RE: [DNS] passwords

RE: [DNS] passwords

From: Chris Disspain <ceo§auda.org.au>
Date: Fri, 11 Oct 2002 14:26:13 +1000
Vic,

As you know very well, the policy is already under review and input from
registrars (including you) has been sought.


Bruce,

> If you mean that updating the passwords makes it harder to by-pass the
> authorisation process of the transfer policy then you are correct.  We
have
> already detected instances that you have been advised of, where a
registrant
> has not authorised a transfer, but where the reseller initiated the
> transfer.

No, that is not what I mean. In your post you claimed that MIT was
altering passwords for security reasons and referred to the need because
of AUNIC and so on. If there is a need because of this then there is a
need for ALL passwords to be altered. What you are doing currently is to
alter the passwords only of those registrants whose resellers have moved
away from MIT. Whilst I accept that this makes it more difficult for
resellers to transfer without registrant consent , it also has the
practical result of slowing down and increasing the cost of legitimate
transfers. 

The question for auDA to consider ( and the reason why we have asked for
input) is whether the means justifies the ends. 

Regards,

Chris Disspain
CEO - auDA
ceo&#167;auda.org.au
www.auda.org.au


-----Original Message-----
From: Deus Ex Machina [mailto:vicc&#167;cia.com.au] 
Sent: Friday, 11 October 2002 14:11
To: dns&#167;lists.auda.org.au
Subject: Re: [DNS] passwords

Bruce Tonkin [Bruce.Tonkin&#167;melbourneit.com.au] wrote:
> Hello Chris,
> 
> Thanks for your response.  I would like to note that Melbourne IT has
kept
> not the reseller to authorise a transfer.  The authorisation is a two
step
> process:
> (1) request domain name password from registrant to initiate a
transfer
> (2) send a confirmation email to the registrant contact email address
in
> WHOIS
> In the process undertaken by Melbourne IT the registrant is provided
with
> the updated password, and if they are not contactable, they can
retrieve the
> password directly from Melbourne IT.
> 
> If you mean that updating the passwords makes it harder to by-pass the
> authorisation process of the transfer policy then you are correct.  We
have
> already detected instances that you have been advised of, where a
registrant
> has not authorised a transfer, but where the reseller initiated the
> transfer.

nothing wrong with that if the registrant authorises the reseller to
select a registrar
on their behalf is there? the policy badly needs reviewing currently it
is setup to
protect MITs incumbant customer base from competition. MIT scrutinise
every single
transfer and queries every single transfer causing overhead for
registrants, resellers
and competing registrars. 

the policy must be reviewed.

Vic


------------------------------------------------------------------------
---
List policy, unsubscribing and archives =>
http://www.auda.org.au/list/dns/
Please do not retransmit articles on this list without permission of the

author, further information at the above URL.  (366 subscribers.)
Received on Fri Oct 03 2003 - 00:00:00 UTC

This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:06 UTC