Read through.... Charles Daminato OpenSRS Product Manager Tucows Inc. - [EMAIL PROTECTED]
> -----Original Message----- > From: David Harris [mailto:[EMAIL PROTECTED]] > Sent: July 10, 2002 2:20 PM > To: 'Charles Daminato'; [EMAIL PROTECTED] > Subject: RE: Any way to transfer domain with photo-id auth instead of > e-mail > > > > Charles Daminato [mailto:[EMAIL PROTECTED]] wrote: > > There isn't anything in place within OpenSRS to provide that manner of > > authorization for transfers. Definitely a good idea for a product > offering, > > but it's not something we'll be able to "turn on" any time soon (i.e. > in > > time to save this particular domain). > > OK. > > <memory type=fond> > David thinks back to when the transfer auth bounce messages contained > the transfer approval password. Ah the responsibility; the power to > better serve our customers... > </memory> <cynic> the ability to screw over registrants, the power to flick a firm finger in the face of WIPO disputes... </cynic> > > But I do like this idea, even as a last alternative.... > > I called Domain Discover (www.domaindiscover.com) and they said that > they could do this. I remember that they used to do transfer exclusively > through photo-id forms instead of e-mail to the administrative contact. > Now they do e-mail to the administrative contact just like OpenSRS, but > they still have the photo-id form and the inhouse process, so they can > still process transfer orders that way. ICANN allows the registrar to "verify authenticity" of the transfer - but doesn't say by what method. It's up to the registrar - email is easier than photo-id (but photo-id could arguably be a 'more secure' method). > However, the guy I talked to said that this was because they had to send > the photo-id paperwork to the registry, Network Solutions. I explained > that the registry was a thin registry and didn't store contact > information. But it seemed like we were talking past each other a bit on > that point. This makes me hesitant. I could call back and try to talk to > someone else at Domain Discover who might know the process better, but I > haven't. Hrm... I *DO* know that we have to keep copies of all authorizations (since it's electronic, it's all in the DB, and can be reconstructed if need be). Any losing registrar, or ICANN, can request proof of authorization. But they don't need to be proactive on this regard (perhaps NSI, as a losing registrar, was asking - and they'd have contact info). > Can you shed any light on this? Does this sound as strange to you as it > does to me? A little, but depends on the actual scenario (as per above), could be more to it than they were explaining. We they sending the paperwork to the registrAR? I don't believe the registrY has any impetus to be aware of transfer authorizations, unless assisting in a dispute with ICANN (but I don't recall, in my memory, them getting involved in any transfer bits aside from providing logs for date/time of requests) > > Of course, for those registrars that require administrative > intervention to > > approve the transfer AWAY, this won't help there. > > Right, right. That's partly why the transfer AWAY intervention is so > _evil_. That's why the registry/registrar contracts call for an auto > ACK. The gaining registrars should fully control the authentication, so > they can innovate! :-) Well, the registry business rules call for an auto ACK. They also don't call explicitly for an auto ACK from the registrar :( > (*shudder* I almost sound like a Microsoft lawyer: "freedom to > innovate." More like "freedom to have a strangle hold.") > > David Harris > President, DRH Internet Inc. > [EMAIL PROTECTED] > http://www.drh.net/ > > >
