North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: Gtld transfer process
- From: Bruce Tonkin
- Date: Wed Jan 19 05:06:13 2005
> > (5) The registry will send a message to the losing registrar
> > confirming that a transfer has been initiated.
> Can you confirm or deny whether this actually happened in the
> case of the panix.com transfer?
I don't have any direct visibility over this.
I have asked Verisign and Dotster if they can confirm.
My personal view is that I think it unlikely that this part of the
Note however that Verisign would send the message via email to Dotster.
Verisign could prove that they sent the email, but it is possible that
it was not delivered.
> The other problem I see in this area is that the RRP
> specification (if that is in fact the protocol that was used)
> seems to claim that this message is out-of-band and thus
> beyond the scope of the protocol: so it does not (can not)
> specify an ACK. If an attacker found a way to prevent this
> message from being received, even if generated...
> A strictly enforced technical requirement for an ACK here
> might work wonders (perhaps it would have to be enforced by
> duping both the confirmation and the ACK to the "System", as
> RRP so quaintly calls it, and denying future transfers
> initiated by parties with too many outstanding ACKs). Not an
> approval, just an ACK.
Rather than further work on the RRP protocol, it would be better for
Verisign to implement the EPP protocol which has gone through the IETF