After thinking about this a little more, is it not the case that your (.biz) problem is your ability to enforce the requirement that registrars allow easy access to the auth codes? This should be quite solvable... simply figure out what your strongest lever is to enforce this (access to the registry perhaps), devise a warning system to give adequate space for exceptional cases and introduction, and launch!
sA Scott Allan Director, OpenSRS [EMAIL PROTECTED] ---------- Forwarded message ---------- Date: Mon, 21 Jan 2002 07:51:43 -0500 (EST) From: Scott Allan <[EMAIL PROTECTED]> To: "Tindal, Richard" <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Subject: RE: Re[2]: .biz Transfer Policy On Sun, 20 Jan 2002, Tindal, Richard wrote: > > > I'm reluctant to jump in here as I've never seen an outsider join the > OpenSRS List without having his ass handed back to him. Richard - As a supplier, your comments are valued and we encourage your participation.... as an Australian however, you may always consider yourself an outsider... ;) As far as EPP and it's auth info security implementation, I agree that it is a noble concept that is poorly implemented generally. I can't help but think that you are trying to solve a problem that you don't have; the market share (in general and by registrar) for registrations within new gTLDs is far different from CNO. Not that there aren't lots of registrants who want to effect transfers within the .biz space, but that there is not quite the same imbalance of legacy registrations through one registrar. Granted, as you state clearly, you are only as strong as the weakest link. I do not appreciate your privacy argument wrt delegation of trust to the gaining registrar, it is semantic at best, and this is not a crowd that cares to appreciate subtle differences in if they stand in the way of effecting registrants wishes. Furthermore, I see real problems with EPP handling bulk transfers - although the protocol allows for "bundling" of names into buckets for simple management, I do not think that it is often used by large registrars. The reason for this is simple; no registrar operates with only one registry, and there are nuances between all the systems that make it difficult to develop to, not to mention the fact that registrars (and resellers even) have there own systems for "simplifying" management for registrants, complicating things further. Until there is a registry wide standard (which will be never), this will cause more problems than it solves IMHO. Plus, it will leave a large loophole for registrars to use to make it onerous for mass transfers. If you can continue to keep us in the loop as to what your plans are on this issue, and solicit our feedback, I imagine we should be able to sort this out. Can you give us any specifics as to what you see as the next steps from your perspective? Regards, sA
