From: Iain Waters To: "'jo.lim@auda.org.au'" Subject: Commentary on the .au Domain Administration's "Registry Technical Specification" V1.0 following public meeting on 2nd Oct 2001 Date: Wed, 3 Oct 2001 13:00:39 +1000 During the public meeting many points were raised and discussed, I shall not reiterate the obvious and general points discussed but shall comment on the main topics of interest to us directly. 1. Registry - Registrar protocol. As discussed, we strongly believe that it would better to adopt a current protocol which is moving towards IETF draft. EPP is already being used by all the new GLD's such as .info .name. biz .pro etc and has a huge ground swell of support and contribution within the global industry. Sites such as source forge (http://sourceforge.net/projects/epp-rtk/) have public domain tool kits and other applications which provide a registrar with immediate and simple access to the technology required. Afilias and NueLevel also publish tool kits under GNU license etc. With EPP being the favoured international draft the community of contributors and users will only grow and provide local Australian users with a far larger resource pool than could be developed locally with a new protocol such as the one described in the tech spec. (IRRP) Using EPP would dramatically reduce the time and effort involved for both the Registry and Registrar in developing and deploying commercial grade services and applications in support of the .AU name space. We believe it is more important to focus on developing improved quality of service, service levels and service reliability than to spend such time developing, debugging and supporting a interim protocol which will come with its own warts as all new technologies do. EPP as a core protocol is now at a point we can consider it to be stable enough (as have the new GLD's) to use for the core functional services. We can then, as EPP progresses adopt or not the additional extension fields and options as they are specified. 2. Physical/Logical Security As part of the security component, the IRRP seems to be very light in defining and specifying the security as compared to the physical and logical requirements defined in the document. Additionally the spec does not give or demonstrate what would be considered sufficient as proof of compliance to these requirements such as an approved audit report such as webtrust etc. 3. Business Continuity. Restoration of the registry services should be within 24 hours, 7 days per week and not based on a working day concept as documented in section 4. 4. Data Escrow. Specifications of the physical and logical security of the escrow holder should also be defined to at least meeting the minimum needs of the registry for IP and Copyright protection etc. Cheers, Iain Waters ----------- Iain Waters Chief Technology Officer (CTO) eSign Australia Limited _ _ s u b s t g 1 . 0 _ 3 7 0 E 0 0 1 E * ÿÿÿÿE ÿÿÿÿ o  _ _ p r o p e r t i e s _ v e r s i o n 1 . 0 0  ÿÿÿÿÿÿÿÿÿÿÿÿ p ˜ ÿÿÿÿÿÿÿÿÿÿÿÿ ÿÿÿÿÿÿÿÿÿÿÿÿ  !  þ    ô    ÷   7   7 ÿÿÿÿ ù    7 ¤<   7