> On 24 Nov 2020, at 16:38, Patrick Mevzek <p...@dotandco.com> wrote:
> 
> 
> 
> On Tue, Nov 24, 2020, at 02:19, Taras Heichenko wrote:
>> Two notes:
>> - the authinfo field in a Contact object allows opening personal data 
>> to only one registrar
> 
> So... domain:authInfo is not good enough to authenticate the owner to do the 
> transfer...
> but contact:authInfo is good enough to retrieve contact data and then 
> authenticate the owner
> to do the transfer.

If you steal a domain password you get control over the domain. If you steal 
the contact
password it does not give you the ability to change contact but just to see it. 
And registrant
must approve that he/she/it is in the Contact object. Just if you wonder how it 
works.

> 
> "Interesting". 2 authInfo but seemingly one has more "power" than the other.

Yes. They also have different power by influence.

> 
> Also:
> "to only one registrar": no, to any registrar having this token. Exactly like
> domain:authInfo allowing transfer to any registrar having it.

Domain owner if it wants to transfer the domain, requests token from current 
registrar
then goes with this token to a future registrar, approves that it is in the 
Contact object of
the domain and then new registrar requests transfer. Do you think it too 
complicated? Or
protection by a domain password that may be sent by email is equal to this one? 
And I must
say this schema was made by the registrar's request. And this way is not 
mandatory the
responsibility for the transfer is entirely on the registrars.


Looks like we are now far away from the start topic of the thread.

> 
>> - it is not registry policy, it is the registrar's agreement
> 
> [..]
> 
>> I just wanted to say that if a registrar cannot handle the 
>> internationalised email of new
>> customer it will lose new customers and this situation force it to fix 
>> its EPP.
> 
> So then why should a registry force anything? We are back at the fact
> that registrars wanting to support that scenario will indeed need to put
> resources for it, and hence if there is an EPP extension to support that
> they will implement it.
> The question is how to do it in a smart way to not disrupt all other
> registrars NOT wanting to support this scenario.

First of all, registry does not force anything. It gives the possibility that 
registrars
can use. But if there are users that want to use non-ASCII email then registrars
and registries should give the ability to use such addresses to the users. (At 
least
if we say about universal acceptance). So whether EAI would be implemented by
extension or in the main <email> field it will bring all registrars to the EAI 
implementation.

> 
> -- 
>  Patrick Mevzek
>  p...@dotandco.com
> 
> _______________________________________________
> regext mailing list
> regext@ietf.org
> https://www.ietf.org/mailman/listinfo/regext

--
Taras Heichenko
ta...@academ.kiev.ua





_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext

Reply via email to