At 10:03 AM 3/15/02 -0800, Loren Stocker wrote: >Hi Chuck, > >Maybe "screw-up" was a bit strong. I know you've all done the best you know >how, but here's what happened.... > >Apprently there was a way to submit mulitiple .biz domains for one applicant. >The other Registrars did it and each resulted in a single Applicant/Password >combination.
There is some truth to your assertion. The real story is: - there are inherent security weaknesses with the EPP registrant package system (aggravated especially by a wholesale model, but they sill exist) - when evaluating our options for managing these weaknesses our current approach was deemed the most effective way, as there was little measurable downside - details were never provided on how the implications for the approve/cancel process wrt this - not to mention, the second approve/cancel process (which was not even a consideration for anyone at the time) - therefore, we have this situation The very concept of the approve/cancel process is ridiculous IMHO. I appreciate the PITA our design decision will cause some registrants and resellers, and for that I apologize. I can only explain that: - EPP has not been designed with wide consultation - what consultation has happened has been hurried - the approve/cancel process is not well designed, nor documented - no one anticipated this wrinkle - unless EPP changes (which at this time we have no reason to believe it will), there will be some advantage to our approach from a security and management perspective Regards, sA
