[liaison6c] IRTP Part C Request for Input Template

Nicolas Adam nickolas.adam at GMAIL.COM
Sun Dec 4 16:01:42 CET 2011


Hi Avri

I have a hard time figuring how the transfer policy, as is, contributes 
to or prevents highjacking, or contributes to or hinders security and 
stability. I guess from my perspective, and presumably from the 
perspective of the NCSG, that would be the relevant starting point.

I would support calls for more fine-grained data to assess how the 
transfer issues manifest themselves in practice and would welcome 
theoretically informed views on the interrelation of these (transfer) 
issues with other issues.

Nicolas

On 12/1/2011 11:18 AM, Avri Doria wrote:
> On 1 Dec 2011, at 09:59, Milton L Mueller wrote:
>
>> Can you tell us what the issues are? How does the inter-registrar transfer process affect our members?
> First I do not know the specific ways in which the IRTP affects our members, figuring that out is part of the task.
>
> As registrants, the process by which Registrars transfer names from one Registrar to another is concern or from one person to another is a concern.  Anyone who has ever done a transfer from one registrar to another will see that it is a complex process and that there are ways to hung up in it - e.g. in reasons for non transfer that can inhibit transfer of control from one Registrar to another:
>
> 1.Evidence of Fraud
> 2.UDRP Action
> 3.Court Order
> 4.Reasonable dispute over the identity of the Transfer Contact
> 5.Non-payment for previous registration period
> 6.Express written object from the Transfer Contact
> 7.Domain Name was already “locked” *
> 8.Transfer was requested within 60 days of creation date
> 9.Transfer was requested within 60 days of previous transfer
>
> Part of the complexity comes from there being no policy for 'transfer of control".  One consequence, since the process has also not been de-facto standardized, is that the process are  different for different (registry, registrar pair) pairs.   I am not sure what we will see when looking at use cases but that is one of the things the group will be doing.  I admit I am most interested in the intersection of the lack of process and variable process with the transfer of control from one registrant to another whether due to UDRP process or local governmental action.  I expect that there ares other whose concern relates primarily to possible use of the ad-hoc processes to gain control fraudulently and other things that get termed hijacking.
>
> In consideration of reasons 8&  9 above, some have seen an opportunity for registrars to block certain re-transfers in the case of error, or dissatisfaction. In any case 60 days can be a long time.
>
> Another issue that comes up in the IRTP is resolution of dispute resolution in the transfer process.
>
> Then again, even if I saw no specific concerns for NCSG members, I would think it reasonable on every PDP for a variety of members and especially the policy committee members to take a detailed look at the issues report and the template and make sure there were no issues.  And I personally think that the Policy Committee(s) should attempt to get a response in on every PDP, even if it is short and sweet and says that we have no concerns with this issue because we think it is really just a RySG-RrSG process issue.
>
>
> avri
>
> For reference, from the WG charter&  C/SG comment template:
>
>>
>> a)     "Change of Control"[1] function, including an investigation of how this function is currently achieved, if there are any applicable models in the country-code name space that can be used as a best practice for the gTLD space, and any associated security concerns. It should also include a review of locking procedures, as described in Reasons for Denial #8 and #9, with an aim to balance legitimate transfer activity and security.
>>
>> b)     Whether provisions on time-limiting Form Of Authorization (FOA)s should be implemented to avoid fraudulent transfers out. For example, if a Gaining Registrar sends and receives an FOA back from a transfer contact, but the name is locked, the registrar may hold the FOA pending adjustment to the domain name status, during which time the registrant or other registration information may have changed.
>>
>> Whether the process could be streamlined by a requirement that registries use IANA IDs for registrars rather than proprietary IDs.
>>
>> [1] From the Final Issue Report: “the IRTP is widely used to affect a ‘change of control’, namely by moving the domain name to a new Registered Name Holder, in conjunction with a transfer to another registrar. For example, in the domain name aftermarket it is not uncommon to demonstrate control of a domain name registration through the ability to transfer the domain name registration to another registrar following which the registrant information is changed to the new registrant. Nevertheless, the concept of ‘change of control’ is not defined in the context of gTLDs”.
>> In addition, the Working Group has identified the following specific issues / questions it would like to receive further input on:
>>
>> -        In relation to Charter Question A, the Issue Report notes that ‘data on the frequency of hijacking cases is a pivotal part of this analysis. Mechanisms should be explored to develop accurate data around this issue in a way that meets the needs of registrars to protect proprietary information while at the same time providing a solid foundation for data-based policy making. Data on legitimate transfer activity benefitting from the current locking policy wording needs to be collected’.
>> -        In addition to the ccTLDs described in the Issue Report that do have a procedure or process for a ‘change of control’ (.ie, .eu and .uk) are there any other ccTLDs that have similar procedures or processes which the WG should review in the context of charter question A? Furthermore, the WG would be interested to receive feedback on the experiences with these or other ccTLD procedures or processes for a ‘change of control’ as well as identifying potential benefits and/or possible negative consequences from applying similar approaches in a gTLD context.
>> -        In relation to Charter Question B and C, the WG would be interested in further input or data in relation to the incidence of this issue to determine its scope and the most appropriate way to address it.
>> -        In relation to Charter Question C, Registries and Registrars are asked to provide specific information as to where proprietary IDs are currently being used by registries and whether the use of IANA IDs instead would be preferred / beneficial.


More information about the Ncuc-discuss mailing list