ICANN ICANN Email List Archives

[gnso-vi-feb10]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [gnso-vi-feb10] questions for the public forum

  • To: Gnso-vi-feb10@xxxxxxxxx
  • Subject: Re: [gnso-vi-feb10] questions for the public forum
  • From: Eric Brunner-Williams <ebw@xxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 22 Jun 2010 10:23:58 +0200

When we designed the data transport protocol to replace RRP and be
specified in the new, circa 2001 gTLD contracts, our model of the
actors was "six and sixty".

Six registries were open to access to sixty registrars.

Restated, sixty endpoints needed to be authenticated to form a
session, and within any session the data, including authentication
tokens in a set size sixty, had to be validated, as XML, as EPP
payload, as sensible, ...

The numbers have changed little. The overwhelming majority of the 900+
"registrars" are shells connecting only to one backend services
provider, the most technically mature, and the most capitalized.

Fundamentally, the registrar-registry hierarchy of write access to a
database, is an access model, which starts with (tens or hundreds of)
millions endpoints and instances of communications from "registrants",
and reduces to sixty authenticated channels.

Removing this access model, the "superfluity of registrars" notion,
means accepting the model of the registry being directly accessible to
the write attempts, good, bad, and mistaken, of (tens or hundreds of)
millions endpoints.

So, is layered defense of the database replaced without loss of
integrity by a single defense?

Is a hierarchical model of access control no longer necessary in the
friendlier internet of rational economic (read "Russian Business
Network and similar", and non-economic (read "actors, seeking to
obtain specific outcomes in the DNS?

Should write access to gTLD registries be open to the world?

Eric




<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy