Hi, I noticed today is the big day for the transition of the .com/net names at Tucows to EPP, from RRP. I was curious how it's going so far.
Will all domains be initially assigned a random EPP auth_info to begin with? That might be a nice function to put into the RWI, to allow resellers to occasionally do a bulk randomization of the EPP codes for security, assuming Tucows has a good random password generator. One thing I noticed in the transfers code generator that Tucows uses at present is that all the easily confused letters are possible, e.g. ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 It might be better to use a slightly smaller subset, i.e: ABCDEFGHJKLMNPQRSTUVWXYZ abcdefghijkmnopqrstuvwxyz 0123456789 Dropping the following: I = capital "i" (looks like lowercase "L" with many fonts) O = capital "o" (looks like zero) l = lowercase "L" (looks like capital "i") 0 = zero (looks like capital "o") 1 = "one" (looks like lowercase "L or capital "i") Reducing the allowed characters from 62 to 57 slightly reduces the security, for a fixed password length, so one can add 1 or 2 more characters to the password to get it back to the same strenth as the original password. Alternatively, one can think of adding characters like: ! @ # $ % * - to the passwords, if the system allows it (although, one has to be careful, as for example the dollar sign $ might not appear on keyboards of Europeans, like they do for Canada/US -- they might have a Euro or a Pound sign there instead??). Sincerely, George Kirikos http://www.kirikos.com/ _______________________________________________ domains-gen mailing list [email protected] http://discuss.tucows.com/mailman/listinfo/domains-gen
