[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Transfering a domain

Date: Wed, 8 Jan 1997 15:33:19 -0800 (PST)
From: davidk@ISI.EDU
Subject: Re: Transfering a domain

Rick,

> Rick H. Wesson writes :
> 
> On Jan 8,  2:03pm, davidk@ISI.EDU wrote:
> >
> > My light-weight proposal solves this rather elegantly:
> >
> > Transfer of 'ownership of a registration' can be done secure and easily
> > if the repository knows the public key of the end-user as well as the
> > registrars. Any update should be accepted if it is (validly) signed by
> > the end-user as well as by *any* of the registrars. The trick is now that
> > the end-user doesn't need the cooperation of the old registrar if (s)he
> > wants to change registrar which is definitely positive for the end-users
> > in a world with competing registrars that might even not exist anymore
> > when they go out of business.
> 
> David,
> 
> Under this model you are asking the repository to interface directly
> with the general public, 

No. The general public will not be able to interface directly to the
repository since a second signature of one of the registrars is needed.

> and that the repository now manage public
> keys for a wide range of individuals. This extends the scope of the

Yes, this will happen anyway. The end-user of the domain combined with
the registrar that it choose to use is the only entity that has the
authority to make a change. The registrar alone is not enough since
registrars *can* go out of business and it would be a bad design if we
need human intervention (at the repository level) to do a transfer. Also,
the end-user is the one that decides to change registrar and the
repository thus needs an automatic way for determining if a transfer is
authorized by the end-user, the (old) registrar just has no authority
over this.

> CORE db quite a bit. So now the repository must manage a global
> public key ring? Do they need a RAID for that ;-)

A secure environment for the central repository is probably more important ;-).

<techno mode on>

I would always use a RAID for such a critical piece of the Internet
infrastructure no matter how small/big the amount of data that needs to
be stored is; You just need to have one big crash to earn the money back,
and performance of RAID systems alone is usually already a good reason to
buy them.

<techno mode off>

> IMHO if CORE ended up manageing a global public key ring, which they must
> for Davids proposal to work, CORE could become vastly more important in that
> function than in manageing a central domain database. Cool idea!

;-). Yes, but I would argue that CORE should not run any whois type
service itself, other people can take the business opportunity and grab
the data from the ftp site and convert it to a whois style public key
service (CORE could dump them in DNS however, since they will need to
provide a DNS configuration file anyway and the service will thus not
incur additional cost, I guess that this could have a very, very
interesting impact on security issues in the Internet). CORE should have
a mandate for providing central repository services for the registrars
and nothing more that costs real moeny. This is needed to keep the fees
low and thus allowing new registrars in the game while giving the
registrars the chance to differ in price and service level.

David K.
---

Follow-Ups:
- Re: Transfering a domain
  - From: "Rick H. Wesson" <wessorh@ar.com>

References:
- Re: Transfering a domain
  - From: "Rick H. Wesson" <wessorh@ar.com>

Prev by Date: Re: Repository services and budget
Next by Date: Re: Transfering a domain
Prev by thread: Re: Transfering a domain
Next by thread: Re: Transfering a domain
Index(es):
- Date
- Thread