Re: EPP minutia (was: Re: Gtld transfer process)

[John Curran <jcurran () istaff org>]

At 12:55 AM -0500 1/23/05, Valdis.Kletnieks () vt edu wrote:
> On Sun, 23 Jan 2005 00:00:29 EST, John Curran said:
>
> > If you believe that REGISTRAR LOCK meets the need, then I've failed
> > to adequately communicate my requirements.  The requirement is my
> > domain remains unchanged despite complete failure or fraud of any
> > number of registrars.
>
> Do you have a requirement that the domain remain unchanged even in the
> face of fraud on the part of the registry itself? 

I indicated failure or fraud by registrars being the problem, not the registry.
The moment that the registrars took it upon themselves to set registrar-lock
without explicit direction of the domain holder, they implicitly picked up the
ability to clear it without the same explicit direction.   So, where's the lock
the domain name holder sets which simply can't be cleared without *their*
consent?

> And what level of "Yes I really mean it" documentation do you consider sufficient
> to turn this *off* in case you *do* need to change something?  Does it
> have to resist a forged e-mail?  Forged fax and hacking your phone system
> so they can answer the confirmation callback?  Forged notarized forms
> mailed to the registry rescinding the lock?  A determined "black helicopter"
> attack on the part of a competitor?

It needs to survive random errors of omission (unlike the present lock...)

Ideally, a digitally signed request backed by a known chain of CA's,
followed by a reasonable out-of-band verification process performed
by the registry with a positive affirmation loop.  There's known art in
this area (ref: financial services) and it definitely doesn't look like the
current Intra-Registrar domain transfer policy.

/John