Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Gtld transfer process

  • From: Bruce Tonkin
  • Date: Wed Jan 19 05:06:13 2005

Hello Thor,

> > 
> > (5) The registry will send a message to the losing registrar 
> > confirming that a transfer has been initiated.
> 
> Can you confirm or deny whether this actually happened in the 
> case of the panix.com transfer?

I don't have any direct visibility over this.
I have asked Verisign and Dotster if they can confirm.

My personal view is that I think it unlikely that this part of the
system failed.

Note however that Verisign would send the message via email to Dotster.
Verisign could prove that they sent the email, but it is possible that
it was not delivered.


> 
> The other problem I see in this area is that the RRP 
> specification (if that is in fact the protocol that was used) 

It was.

> seems to claim that this message is out-of-band and thus 
> beyond the scope of the protocol: so it does not (can not) 
> specify an ACK.  If an attacker found a way to prevent this 
> message from being received, even if generated...
> 
> A strictly enforced technical requirement for an ACK here 
> might work wonders (perhaps it would have to be enforced by 
> duping both the confirmation and the ACK to the "System", as 
> RRP so quaintly calls it, and denying future transfers 
> initiated by parties with too many outstanding ACKs).  Not an 
> approval, just an ACK.

Rather than further work on the RRP protocol, it would be better for
Verisign to implement the EPP protocol which has gone through the IETF
process.

Regards,
Bruce




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.