So what actually makes the "registry lock" robust against social engineering.
Reading CIRA's page it just says that to make changes the Registrar will talk to CIRA to have to lock removed on their behalf. Doesn't sound like there's any mandatory OOB check from CIRA back to the actual client.
Reading CIRA's page it just says that to make changes the Registrar will talk to CIRA to have to lock removed on their behalf. Doesn't sound like there's any mandatory OOB check from CIRA back to the actual client.