Hacker News new | past | comments | ask | show | jobs | submit login

The usual "registrar lock" is the clientTransferProhibited status you see on domains... that's easily removed by social engineering the registrar.

"Registry lock" is serverTransferProhibited, the kind where both your registrar and the main registry need to agree to transfer the domain to another registrar. For instance, you can buy a .ca domain from any registrar, but you need CIRA's compliance (the issuing body for all of .ca) to enact a registry lock. This explains it a bit better: https://cira.ca/ca-domains/optimize-your-ca/registry-lock

I'm having trouble tracking down how to do this for a .com though.




So what actually makes the "registry lock" robust against social engineering.

Reading CIRA's page it just says that to make changes the Registrar will talk to CIRA to have to lock removed on their behalf. Doesn't sound like there's any mandatory OOB check from CIRA back to the actual client.


> that's easily removed by social engineering the registrar.

I decided to eliminate that one by becoming my own registrar. And that's one less man in the middle siphoning money off of me.


That seems like an expensive and time consuming solution, unless you have many, many domains.

https://www.quora.com/How-much-does-it-cost-to-become-an-ICA...


Quite interesting. How did you do that and what did it take (cost, time, effort)? NearlyFreeSpeech.net started off on this a couple of years ago, and it seems like this is a very costly proposition (something like $80K for accreditation?) that also takes a lot of time.


The trick is to forgo ICANN scam and go with a ccTLD. With TRAFICOM (ex FICORA), it was a matter of filling a form. There could have been a small nominal fee but if there was, it must have been very low (under 100 eur).


How's that even possible? I cannot imagine how you could convince a registry to do this. Maybe a gTLD registry?


https://www.traficom.fi/en/services/registration-registrar


How does that work?


A.k.a. the serverTransferProhibited status.


Oh wow, so you have to manually lock and unlock and wait like an hour before you can e.g. update DNS? That sounds painful.


To transfer the registration, but not to update records. Domain ownership is generally largely separate from zone management. Transferring a domain to someone else typically isn’t something you do often.


Oh I see. It said "any changes" so I figured that included DNS. Thanks.


You'd have to wait if you change your NS records (ie move to a new DNS provider) but normal DNS changes will be outside this.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: