Review Period Open on Two Verisign Proposals
Dear Community: ICANN has commenced its 15-calendar day review period on two requests from VeriSign in dot-COM and dot-NET. The first is for Registry-Registrar Two-Factor Authentication, the second is for a Registry Lock Service. * Information on the Registry-Registrar Two-Factor Authentication proposal can be found at _http://www.icann.org/en/registries/rsep/#2009004 _ * Information on the Registry Lock Service proposal can be found at http://www.icann.org/en/registries/rsep/#2009005 Although public comments can be submitted at any time on a registry services proposal to registryservice at icann.org, this is not notification of a formal comment period. Information on the Registry Services Evaluation Process can be found at _http://www.icann.org/registries/rsep/__._ Background on Registry-Registrar Two-Factor Authentication Proposal: (taken from the Verisign Proposal) The frequency and scope of domain name modification incidents that have not been requested or authorized by the registrant are increasing. Incidents include, but are not limited to, inadvertent modifications and errors processed by registrars and domain name hijacking involving compromised account credentials. The proposed Registry-Registrar Two-Factor Authentication service is part of a comprehensive domain name security enhancement program designed, among other things, to improve domain name security, and assist registrars in protecting registrants' accounts (the "Program"). The program addresses the two primary points of transactions: o Registry-registrar - Phase I o Registrar-registrant - Phase II As part of VeriSign's proposed Registry-Registrar Two-Factor Authentication Service, the username and passwords currently used to process update, transfer and/or deletion requests will be augmented with dynamic passcodes, which will enable end-to-end transaction processing to be based on registrant requests that are validated by "what they know" (i.e., their username and password) and "what they have" (i.e., a two-factor authentication credential with a one-time-password). o Phase I - Registrars will be able to use the one-time-password when communicating directly with VeriSign's Customer Service department and through the use of the Registrar portal when making manual updates, transfers and/or deletion transactions. o Phase II - End-to-end security of the registrant's domain name is enhanced by requiring the addition of the one-time-password to the existing username and passwords for requests from a registrant to their registrar, and including the one-time-password in the EPP transaction from the registrar to the registry. Registrars would have the option to use either VeriSign credentials or any other vendor's credentials that comply with the open standard established by The Initiative for Open Authentication ("OATH") (see http://www.openauthentication.org). Both phases of thee Registry-Registrar Two-Factor Authentication Service would initially be an optional service for registrars who elect to use it. Once the service becomes widely adopted, two-factor authentication credentials will become a requirement for Registry-Registrar transactions. Background on Registry Lock Service Proposal: (Taken from the Verisign Proposal) Registrars have periodically requested that VeriSign place certain domain names on registry lock status codes to help protect against accidental or inadvertent modifications or deletions that would affect their customer's most high profile or valuable domain names. The Extensible Provisioning Protocol ("EPP") specifies both client (registrar) and server (registry) status codes that are consistent with the intent to prevent registry changes (i.e., a Delete, Transfer and/or Update) that were not intended by the registrant. Many registrars currently use the client status codes and have requested the ability to add server status codes as an additional layer of protection. The EPP server status codes that would be applicable for domain names include (i) serverUpdateProhibited, (ii) serverDeleteProhibited, and (iii) serverTransferProhibited. These statuses may be applied individually or in combination. The EPP also enables setting Host (name server) status codes to prevent deleting or renaming a host or modifying its IP addresses. Setting Host status codes at the registry would reduce the risk of inadvertent disruption of the DNS resolution for domain names associated with locked name servers.
