Karl and all,

Karl Auerbach wrote:

> > NSI has made an I-D of the RRP Protocol.
> >
> > http://www.ietf.cnri.reston.va.us/internet-drafts/draft-hollenbeck-rrp-00.txt
>
> Am I missing something?  I looked through that and I see neither
> transaction identifiers nor timestamps.  That alone could make
> reconcilation of logs and post-mortem review of race conditions nearly
> impossible.

  Precisely correct here Karl, and one of many deficiencies in this
design document.  But of course this is one of several I had pointed
our some time ago before this document was published.  To no avail
of course.  It reminds me of the lame leading the blind.  And I believe
I amongst a few others made this reference before as well.

>
>
> And given the absence of a clear exchange between an existing registrar
> and a new one I see a HUGE door in the transfer mechanism for registrars
> to engage in what the long distance folks call "slamming" - the silent
> transfer of customers from one long-distance company or registry to
> another.

  And we have already seen this with respect to Register.com in this
context already.  More to come I am sure.

>
>
> And text based?  Wow, that's an open inviation to attacks based on buffer
> overrun and packets split at cr-lf boundaries.

  Not to mention several other text based security attacks.  The hack in these
instances is child's play really.

>
>
> And it is text based without any concern for internationalization.

  Good point here also. And one that slipped my mind...  >;)

>
>
> And its expiration date representation, although it is measured to the
> millisecond, fails to include a reference to any time zone.

  Tisk, tisk, indeed this is a good point as well.

>
>
> Nor does it handle IPv6.

  How true.

>
>
> Seems like a rather deficient design.

  Looks like a design by committee, and a very poorly technically informed
or knowledgeable one at that.

>
>
>                 --karl--

Regards,

--
Jeffrey A. Williams
Spokesman INEGroup (Over 95k members strong!)
CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail [EMAIL PROTECTED]
Contact Number:  972-447-1894
Address: 5 East Kirkwood Blvd. Grapevine Texas 75208


Reply via email to