RE: [registrars] unsanctioned whois concepts (long)

["Christopher Ambler" <chris@xxxxxxxxxx>]

I've been thinking about Tim's proposal, and it seems a lot like what EPP
does now, no?

The gaining registrar is given the key from the customer. The gaining
registrar can then do a WHOIS lookup at the losing registrar, using the
RegWIRE whitelisted information and give the key (a typical lookup in Tim's
system on port 43 might look like "example.com /xml /key=[keyinfo]"). This
has the side effect of letting the losing registrar know that a transfer is
being initiated.

Nothing prevents bad actors from not giving out a key. Nothing prevents bad
actors from not participating in a whitelisting system like Tim and I are
proposing. But since we're all good actors, those few bad actors will find
themselves in the minority, I would think. What happens to registrars who
won't give out EPP keys now, or who refuse to ack a transfer?

Christopher

-----Original Message-----
From: owner-registrars@xxxxxxxxxxxxxx
[mailto:owner-registrars@xxxxxxxxxxxxxx] On Behalf Of Rick Wesson
Sent: Thursday, October 30, 2003 12:22 PM
To: Tim Ruiz
Cc: markjr@xxxxxxxxxxx; registrars@xxxxxxxx
Subject: Re: [registrars] unsanctioned whois concepts (long)


Tim,

some questions for you about your proposal:
   how does the gaing registrar validate the key?

   who takes responsibility for fraud? how is this expressed in the
contracts?

   in thin registry how does the gaining registrar obtain the registrant
information?

   what prevents bad actors from not giving out a "key"


thanks,

-rick


On Thu, 30 Oct 2003 13:17:01 -0600
"Tim Ruiz" <tim@xxxxxxxxxxx> wrote:

> Rick,
> 
> Not sure I agree entirely with Mark's ideas either. But in regards to
> transfers, it is only a problem as long we continue to assume that the
> only way for transfers to work is to have them start with the gaining
> registrar. There is a better solution to transfers that would not rely
> on whois at all and would drastically reduce the potential for disputes
> and fraud. Have them start with the losing registrar who provides a key
> to the registrant and the registry upon request (the losing registrar
> has most accurate info to determine if it is a legitimate request) and
> the registrant can take that key to the registrar of their choice and
> complete a transfer in seconds.
> 
> Tim
> 
> 
> -----Original Message-----
> From: owner-registrars@xxxxxxxxxxxxxx
> [mailto:owner-registrars@xxxxxxxxxxxxxx] On Behalf Of Rick Wesson
> Sent: Thursday, October 30, 2003 11:23 AM
> To: Mark Jeftovic
> Cc: registrars@xxxxxxxx
> Subject: Re: [registrars] unsanctioned whois concepts (long)
> 
> On Thu, 30 Oct 2003 11:59:41 -0500 (EST)
> Mark Jeftovic <markjr@xxxxxxxxxxx> wrote:
> 
> 
> > My ideas essentially break down to:
> > 
> > - De-centralize the location of the records.
> 
> significantly increases complexity of transfers. not every domain rusn a
> web site and your proposal would require every domain to have an A
> record and answer on port 80 to specific http requests.
> 
> I would ( and i expect many others in the IETF ) would not recomend
> such.
> 
> > - Revising the Data Elements attached to those record
> 
> things like "proposed use" lead to enforcement; we don't want to
> encourage any type of content enforcement.
> 
> do you have an ideas on inter-registrar data transfer as transfers
> require?
> 
> -rick
> 
>