Re: [gnso-irtp-b-jun09] Locks and Status codes

["Michele Neylon :: Blacknight" <michele@xxxxxxxxxxxxx>]

On 7 Jul 2010, at 14:58, George Kirikos wrote:

> 
> Hi Michele,
> 
> On Wed, Jul 7, 2010 at 8:09 AM, Michele Neylon :: Blacknight
> <michele@xxxxxxxxxxxxx> wrote:
>> I'd be very wary of forbidding locks completely - locks are one of the ways 
>> of protecting registrants from slamming techniques used by the likes of DROA 
>> etc
> 
> I don't think anyone here is serious arguing for eliminating locks
> (well, I think Rob Hall raised the idea idly in Brussels, but that
> didn't make any sense to me; I think he just felt that EPP "auth info"
> codes were a "de facto" lock, but that's not entirely correct, as
> locks can be more granular than that). The argument is just about
> forced locks, against people's will.
> 
> BTW, on a purely technical tangent that perhaps one of the
> registrars/registries can answer.
> 
> (1) are the permissions at registries granular enough that they can
> restrict certain commands by IP address or other forms of
> authentication? e.g. 10.0.0.1 can only use the "add" function and
> "renew" functions (perhaps 10.0.0.1 is linked to a customer-facing
> website and is "less secure") whereas only 10.0.10.5 (heavily
> firewalled, on a different network infrastructure, etc. where there's
> manual involvement) can set/obtain "auth_info" codes or issue "ACK"
> for outgoing transfers or change name servers?


I don't think so, though I'll let someone else confirm
My understanding is that the EPP servers are accessible from certain IP ranges 
with user / pass that have been setup. I'm not aware of any command specific 
controls. There is, however, that option on some of the registry web interfaces 
to a certain extent
The only exception to the above would be where a registry lock service is in 
place - then EPP is no longer the key at all

> 
> (2) Would it be possible/easy to add additional status codes that
> include variables? e.g. suppose there came a time that transfers
> became revocable (i.e. reversible, the nightmare ETRP somehow gets
> through). Is it possible for the WHOIS to display lines that
> supplement the current WHOIS:
> 
> http://reports.internic.net/cgi/whois?whois_nic=google.com&type=domain
> 
> with status codes like:
> 
> Status: Revocable by GoDaddy
> Status: Revocable by Moniker
> Status: Revocable by RegisterFly
> 
> etc. The template would need to be "Revocable by X" where "X" would be
> the name or IANA number of the relevant registrar that could access
> the undo command. It would need to handle possible multiple status
> lines (because if a transfer could be undone within 6 months, it could
> have moved through 3 or even more registrars).

One of the discussions we had was about extending EPP etc., to include more 
status codes. 


> 
> (3) Can a registrar that is not the current registrar for a domain
> update a status code for that domain, but only in one direction?

Short answer - no

If the domain isn't associated with our account we can't really do anything 
with it at all

> e.g.
> suppose the domain in example #2 is at Tucows. One way to have "clear
> title" sooner than the 6 months (i.e. accomplishing an "irrevocable
> transfer policy") would be for each of the other registrars to perform
> the proper due diligence, and then clear/unset the relevant status
> code. Once all the "Revocable by _____" lines are gone, it'd be
> obvious that the domain name is now not captured/affected by the ETRP
> policy any more. One would not want that old registrar to be able to
> add back that status line, once cleared.
> 
> I'm not thinking of becoming a registrar (yet), but one might be able
> to design an even more secure registrar (or even TLD) or permit one to
> design a more transparent registry depending on the answers to the
> above,
> 
> Sincerely,
> 
> George Kirikos
> 416-588-0269
> http://www.leap.com/

Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
ICANN Accredited Registrar
http://www.blacknight.com/
http://blog.blacknight.com/
http://blacknight.mobi/
http://mneylon.tel
Intl. +353 (0) 59  9183072
US: 213-233-1612 
UK: 0844 484 9361
Locall: 1850 929 929
Direct Dial: +353 (0)59 9183090
Twitter: http://twitter.com/mneylon
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,Ireland  Company No.: 370845