[gtld-tech] "zfa-passwords" vs CZDS

Gould, James JGould at verisign.com
Wed Mar 26 19:43:23 UTC 2014

I believe the zfa-password report field is a legacy field prior to the
definition of the CZDS.  Prior to the CZDS, the registry systems were
authoritative for the zone file applicants, since they directly made the
zone files available to the applicants.  With the CZDS, the zone files are
provided to the CZDS for distribution to the zone file applicants with no
additional system-to-system integration.  The CZDS has the registry
operator as an actor in the CZDS workflow for additions, but the registry
systems are not involved at all.  Is the registry operator also in the
flow for removals?  If not, there is no way that the count will be
accurate using the ³little black notebook² approach.  It is the registry
systems that generate the report, so the question is whether it¹s worth
attempting to propagate the zfa-password counter manually from the CZDS to
the registry systems for inclusion in the report to ICANN?  I don¹t
believe it makes much sense to add this complexity for a field that ICANN
can get an authoritative answer for using CZDS.  My recommendation is to
remove this field altogether or populate the value with a place holder
value (e.g. empty, ³0", "N/A², ³CZDS") in light of the CZDS.

Can ICANN respond to this so that we can come to an agreement on the best



James Gould
Principal Software Engineer
jgould at verisign.com
703-948-3271 (Office)
12061 Bluemont Way
Reston, VA 20190

On 3/26/14, 2:54 PM, "Luis Muñoz" <lem at isc.org> wrote:

>On Mar 26, 2014, at 7:31 AM, John R Levine <johnl at taugh.com> wrote:
>> Yes, I realize that, but if a registry's processes are so sloppy that
>>it doesn't remember whose CZDS access applications it's approved, it's
>>hard to have a lot of sympathy.
>Why would your "un-sloppy" process need to "remember" something that is
>being kept track of in a database, with an actionable audit trail? You
>can have a perfect process that does depend on the existence of a
>What happens when you lose the little black notebook where you kept track
>of who you authorized access to what? Or do you build yet another system
>to keep a redundant counter around?
>Best regards

More information about the gtld-tech mailing list