From: David Keegel 
Sent: Sunday, 7 October 2001 11:59 PM
To: Jo Lim
Subject: RTS comment

While the registry technical specifications have an extensive section on security, I 
cannot see anything on security against changes to registry information by unauthorised 
people pretending to be the registrant.

Will there be a common registrant authentication scheme across .au registries?  Or at 
least common terminology on whether there is a password, key or token (or whatever)?  
Who is responsible for helping registrants who loose their authentication token?  Will 
legacy AUNIC registry keys (effectively passwords) be used for pre-existing domains?

Although I am not associated with a company interested in the tender, I am concerned 
that the length of section 3 will make responding to the tender quite expensive.  This 
is likely to have flow on effects.

It may also be helpful to spell out clearly that each registry is required to provide 
a test registry system for registrars to test with/against (eg: so they can make sure 
their registrar software is working correctly, and probably for accreditation).

Allowing registrants to use a different registrar for each domain also seems like 
something which would help choice and convenience for registrants, and competition 
among registrars.

__________________________________________________________________________
 David Keegel   
Cybersource P/L: Unix Systems Administration and TCP/IP network management