RE: [registrars] unsanctioned whois concepts (long)

["Bruce Tonkin" <Bruce.Tonkin@xxxxxxxxxxxxxxxxxx>]

Hello Tim,

> 
> If you were referring to the transfer key system I was 
> proselytizing about, I see some of the benefits as follows:
> 
> Eliminates the attempt to double confirm and reduces confusion.

Not sure about that.  I think in most cases the gaining registrar would
be well advised to get confirmation of authorisation to transfer.  The
"key" is only a mechanism of authentication rather than authorisation.
The gaining registrar must still obtain acceptance of the new terms and
conditions of the new registration agreement.

> 
> More reliable and quicker confirmation resulting in fewer 
> disputes. The losing registrar is in the best position to confirm.

If the losing registrar chooses to trust the gaining registrar and
enforcement is available againstbad gaining registrars, the losing
registrar could explicitly confirm all transfers.

Thus not sure that your proposed process in the ideal case is better
than the new transfers policy in the ideal case.  In the worst cases
they are also probably equivalent.

> 
> Faster, almost immediate completion of the transfer.

You need to look at the transfer process from the time the registrant
desires to transfer until the transfer is complete.  I would assume that
some losing registrars may not provide a key on a timely basis (after
first trying to convince the customer to stay).  I am not aware of too
many other cases where a customer must seek some sort of permission (e.g
transfer code) to move to a competitor.

> 
> Whois data accuracy improved as it can be collected directly 
> from the registrant by the gaining registrar. The key 
> confirms the validity of the transfer so why force the import 
> of potentially outdated or poorly parsed data?

The problem of the WHOIS data in different formats in a significant one.
I prefer the thick registry model for this reason (although this does
not mean that the data should be made available to the public as is
presently the case).

I prefer centralised WHOIS for the formatting etc reasons - but also
prefer that the data only be made available under specific circumstances
- preferably under the control of the registrant.

> 
> A dynamically generated, one use key is more secure than a 
> static auth code for transfers.

True.  Although this code could be generated automatically by a registry
and sent only to the contact stored in the registry.  This would remove
gaming from the losing registrar.


Regards,
Bruce