> (5) The registry will send a message to the losing registrar
> confirming that a transfer has been initiated.
Can you confirm or deny whether this actually happened in the
case of the panix.com transfer?
I don't have any direct visibility over this.
I have asked Verisign and Dotster if they can confirm.
My personal view is that I think it unlikely that this part of the
Note however that Verisign would send the message via email to Dotster.
Verisign could prove that they sent the email, but it is possible that
it was not delivered.
The other problem I see in this area is that the RRP
specification (if that is in fact the protocol that was used)
seems to claim that this message is out-of-band and thus
beyond the scope of the protocol: so it does not (can not)
specify an ACK. If an attacker found a way to prevent this
message from being received, even if generated...
A strictly enforced technical requirement for an ACK here
might work wonders (perhaps it would have to be enforced by
duping both the confirmation and the ACK to the "System", as
RRP so quaintly calls it, and denying future transfers
initiated by parties with too many outstanding ACKs). Not an
approval, just an ACK.
Rather than further work on the RRP protocol, it would be better for
Verisign to implement the EPP protocol which has gone through the IETF