Constituency Input Template Inter-Registrar Transfer Policy Set A
The GNSO Council has formed a Working Group of interested stakeholders and Constituency representatives, to collaborate broadly with knowledgeable individuals and organizations, in order to develop potential policy options to address three new issues associated with the Inter-Registrar Transfer Policy.
Part of the working group’s effort will incorporate ideas and suggestions gathered from Constituencies through this Constituency Statement.
Inserting your Constituency’s response in this form will make it much easier for the Working Group to summarize the Constituency responses. This information is helpful to the community in understanding the points of view of various stakeholders.
For further background information on this issue, please review the GNSO Issues Report on Inter-Registrar Transfer Policy Set A - New IRTP Issues
• Please identify the members of your constituency who participated in developing the perspective(s) set forth below.
• Please describe the process by which your constituency arrived at the perspective(s) set forth below.
Issue I – Is there a way for registrars to make Registrant E-mail Address data available to one another? Currently there is no way of automating approval from the Registrant, as the Registrant Email Address is not a required field in the registrar Whois. This slows down and/or complicates the process for registrants, especially since the Registrant can overrule the Admin Contact.
- If you believe policy change is needed, what options could be explored for registrars to make Registrant E-mail address data available? For each option, please identify how this would benefit automating approval, and, if any, what potential problems might be associated with this option.
- Please identify examples or best practices of email address use to facilitate and/or automate approval from a Registrant for a transfer.
- Although it is not the purpose of this Policy Development Process (PDP) to recommend changes to WHOIS policy, it conceivably could be an option to require registrant email addresses in WHOIS. The Working Group is interested in your views on that potential option, without regard to the broader WHOIS issues of availability and accuracy of WHOIS data. The Working Group is more particularly interested in your views about any other options not involving WHOIS.
Issue II – Whether there is need for other options for electronic authentication (e.g., security token in the Form of Authorization (FOA)) due to security concerns on use of email addresses (potential for hacking or spoofing).
- What security concerns can you identify related to current ways of authenticating registrants. Note, the Security and Stability Advisory Committee (SSAC) has identified a risk of email spoofing for purposes of domain name hijacking, see link. We are interested in your views on this and any other concerns.
- Do you think there is a need for other options for electronic authentication? Please state the reasons for your answer.
- Do you know of any Registrars using additional means for electronic authorization (e.g. security token, digital signatures, etc.)? If so, what are they and who offers them?
- If a need would be identified for other options of electronic authentication, what other options could be explored?
- Of those other options to be explored, please identify the potential benefits but also any potential problems.
- Do you have or know of any data in relation to the impact of the Extensible Provisioning Protocol (EPP) deployment on security in relation to authentication? If so, please describe the source and type of data.
- Do you know of any further examples, apart from those mentioned in the issues report (.uk registry and .se registry), of electronic authentication methods? If so, what are they and who offers them?
Issue III – Whether the policy should incorporate provisions for handling “partial bulk transfers” between registrars – that is, transfers involving a number of names but not the entire group of names held by the losing registrar.
- Should the policy incorporate provisions for handling “partial bulk transfers” between registrars? Please state the reasons and use-cases for your answer.
- Are you aware of any voluntary provisions to facilitate partial bulk transfers? If so, could you please provide further details on those provisions (apart from those already identified in the issues paper – NeuLevel (.biz), Nominet (.uk)).