[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Transfering a domain

Date: Wed, 8 Jan 1997 15:57:55 -0800 (PST)
From: davidk@ISI.EDU
Subject: Re: Transfering a domain


Kent,

> Kent Crispin writes :
> 
> davidk@ISI.EDU allegedly said:
> > 
> > The trick is now that
> > the end-user doesn't need the cooperation of the old registrar if (s)he
> > wants to change registrar which is definitely positive for the end-users
> > in a world with competing registrars that might even not exist anymore
> > when they go out of business.
> 
> Would that this were so, but it isn't.  The old registrar can simply 
> change the saved public key the owner supplied.  The registrar has to 
> be able to set this field, of course...

Of course this can happen. You can fraud any mechanism. This is exactly
the reason why the repository data must be public for everybody so that
you can find that your registrar is frauding you.

OR (we can make things more complicated):

The registrars will need to ask the customer for a signature before doing
updates that involve a change of their key. The vulnerability is then
only at creation time of the domain.

I don't think that a registrar will stay in business for a long time if
somebody finds out about changing public keys practises as proposed
above. And there are (automatic) ways to increase the likelyhood that one
finds out about practices like this very quickly ...,

David K.
---

Follow-Ups:
- Re: Transfering a domain
  - From: Kent Crispin <kent@songbird.com>

References:
- Re: Transfering a domain
  - From: Kent Crispin <kent@songbird.com>

Prev by Date: 60? day dissemination period
Next by Date: Re: Repository services and budget
Prev by thread: Re: Transfering a domain
Next by thread: Re: Transfering a domain
Index(es):
- Date
- Thread