Vic, As you know very well, the policy is already under review and input from registrars (including you) has been sought. Bruce, > If you mean that updating the passwords makes it harder to by-pass the > authorisation process of the transfer policy then you are correct. We have > already detected instances that you have been advised of, where a registrant > has not authorised a transfer, but where the reseller initiated the > transfer. No, that is not what I mean. In your post you claimed that MIT was altering passwords for security reasons and referred to the need because of AUNIC and so on. If there is a need because of this then there is a need for ALL passwords to be altered. What you are doing currently is to alter the passwords only of those registrants whose resellers have moved away from MIT. Whilst I accept that this makes it more difficult for resellers to transfer without registrant consent , it also has the practical result of slowing down and increasing the cost of legitimate transfers. The question for auDA to consider ( and the reason why we have asked for input) is whether the means justifies the ends. Regards, Chris Disspain CEO - auDA ceo§auda.org.au www.auda.org.au -----Original Message----- From: Deus Ex Machina [mailto:vicc§cia.com.au] Sent: Friday, 11 October 2002 14:11 To: dns§lists.auda.org.au Subject: Re: [DNS] passwords Bruce Tonkin [Bruce.Tonkin§melbourneit.com.au] wrote: > Hello Chris, > > Thanks for your response. I would like to note that Melbourne IT has kept > not the reseller to authorise a transfer. The authorisation is a two step > process: > (1) request domain name password from registrant to initiate a transfer > (2) send a confirmation email to the registrant contact email address in > WHOIS > In the process undertaken by Melbourne IT the registrant is provided with > the updated password, and if they are not contactable, they can retrieve the > password directly from Melbourne IT. > > If you mean that updating the passwords makes it harder to by-pass the > authorisation process of the transfer policy then you are correct. We have > already detected instances that you have been advised of, where a registrant > has not authorised a transfer, but where the reseller initiated the > transfer. nothing wrong with that if the registrant authorises the reseller to select a registrar on their behalf is there? the policy badly needs reviewing currently it is setup to protect MITs incumbant customer base from competition. MIT scrutinise every single transfer and queries every single transfer causing overhead for registrants, resellers and competing registrars. the policy must be reviewed. Vic ------------------------------------------------------------------------ --- List policy, unsubscribing and archives => http://www.auda.org.au/list/dns/ Please do not retransmit articles on this list without permission of the author, further information at the above URL. (366 subscribers.)Received on Fri Oct 03 2003 - 00:00:00 UTC
This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:06 UTC