[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Transfering a domain

Date: Wed, 8 Jan 1997 18:04:25 -0800 (PST)
From: Kent Crispin <kent@songbird.com>
Subject: Re: Transfering a domain

davidk@ISI.EDU allegedly said:
> 
[...]
> 
> Of course this can happen. You can fraud any mechanism. This is exactly
> the reason why the repository data must be public for everybody so that
> you can find that your registrar is frauding you.

It's not a matter of fraud.  You are looking at it only from the
customer's perspective.  A registrar needs some leverage, as well. 
Suppose that the cause of the dispute is that the customer just didn't
pay their bill.  The registrar, acting in good faith, keeps the domain
in DNS, then suddenly finds that it is no longer representing the
domain -- a registrar in, well, let's see -- some remote foreign
country now manages it.  

These kinds of disputes would be rare, but it is *only in the disputed
cases* that it really matters -- in the normal course of events a
registrar would effect a transfer to another registrar when you asked
them to.

The bottom line is that a transfer really requires the cooperation of
three parties -- the old registrar, the customer, and the new
registrar.  All three have rights and responsibilities.  They all have
an interest in the operation, and it isn't fair to leave any one of
them out of the equation.  

You apparently are trying to tip the balance in favor of the consumer,
and generally that is my bent as well.  But a registrar incurs
expenses keeping databases, DNS, and a front office running.  Those
expenses must be paid for.  A registrar needs some leverage to keep 
the money flowing in besides trying to take non-payers to small 
claims court -- in a global economic environment that simply isn't 
going to work.

The challenge is to set up a system where everyone has some leverage, 
so that no one has much motivation to cheat anyone else.

> OR (we can make things more complicated):

Yes, I agree it is technically possible, at some considerable expense
in complexity, to set up things so that a customer has almost total
control.  I don't think that is necessary or even desirable. 

> The registrars will need to ask the customer for a signature before doing
> updates that involve a change of their key. The vulnerability is then
> only at creation time of the domain.

The registrar can delete and add.  Or, if not we fall inevitably to
Vince's model -- actually I think it has been suggested several times
-- of a fee per transaction.  That's because there is no way to force
periodic payment. 

> I don't think that a registrar will stay in business for a long time if
> somebody finds out about changing public keys practises as proposed
> above. And there are (automatic) ways to increase the likelyhood that one
> finds out about practices like this very quickly ...,

They won't stay in business if they can't collect money, either.  The 
goal is to balance all concerns.  Registrars need to be able to 
collect small sums of money reliably.  They can't rely on the court 
system for this.  Therefore they need some leverage, somewhere.

-- 
Kent Crispin				"No reason to get excited",
kent@songbird.com,kc@llnl.gov		the thief he kindly spoke...
PGP fingerprint:   5A 16 DA 04 31 33 40 1E  87 DA 29 02 97 A3 46 2F

Follow-Ups:
- Re: Transfering a domain
  - From: davidk@ISI.EDU
- Re: Transfering a domain
  - From: johnl@iecc.com (John R Levine)

References:
- Re: Transfering a domain
  - From: davidk@ISI.EDU

Prev by Date: Re: Transfering a domain
Next by Date: Re: 60? day dissemination period
Prev by thread: Re: Transfering a domain
Next by thread: Re: Transfering a domain
Index(es):
- Date
- Thread