The proposal proposes to enhance protection to customer. I would like no additional cost for this service when it become mandatory. My understanding this is just a guarantee of the service registrars already offering to their clients, hence no additional cost shall be added. My 2 cents Vanda Scartezini POLO Consultores Associados & IT Trend Alameda Santos 1470 cjs 1407/8 01418-903 Sao Paulo,SP. Fone + 55 11 3266.6253 Mob + 5511 8181.1464 -----Original Message----- From: alac-announce-bounces@atlarge-lists.icann.org [mailto:alac-announce-bounces@atlarge-lists.icann.org] On Behalf Of At-Large Staff Sent: Thursday, July 02, 2009 3:57 AM To: At-Large Announcements Subject: [ALAC-Announce] Review Period Open on Two Verisign Proposals Dear Community: ICANN has commenced its 15-calendar day review period on two requests from VeriSign in dot-COM and dot-NET. The first is for Registry-Registrar Two-Factor Authentication, the second is for a Registry Lock Service. * Information on the Registry-Registrar Two-Factor Authentication proposal can be found at _http://www.icann.org/en/registries/rsep/#2009004 _ * Information on the Registry Lock Service proposal can be found at http://www.icann.org/en/registries/rsep/#2009005 Although public comments can be submitted at any time on a registry services proposal to registryservice at icann.org, this is not notification of a formal comment period. Information on the Registry Services Evaluation Process can be found at _http://www.icann.org/registries/rsep/__._ Background on Registry-Registrar Two-Factor Authentication Proposal: (taken from the Verisign Proposal) The frequency and scope of domain name modification incidents that have not been requested or authorized by the registrant are increasing. Incidents include, but are not limited to, inadvertent modifications and errors processed by registrars and domain name hijacking involving compromised account credentials. The proposed Registry-Registrar Two-Factor Authentication service is part of a comprehensive domain name security enhancement program designed, among other things, to improve domain name security, and assist registrars in protecting registrants' accounts (the "Program"). The program addresses the two primary points of transactions: o Registry-registrar - Phase I o Registrar-registrant - Phase II As part of VeriSign's proposed Registry-Registrar Two-Factor Authentication Service, the username and passwords currently used to process update, transfer and/or deletion requests will be augmented with dynamic passcodes, which will enable end-to-end transaction processing to be based on registrant requests that are validated by "what they know" (i.e., their username and password) and "what they have" (i.e., a two-factor authentication credential with a one-time-password). o Phase I - Registrars will be able to use the one-time-password when communicating directly with VeriSign's Customer Service department and through the use of the Registrar portal when making manual updates, transfers and/or deletion transactions. o Phase II - End-to-end security of the registrant's domain name is enhanced by requiring the addition of the one-time-password to the existing username and passwords for requests from a registrant to their registrar, and including the one-time-password in the EPP transaction from the registrar to the registry. Registrars would have the option to use either VeriSign credentials or any other vendor's credentials that comply with the open standard established by The Initiative for Open Authentication ("OATH") (see http://www.openauthentication.org). Both phases of thee Registry-Registrar Two-Factor Authentication Service would initially be an optional service for registrars who elect to use it. Once the service becomes widely adopted, two-factor authentication credentials will become a requirement for Registry-Registrar transactions. Background on Registry Lock Service Proposal: (Taken from the Verisign Proposal) Registrars have periodically requested that VeriSign place certain domain names on registry lock status codes to help protect against accidental or inadvertent modifications or deletions that would affect their customer's most high profile or valuable domain names. The Extensible Provisioning Protocol ("EPP") specifies both client (registrar) and server (registry) status codes that are consistent with the intent to prevent registry changes (i.e., a Delete, Transfer and/or Update) that were not intended by the registrant. Many registrars currently use the client status codes and have requested the ability to add server status codes as an additional layer of protection. The EPP server status codes that would be applicable for domain names include (i) serverUpdateProhibited, (ii) serverDeleteProhibited, and (iii) serverTransferProhibited. These statuses may be applied individually or in combination. The EPP also enables setting Host (name server) status codes to prevent deleting or renaming a host or modifying its IP addresses. Setting Host status codes at the registry would reduce the risk of inadvertent disruption of the DNS resolution for domain names associated with locked name servers. _______________________________________________ ALAC-Announce mailing list ALAC-Announce@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/alac-announce_atlarge-lists. icann.org At-Large Official Site: http://atlarge.icann.org
participants (2)
-
At-Large Staff -
Vanda Scartezini