Ross Wm. Rader wrote:
These are semantics that wouldn't address the core problem.
Semantics is the study of meaning. You're right that this is an issue with meaning, which is important. If you were instead using the term "semantics" in the colloquial, dismissive sense, it won't wash.
The issue here isn't bad transfer policy, lax confirmation rules or poor practices in place at this reseller or that registrar.
There is a fundamental flaw in registry security policy. RRP policy allows me to make my own assertions without any checks or balances to correct inappropriate assertions.
The point is that the assertion should not be confirmed by any party other than the requestor, and certainly not by a party that has a financial interest in the success or failure of the operation.
That's "bad transfer policy." That's also "is a fundamental flaw in registry security policy." One *is* the other.
In other words, anyone can pretend to be me with very little trouble.
No, they can't.
Anyone can pretend they *represent* you with very little trouble.
