[gnso-irtp-b-jun09] Locks and Status codes

[George Kirikos <icann@xxxxxxxx>]

Hi Michele,

On Wed, Jul 7, 2010 at 8:09 AM, Michele Neylon :: Blacknight
<michele@xxxxxxxxxxxxx> wrote:
> I'd be very wary of forbidding locks completely - locks are one of the ways 
> of protecting registrants from slamming techniques used by the likes of DROA 
> etc

I don't think anyone here is serious arguing for eliminating locks
(well, I think Rob Hall raised the idea idly in Brussels, but that
didn't make any sense to me; I think he just felt that EPP "auth info"
codes were a "de facto" lock, but that's not entirely correct, as
locks can be more granular than that). The argument is just about
forced locks, against people's will.

BTW, on a purely technical tangent that perhaps one of the
registrars/registries can answer.

(1) are the permissions at registries granular enough that they can
restrict certain commands by IP address or other forms of
authentication? e.g. 10.0.0.1 can only use the "add" function and
"renew" functions (perhaps 10.0.0.1 is linked to a customer-facing
website and is "less secure") whereas only 10.0.10.5 (heavily
firewalled, on a different network infrastructure, etc. where there's
manual involvement) can set/obtain "auth_info" codes or issue "ACK"
for outgoing transfers or change name servers?

(2) Would it be possible/easy to add additional status codes that
include variables? e.g. suppose there came a time that transfers
became revocable (i.e. reversible, the nightmare ETRP somehow gets
through). Is it possible for the WHOIS to display lines that
supplement the current WHOIS:

http://reports.internic.net/cgi/whois?whois_nic=google.com&type=domain

with status codes like:

Status: Revocable by GoDaddy
Status: Revocable by Moniker
Status: Revocable by RegisterFly

etc. The template would need to be "Revocable by X" where "X" would be
the name or IANA number of the relevant registrar that could access
the undo command. It would need to handle possible multiple status
lines (because if a transfer could be undone within 6 months, it could
have moved through 3 or even more registrars).

(3) Can a registrar that is not the current registrar for a domain
update a status code for that domain, but only in one direction? e.g.
suppose the domain in example #2 is at Tucows. One way to have "clear
title" sooner than the 6 months (i.e. accomplishing an "irrevocable
transfer policy") would be for each of the other registrars to perform
the proper due diligence, and then clear/unset the relevant status
code. Once all the "Revocable by _____" lines are gone, it'd be
obvious that the domain name is now not captured/affected by the ETRP
policy any more. One would not want that old registrar to be able to
add back that status line, once cleared.

I'm not thinking of becoming a registrar (yet), but one might be able
to design an even more secure registrar (or even TLD) or permit one to
design a more transparent registry depending on the answers to the
above,

Sincerely,

George Kirikos
416-588-0269
http://www.leap.com/