooner, and we want to advance this dialogue with you for the betterment of our industry practices and for the enhancement of the end-user experience." -rwr