DENIC to Offer Provider Change with AuthInfo – Fast, Secure, and Reliable

DENIC logoAs from December 2008, DENIC and the DENIC members will make available a new procedure to domain holders who want to change their provider. The central feature of this new procedure is the transmission of a password, which is called AuthInfo. The AuthInfo is valid exclusively for this specific action and is related to one specific domain.

For the time being, the new provider change procedure with AuthInfo and the previous asynchronous procedure will exist in parallel. The domain holder can choose which one to use. However, he/she must clearly decide for one option. The advantage of the AuthInfo procedure is that the communication channels are reduced to a minimum, which makes the procedure easier, quicker and safer. In addition to that, the exact date of a provider change can be determined in advance, so that the services related to the domain can be set up accordingly by the provider.

Two steps are required to be able to apply the procedure: First, the domain holder must request his/her provider to obtain an AuthInfo, which is then stored with DENIC. Then he/she starts a provider change with his/her new provider. Below you find a detailed description of these two steps.
How to Place a Request for an AuthInfo with the Provider

If a domain holder wants to transfer his/her domain to another provider, he/she requests his/her current provider to obtain an AuthInfo. DENIC does not make any provisions with regard to the creation of the password (AuthInfo). It can either be selected by the domain holder him-/herself or by the provider, who then communicates it to the domain holder. The provider creates an “encrypted” version of the AuthInfo (a so-called hash) and transmits it to DENIC via the administering DENIC member. Providing the password as a hash is another security feature of AuthInfo transmission. DENIC stores the AuthInfo in its database in encrypted form. So DENIC does not know the cleartext password.

Another security feature is the limited term of validity of the AuthInfo. After a maximum of 30 days, it becomes invalid and can no longer be used to carry out a provider change. If the intended provider change shall be carried out despite of that, either a new AuthInfo must be stored with DENIC or the asynchronous procedure must be started.

If the domain holder does not have the possibility to request an AuthInfo from his/her current provider (because the provider does not exist anymore, cannot be reached by the domain holder or does not response to the request), the holder may obtain a provider change password directly from DENIC. In that case the domain holder contacts the DENIC member that is going to administer the domain in the future. That member initiates an AuthInfo generation directly by DENIC. Then DENIC sends the AuthInfo it has generated to the domain holder by registered letter. The letter is addressed to the address stored with the domain data. In case of domain holders that are not resident in Germany, the letter is addressed to the Admin-C in Germany in order to avoid long delivery times and high postage costs and to guarantee safe delivery. Simultaneously, DENIC stores the generated AuthInfo in the domain data base as a hash. Now the domain holder can communicate the AuthInfo to his/her new provider, who will then start the provider change request by transmitting this AuthInfo to DENIC.

How to Start a Provider Change with AuthInfo

To actually start the provider change, the domain holder communicates the AuthInfo to his/her new provider. The new provider, or more precisely the DENIC member administering the domain, can check with DENIC whether an AuthInfo has been stored (of cause without giving the actual character set of the AuthInfo). If an AuthInfo has been stored, the provider change request can then be transmitted to DENIC together with this AuthInfo.

When DENIC receives the provider change request, it checks first of all if a valid AuthInfo has been stored for the stated domain. If an AuthInfo exists, DENIC compares the hash of the transmitted AuthInfo with the value stored in its database. If the two are identical, the provider change is carried out immediately and the AuthInfo used for it is deleted. If the password is invalid, the provider change is rejected and the new provider is informed accordingly. If no AuthInfo is stored for the domain, the domain holder must contact his/her previous provider to clarify why no AuthInfo has been stored.

An AuthInfo enables a domain holder to carry out a holder change together with the provider change. This option is not available, however, if provisions to the contrary like an active DISPUTE apply. This distinguishes the new procedure from the asynchronous one, which only provides for a separate holder change. Other domain administration processes like updating the domain data or deletions cannot be executed by means of an AuthInfo.

AuthInfo and the Service DENICdirect

Domain holders that want to transfer their domains to the DENICdirect service may also use an AuthInfo. Such AuthInfo must be requested from the current provider of the domain. If no AuthInfo of the provider is stored in the DENIC database, the domain holder has another option. He/She can request an AuthInfo directly from DENIC during the provider change to DENICdirect. The AuthInfo is then sent to the domain holder, who can subsequently conclude the provider change to DENICdirect.

This news release was sourced from