[ga] Public Comment open till 29 September : Inter-Registrar Transfer Policy - Part A 'New IRTP Issues'

[Glen de Saint Géry <Glen@xxxxxxxxx>]

[To: council[at]gnso.icann.org; liaison6c[at]gnso.icann.org]
[To: ga[at]gnso.icann.org; announce[at]gnso.icann.org]
[To: regional-liaisons[at]icann.org]

http://www.icann.org/en/announcements/announcement-09sep08-en.htm
Public Comment: Inter-Registrar Transfer Policy - Part A 'New IRTP Issues' 
Background

9 September 2008

The Inter-Registrar Transfer Policy (IRTP) aims to provide a straightforward 
procedure for domain name holders to transfer their names from one 
ICANN-accredited registrar to another. As part of a broader review of this 
policy, a Policy Development Process (PDP) is currently ongoing on new 
Inter-Registrar Transfer Policy issues. These new Inter-Registrar Transfer 
Policy issues include questions relating to registrar exchange of registrant 
e-mail information, the potential need for including new forms of electronic 
authentication and potential provisions for "partial bulk transfers."

Input requested

The Working Group that was launched following the adoption of its charter by 
the GNSO Council on 17 July 2008 is requesting your input for its deliberations 
to answer the following questions (found in Section 1.3 of the issues report):

Issue I - Is there a way for registrars to make Registrant E-mail Address data 
available to one another? Currently there is no way of automating approval from 
the Registrant, as the Registrant Email Address is not a required field in the 
registrar Whois. This slows down and/or complicates the process for 
registrants, especially since the Registrant can overrule the Admin Contact .

If you believe policy change is needed, what options could be explored for 
registrars to make Registrant E-mail address data available? For each option, 
please identify how this would benefit automating approval, and, if any, what 
potential problems might be associated with this option.
Please identify examples or best practices of email address use to facilitate 
and/or automate approval from a Registrant for a transfer.
Although it is not the purpose of this Policy Development Process (PDP) to 
recommend changes to WHOIS policy, it conceivably could be an option to require 
registrant email addresses in WHOIS. The Working Group is interested in your 
views on that potential option, without regard to the broader WHOIS issues of 
availability and accuracy of WHOIS data. The Working Group is more particularly 
interested in your views about any other options not involving WHOIS.
Issue II - Whether there is need for other options for electronic 
authentication (e.g., security token in the Form of Authorization (FOA)) due to 
security concerns on use of email addresses (potential for hacking or spoofing) 
.

What security concerns can you identify related to current ways of 
authenticating registrants. Note, the Security and Stability Advisory Committee 
(SSAC) has identified a risk of email spoofing for purposes of domain name 
hijacking, see link. We are interested in your views on this and any other 
concerns.
Do you think there is a need for other options for electronic authentication? 
Please state the reasons for your answer.
Do you know of any Registrars using additional means for electronic 
authorization (e.g. security token, digital signatures, etc.)? If so, what are 
they and who offers them?
If a need would be identified for other options of electronic authentication, 
what other options could be explored?
Of those other options to be explored, please identify the potential benefits 
but also any potential problems.
Do you have or know of any data in relation to the impact of the Extensible 
Provisioning Protocol (EPP) deployment on security in relation to 
authentication? If so, please describe the source and type of data.
Do you know of any further examples, apart from those mentioned in the issues 
report (.uk registry and .se registry), of electronic authentication methods? 
If so, what are they and who offers them?
Issue III - Whether the policy should incorporate provisions for handling 
"partial bulk transfers" between registrars - that is, transfers involving a 
number of names but not the entire group of names held by the losing registrar .

Should the policy incorporate provisions for handling "partial bulk transfers" 
between registrars? Please state the reasons and use-cases for your answer.
Are you aware of any voluntary provisions to facilitate partial bulk transfers? 
If so, could you please provide further details on those provisions (apart from 
those already identified in the issues paper - NeuLevel (.biz), Nominet (.uk)).
Background documents / links

GNSO Issues Report Inter-Registrar Transfer Policy: Set A; "New IRTP Issues" 
(http://gnso.icann.org/issues/transfers/transfer-issues-report-set-a-23may08.pdf)
Charter Inter-Registrar Transfer Policy - Part A PDP Working Group 
(http://gnso.icann.org/issues/transfers/irtp-working-group-charter-jun08.htm)
IRTP Part A PDP Working Group Workspace (irtp part a pdp wg pdp jun08)
IRTP Part A PDP Working Group E-mail archives 
(http://forum.icann.org/lists/gnso-irtp-pdp-jun08/)
Deadline and how to submit comments

Comments are welcome via e-mail to <new-irtp-issues@xxxxxxxxx> until 29 
September 2008.

Access to the public comment forum from which comments can be posted can be 
found at <new-irtp-issues@xxxxxxxxx>.

An archive of all comments received will be publicly posted at 
http://forum.icann.org/lists/new-irtp-issues/.

Glen de Saint Géry
GNSO Secretariat
gnso.secretariat@xxxxxxxxxxxxxx
http://gnso.icann.org