Dear James, Thanks for your detailed explanation. I agree that the org extensions could help to get more organization-level information, such as registrar. The registry have organization information from registrar which could be posted in WHOIS., and on the other side, the registrar could also get org information from registry to help the authentication process. What about others thoughts?
Linlin Zhou From: Gould, James Date: 2017-11-23 03:11 To: Linlin Zhou; regext Subject: Re: [regext] org extensions for transfer requirement Linlin, What was discussed was leveraging the organization drafts to provide registrar information in support of transfers. The EPP auth info value that is validated by the Registry is currently a single authentication factor in performing a transfer, while the second authentication factor performed by the Registrar is the Form of Authorization (FOA), https://www.icann.org/resources/pages/foa-auth-2004-07-12-en, which is directly dependent on WHOIS (Registry and Registrar) information. As outlined in the ICANN Transfer Policy, https://www.icann.org/resources/pages/transfer-policy-2015-09-24-en, the Gaining Registrar must receive authorization from the Registered Name Holder (registrant) or the Administration Contact (admin) as listed in the losing registrar’s or applicable registry’s WHOIS service with the FOA. The Losing Registrar must also send an FOA to the Registrant. The following pieces of information is needed to retrieve what is needed to populate the FOA for the Gaining Registrar and the Losing Registrar: 1. Gaining Registrar a. Registrar WHOIS server from Registry WHOIS b. Registrant and admin contact email addresses from Thick Registry WHOIS or Registrar WHOIS c. Registrant and admin name from Thick Registry WHOIS or Registrar WHOIS d. Losing Registrar Name from Registry WHOIS e. May need the Losing Registrar Web URL for coordination. 2. Losing Registrar (Registrar of Record) a. Registrant and admin contact email addresses from Losing Registrar system b. Registrant and admin name from Losing Registrar system c. Gaining Registrar Name by mapping transfer query response <domain:reID> element to name i. There is no standard mechanism known for definition of <domain:reID> (e.g., use of Registry Account ID, use of IANA ID) ii. There is no standard mechanism for looking up the Registrar Name given the <domain:reID> value. WHOIS provides registrar lookup by name and not by ID. d. May need the Gaining Registrar Web URL for coordination. Considering that the Registry has the Registrar information, why is the Gaining Registrar and Losing Registrar going to WHOIS to obtain the information needed to authenticate a transfer? There are problems with this that the org extensions may help: 1. Having to access a separate protocol to obtain information that is available in the Registry. Specifically, the information that can be made available via the org extensions in EPP using a standard lookup key (e.g., organization identifier <org:id>) include: a. Registrar WHOIS Server b. Registrar Name c. Registrar URL and other attributes to help with coordination 2. Access to the registrant and admin contact name and email addresses. How is this information made available today and will that change in the future (WHOIS, RDAP, differential access)? a. More may be needed of the trusted channel with the Registry and the org extensions to coordinate the transfer policy. As noted previously on the list, we have a propriatary Whois Info EPP Extension (https://www.verisign.com/assets/epp-sdk/verisign_epp-extension_whois-info_v01.html) that provides the basics of the Registrar WHOIS Server, Registrar Name, and the Registrar URL attributes. The org extensions can be extended to provide additional registrar-level attributes in support of the transfer policy. Thoughts? — JG James Gould Distinguished Engineer jgo...@verisign.com 703-948-3271 12061 Bluemont Way Reston, VA 20190 Verisign.com From: regext <regext-boun...@ietf.org> on behalf of Linlin Zhou <zhoulin...@cnnic.cn> Date: Monday, November 20, 2017 at 8:13 PM To: regext <regext@ietf.org> Subject: [EXTERNAL] [regext] org extensions for transfer requirement Dear all, Sorry that I can't attend the Singapore meeting in person, but I've followed the discussion remotely. I heard that org extensions could be used for transfer requirement in addtion to providing some generic organization information to the registry. Could James or Roger give us some more details on this? I think we need some discussions to optimize the org extensions and push them forward. Regards, Linlin Zhou
_______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
