To:
"'ietf-provreg@cafax.se'" <ietf-provreg@cafax.se>
From:
"Liu, Hong" <Hong.Liu@neustar.biz>
Date:
Fri, 11 Oct 2002 15:32:39 -0400
Sender:
owner-ietf-provreg@cafax.se
Subject:
<authInfo> in Transfer Query for Domain and Contact
Scott, I have a question about <authInfo> being mandatory for the <transfer> command. I understand that it was added into EPP-06 [1] based on the "spying" issue raised by Dan Manley [2]. I also feel that this parameter should be mandatory for the other four operations related to <transfer>, i.e., request, cancel, reject and approve. However, there is a special case where it is helpful NOT to make <authInfo> manadatory. The scenario is the following: domain abc.tld is transferred from Registrar A to Registrar B. During the transfer pending period, both A and B share the knowledge of the same <authInfo> of abc.tld. However, after the transfer is completed successfully, Registrar B may change the <authInfo> (for security reasons or at the request of the registrar of abc.tld). Once that happens, Registrar B will not be able to see the transfer result of abc.tld anymore...However, GRRP Requirements (RFC 3375) requires that (page 10): [8] The protocol MUST provide services that allow both the original sponsoring registrar and the potential new registrar to monitor the status of both pending and completed transfer requests. The same problem exists for <authInfo> being mandatory for contact transfer. Do you think this is a problem in the EPP domain and contact specs that needs to be fixed? Thanks! --Hong [1] http://www.cafax.se/ietf-provreg/maillist/2002-01/msg00080.html [2] http://www.cafax.se/ietf-provreg/maillist/2001-11/msg00043.html