Linlin,
What was discussed was leveraging the organization drafts to provide registrar
information in support of transfers. The EPP auth info value that is validated
by the Registry is currently a single authentication factor in performing a
transfer, while the second authentication factor performed by the Registrar is
the Form of Authorization (FOA),
https://www.icann.org/resources/pages/foa-auth-2004-07-12-en, which is directly
dependent on WHOIS (Registry and Registrar) information. As outlined in the
ICANN Transfer Policy,
https://www.icann.org/resources/pages/transfer-policy-2015-09-24-en, the
Gaining Registrar must receive authorization from the Registered Name Holder
(registrant) or the Administration Contact (admin) as listed in the losing
registrar’s or applicable registry’s WHOIS service with the FOA. The Losing
Registrar must also send an FOA to the Registrant. The following pieces of
information is needed to retrieve what is needed to populate the FOA for the
Gaining Registrar and the Losing Registrar:
1. Gaining Registrar
a. Registrar WHOIS server from Registry WHOIS
b. Registrant and admin contact email addresses from Thick Registry WHOIS
or Registrar WHOIS
c. Registrant and admin name from Thick Registry WHOIS or Registrar WHOIS
d. Losing Registrar Name from Registry WHOIS
e. May need the Losing Registrar Web URL for coordination.
2. Losing Registrar (Registrar of Record)
a. Registrant and admin contact email addresses from Losing Registrar
system
b. Registrant and admin name from Losing Registrar system
c. Gaining Registrar Name by mapping transfer query response
<domain:reID> element to name
i. There is
no standard mechanism known for definition of <domain:reID> (e.g., use of
Registry Account ID, use of IANA ID)
ii. There is
no standard mechanism for looking up the Registrar Name given the <domain:reID>
value. WHOIS provides registrar lookup by name and not by ID.
d. May need the Gaining Registrar Web URL for coordination.
Considering that the Registry has the Registrar information, why is the Gaining
Registrar and Losing Registrar going to WHOIS to obtain the information needed
to authenticate a transfer? There are problems with this that the org
extensions may help:
1. Having to access a separate protocol to obtain information that is
available in the Registry. Specifically, the information that can be made
available via the org extensions in EPP using a standard lookup key (e.g.,
organization identifier <org:id>) include:
a. Registrar WHOIS Server
b. Registrar Name
c. Registrar URL and other attributes to help with coordination
2. Access to the registrant and admin contact name and email addresses.
How is this information made available today and will that change in the future
(WHOIS, RDAP, differential access)?
a. More may be needed of the trusted channel with the Registry and the
org extensions to coordinate the transfer policy.
As noted previously on the list, we have a propriatary Whois Info EPP Extension
(https://www.verisign.com/assets/epp-sdk/verisign_epp-extension_whois-info_v01.html)
that provides the basics of the Registrar WHOIS Server, Registrar Name, and
the Registrar URL attributes. The org extensions can be extended to provide
additional registrar-level attributes in support of the transfer policy.
Thoughts?
—
JG
[cid:[email protected]]
James Gould
Distinguished Engineer
[email protected]
703-948-3271
12061 Bluemont Way
Reston, VA 20190
Verisign.com<http://verisigninc.com/>
From: regext <[email protected]> on behalf of Linlin Zhou
<[email protected]>
Date: Monday, November 20, 2017 at 8:13 PM
To: regext <[email protected]>
Subject: [EXTERNAL] [regext] org extensions for transfer requirement
Dear all,
Sorry that I can't attend the Singapore meeting in person, but I've followed
the discussion remotely. I heard that org extensions could be used for transfer
requirement in addtion to providing some generic organization information to
the registry. Could James or Roger give us some more details on this? I think
we need some discussions to optimize the org extensions and push them forward.
Regards,
________________________________
Linlin Zhou
_______________________________________________
regext mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/regext
