Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Draft – For Discussion Purposes Only

ICANN invites comments on Inter-Registrar Transfer Policy – Part A ‘New IRTP Issues’ (Also known as IRTP PDP Jun08)

Background

The Inter-Registrar Transfer Policy (IRTP) aims to provide a straightforward procedure for domain name holders to transfer their names from one ICANN-accredited registrar to another. As part of a broader review of this policy, a Policy Development Process (PDP) is currently ongoing on new Inter-Registrar Transfer Policy issues. These new Inter-Registrar Transfer Policy issues include questions relating to registrar exchange of registrant e-mail information, the potential need for including new forms of electronic authentication and potential provisions for “partial bulk transfers.”

Input requested

The Working Group that was launched following the adoption of its charter by the GNSO Council on 17 July 2008 is requesting your input for its deliberations to answer the following questions (found in Section 1.3 of the issues report):

Issue I – Is there a way for registrars to make Registrant E-mail Address data available to one another? Currently there is no way of automating approval from the Registrant, as the Registrant Email Address is not a required field in the registrar Whois. This slows down and/or complicates the process for registrants, especially since the Registrant can overrule the Admin Contact.

  • If you believe policy change is needed, what options could be explored for registrars to make Registrant E-mail address data available? For each option, please identify how this would benefit automating approval, and, if any, what potential problems might be associated with this option.
  • Please identify examples or best practices of email address use to facilitate and/or automate approval from a Registrant for a transfer.
  • Although it is not the purpose of this Policy Development Process (PDP) to recommend changes to WHOIS policy, it conceivably could be an option to require registrant email addresses in WHOIS. The Working Group is interested in your views on that potential option, without regard to the broader WHOIS issues of availability and accuracy of WHOIS data. The Working Group is more particularly interested in your views about any other options not involving WHOIS.

Issue II – Whether there is need for other options for electronic authentication (e.g., security token in the Form of Authorization (FOA)) due to security concerns on use of email addresses (potential for hacking or spoofing).

  • What security concerns can you identify related to current ways of authenticating registrants. Note, the Security and Stability Advisory Committee (SSAC) has identified a risk of email spoofing for purposes of domain name hijacking, see link. We are interested in your views on this and any other concerns.
  • Do you think there is a need for other options for electronic authentication? Please state the reasons for your answer.
  • Do you know of any Registrars using additional means for electronic authorization (e.g. security token, digital signatures, etc.)? If so, what are they and who offers them?
  • If a need would be identified for other options of electronic authentication, what other options could be explored?
  • Of those other options to be explored, please identify the potential benefits but also any potential problems.
  • Do you have or know of any data in relation to the impact of the Extensible Provisioning Protocol (EPP) deployment on security in relation to authentication? If so, please describe the source and type of data.
  • Do you know of any further examples, apart from those mentioned in the issues report (.uk registry and .se registry), of electronic authentication methods? If so, what are they and who offers them?

Issue III – Whether the policy should incorporate provisions for handling “partial bulk transfers” between registrars – that is, transfers involving a number of names but not the entire group of names held by the losing registrar.

  • Should the policy incorporate provisions for handling “partial bulk transfers” between registrars? Please state the reasons and use-cases for your answer.
  • Are you aware of any voluntary provisions to facilitate partial bulk transfers? If so, could you please provide further details on those provisions (apart from those already identified in the issues paper – NeuLevel (.biz), Nominet (.uk)).

Background documents / links

Deadline and how to submit comments

Comments are welcome via e-mail to tbc until 29 September 2008.

Access to the public comment forum from which comments can be posted can be found at tbc.

An archive of all comments received will be publicly posted at tbc.