Bruce, 1. Yes, we would welcome input. 2. Your point about security of passwords is relevant but it is not strictly correct to say that the vast majority of passwords were created by AUNIC. In reality most of not all passwords were altered to some degree when AusRegistry took over. 3. Your point about security would be more meaningful as a reason for ALL passwords to be changed - something which auDA would co-ordinate if deemed appropriate. It has less effect when what we are actually taking about is only altering the passwords of those domain names managed by resellers where those resellers move to another registrar. Despite the security label, the practical effect of changing the password is to make it more difficult for a transfer to take place. Regards, Chris Disspain CEO - auDA ceo§auda.org.au www.auda.org.au -----Original Message----- From: Bruce Tonkin [mailto:Bruce.Tonkin§melbourneit.com.au] Sent: Friday, 11 October 2002 11:09 To: 'dns§lists.auda.org.au' Subject: [DNS] passwords >Does a domain registrar have the right to change a registrants registry >key without the registrant requesting they do so? The vast majority of these passwords were created by AUNIC (ie we never created by the registrant), and are now quite insecure by modern standards of security. At one stage as part of the transition it was planned to change all registrant passwords. We have detected attempts on our systems to compromise the password. A standard electronic security precaution is to update passwords when there is a major change. Registrants are informed of the new passwords whenever a change occurs, and registrants have the option to change the password to a password of their choice. Past experience has shown that registrants have not updated their passwords (it has always been possible to update the AUNIC passwords, but most are still set as per original). auDA is currently reviewing its password policy for the passwords stored in AusRegistry, and I am sure would welcome input from the members of this list. Regards, Bruce Tonkin ------------------------------------------------------------------------ --- List policy, unsubscribing and archives => http://www.auda.org.au/list/dns/ Please do not retransmit articles on this list without permission of the author, further information at the above URL. (368 subscribers.)Received on Fri Oct 03 2003 - 00:00:00 UTC
This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:06 UTC