Notes
* Registrars must provide the Registered Name Holder with the unique "AuthInfo" code within five (5) calendar days of the Registered Name Holder's initial request if the Registrar does not provide facilities for the Registered Name Holder to generate and manage their own unique "AuthInfo" code.
** EPP requires mutual authentication of clients/registrars and servers before a TLS connection can be made between the two parties. Digital certificates, digital signatures, and PKI services are used to authenticate both parties. Certificates must be signed by a CA that is recognized by the server operator. [RFC 4934, section 8]. Additionally, all EPP clients/registrars are required to identify and authenticate themselves using a server-assigned user ID and a shared secret (a password) that is sent to the server using a login command. The server must confirm the identity and shared secret before the client is given access to other protocol services. [RFC 4930, section 2.9.1.1] Some EPP commands, such as the domain transfer command, require additional authentication information that must be provided and confirmed before the requested action is completed. The default authentication information service uses a shared secret that is known to the registry, the registrar, and the registrant. Registrants are required to provide this secret to a second registrar when requesting the second registrar to initiate a domain transfer on the registrant's behalf. The authentication information data structure is extensible so that additional authentication mechanisms can be defined and implemented in the future. [RFC 4931, sections 3.2.1 and 3.2.4].
*** The Registrar of Record has 5 calendar days to respond to transfer notice from Registry
