The IRTP Part C PDP Working Group was tasked to consider the following three questions:

  1. "Change of Control" function, including an investigation of how this function is currently achieved, if there are any applicable models in the country-code name space that can be used as a best practice for the gTLD space, and any associated security concerns. It should also include a review of locking procedures, as described in Reasons for Denial #8 and #9, with an aim to balance legitimate transfer activity and security.
  2. Whether provisions on time-limiting the Form Of Authorization (FOA) should be implemented to avoid fraudulent transfers out. For example, if a Gaining Registrar sends and receives an FOA back from a transfer contact, but the name is locked, the registrar may hold the FOA pending adjustment to the domain name status, during which time the registrant or other registration information may have changed.
  3. Whether the process could be streamlined by a requirement that registries use IANA IDs for registrars rather than proprietary IDs.

Following review of the comments received on its Initial Report [PDF, 1.23 MB], the WG has now submitted its Final Report to the GNSO Council for its consideration. The Final Report, which in addition to background information, an overview of the WG's deliberations and community input received to date, contains the following four recommendations:

Charter Question A Recommendation #1 - The IRTP Part C WG recommends the adoption of change of registrant consensus policy, which outlines the rules and requirements for a change of registrant of a domain name registration. Such a policy should follow the requirements and steps as outlined in the section ‘proposed change of registrant process for gTLDs’ in the Final Report.

Charter Question B Recommendation #2: The WG concludes that FOAs, once obtained by a registrar, should be valid for no longer than 60 days. Following expiration of the FOA, the registrar must re-authorize (via new FOA) the transfer request. Registrars should be permitted to allow registrants to opt-into an automatic renewal of FOAs, if desired. In addition to the 60-day maximum validity restriction, FOAs should expire if there is a change of registrant, or if the domain name expires, or if the transfer is executed, or if there is a dispute filed for the domain name. In order to preserve the integrity of the FOA, there cannot be any opt-in or opt-out provisions for these reasons for expiration of the FOA. As recommended and approved as a result of the IRTP Part B PDP, Losing Registrars under IRTP-B are now required to send an FOA to a Prior Registrant. The WG advises that Losing Registrars have the option to send a modified version of this FOA to a Prior Registrant in the event that the transfer is automated where the FOA would be advisory in nature. Finally, during the course of its deliberations on this topic, the WG notes that the use of EPP Authorization Info (AuthInfo) codes has become the de facto mechanism for securing domain transfers and thereby replaced some of the reasons for the creation of the standard FOA. The WG recommends that the next IRTP PDP examines whether the universal adoption and implementation of EPP AuthInfo codes has eliminated the need for FOAs.

Charter Question C: - Recommendation #3: The WG recommends that all gTLD Registry Operators be required to publish the Registrar of Record's IANA ID in the TLD's WHOIS. Existing gTLD Registry operators that currently use proprietary IDs can continue to do so, but they must also publish the Registrar of Record's IANA ID. This recommendation should not prevent the use of proprietary IDs by gTLD Registry Operators for other purposes, as long as the Registrar of Record's IANA ID is also published in the TLD's Whois.

Additional Recommendation - Recommendation #4: As recommended as part of the revised GNSO Policy Development Process, the IRTP Part C Working Group strongly encourages the GNSO Council to create an IRTP Part C Implementation Review Team consisting of individual IRTP Part C Working Group members who would remain available to provide feedback on the implementation plan for the recommendations directly to ICANN staff. The Working Group suggests that consideration be given to consulting recognised security experts (such as interested members of the SSAC) by the Implementation Review Team.

The IRTP Part C WG will provide an overview of the recommendations during this session and answer any questions there may be.

Background

The IRTP is a GNSO consensus policy that was adopted in 2004 with the objective to provide registrants with a transparent and predictable way to transfer domain name registrations between registrars. As part of its implementation, it was decided to carry out a review of the policy in order to determine whether it was working as intended or whether there are any areas that would benefit from further clarification or improvement. As a result of this review, a number of issues were identified that were grouped together in five different policy development processes or PDPs, titled A to E, that are being addressed in a consecutive order.

More Information

  • No labels
For comments, suggestions, or technical support concerning this space, please email: ICANN Policy Department
© 2015 Internet Corporation For Assigned Names and Numbers