Re: [regext] Internationalized Email Addresses and EPP

Taras Heichenko <> Tue, 24 November 2020 17:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 966FE3A121C for <>; Tue, 24 Nov 2020 09:35:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id h9jAkJwmR8mV for <>; Tue, 24 Nov 2020 09:35:18 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B0EAF3A121A for <>; Tue, 24 Nov 2020 09:35:18 -0800 (PST)
Received: from [] by with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94 (FreeBSD)) (envelope-from <>) id 1khcDZ-000Lxt-DB; Tue, 24 Nov 2020 19:35:15 +0200
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.\))
From: Taras Heichenko <>
In-Reply-To: <>
Date: Tue, 24 Nov 2020 19:35:04 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <20201123205504.4A58627C7661@ary.qy> <> <> <> <> <> <> <>
To: Patrick Mevzek <>
X-Mailer: Apple Mail (2.3654.
X-Spam-Score_int: [] -28
Archived-At: <>
Subject: Re: [regext] Internationalized Email Addresses and EPP
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 24 Nov 2020 17:35:21 -0000

> On 24 Nov 2020, at 16:38, Patrick Mevzek <> wrote:
> On Tue, Nov 24, 2020, at 02:19, Taras Heichenko wrote:
>> Two notes:
>> - the authinfo field in a Contact object allows opening personal data 
>> to only one registrar
> So... domain:authInfo is not good enough to authenticate the owner to do the transfer...
> but contact:authInfo is good enough to retrieve contact data and then authenticate the owner
> to do the transfer.

If you steal a domain password you get control over the domain. If you steal the contact
password it does not give you the ability to change contact but just to see it. And registrant
must approve that he/she/it is in the Contact object. Just if you wonder how it works.

> "Interesting". 2 authInfo but seemingly one has more "power" than the other.

Yes. They also have different power by influence.

> Also:
> "to only one registrar": no, to any registrar having this token. Exactly like
> domain:authInfo allowing transfer to any registrar having it.

Domain owner if it wants to transfer the domain, requests token from current registrar
then goes with this token to a future registrar, approves that it is in the Contact object of
the domain and then new registrar requests transfer. Do you think it too complicated? Or
protection by a domain password that may be sent by email is equal to this one? And I must
say this schema was made by the registrar's request. And this way is not mandatory the
responsibility for the transfer is entirely on the registrars.

Looks like we are now far away from the start topic of the thread.

>> - it is not registry policy, it is the registrar's agreement
> [..]
>> I just wanted to say that if a registrar cannot handle the 
>> internationalised email of new
>> customer it will lose new customers and this situation force it to fix 
>> its EPP.
> So then why should a registry force anything? We are back at the fact
> that registrars wanting to support that scenario will indeed need to put
> resources for it, and hence if there is an EPP extension to support that
> they will implement it.
> The question is how to do it in a smart way to not disrupt all other
> registrars NOT wanting to support this scenario.

First of all, registry does not force anything. It gives the possibility that registrars
can use. But if there are users that want to use non-ASCII email then registrars
and registries should give the ability to use such addresses to the users. (At least
if we say about universal acceptance). So whether EAI would be implemented by
extension or in the main <email> field it will bring all registrars to the EAI implementation.

> -- 
>  Patrick Mevzek
> _______________________________________________
> regext mailing list

Taras Heichenko