sallan> - the ability to enable a message on the public manage interface sallan> that would allow you to promote the use of your manage interface sallan> when one of your users attempts to log in
Nice, but I could live without it. sallan> - the ability to get your renewal message bounce reports as all sallan> together in one daily one email instead of individual messages I actually prefer separate messages as my MUA has a feature to resend bounced mail to a new address without the need for me to hand edit things. sallan> - the ability to have renewal message bounce reports include sallan> current WHOIS output The public WHOIS should not include bounce reports. sallan> - the ability to *require* registrants to use your manage interface sallan> only (would have some service level requirements) This is by the far the most important one here. With the recent addition of the ability to have a user's password mailed out (see OpenSRS.conf's allow_password_requests option), you've created a large security problem. Even if I have that option turned off, any other OpenSRS management interface with it enabled would allow an attacker to have my domain username and password mailed to me. The problem here is that mail travels over the Internet in plain text and contains my password. I think you can see the danger here. Although I realize there are issues here, it would be nicer to allow me to query for a users password using the (secure) RWI and then I can communicate that password to my customer securely (notably with a PGP encrypted message). sallan> - the ability to copy other contacts on renewal reminders within sallan> renewal messaging That would be nice.
