<<<
Chronological Index
>>> <<<
Thread Index
>>>
RE: [registrars] FW: [nc-transfer] Drafting Team Status Update
Tim,
I am
not for sure how you are interpreting legal obligation with regards to the
losing registrar.
In the
registry-registrar agreement Exhibit B
1)
Obtain authorization of an individual who has apparent authority to legally bind
the registered name holder - Gaining registrar
discretion
That
would be the person that I decide since I am the gaining registrar - that is
*not* up to the losing registrar. I am not denying the losing registrar to check
- but they can not stop the transfer because the losing registrar did not get an
email back. A simple solution would be if the losing registrar has an online
system for the person to authorize / unlock the domain for transfer that
is fine.
David
That
doesn't change the legal obligation of the registrar.
I agree with David on this issue. In a reseller model, when
the admin contact is the registrant, they often don't understand the
emails/smails that result in inadvertent approvals of transfers and
renewals. This creates a support nightmare for both the losing
registrar, the reseller and the registrant that didnt understand the whole
process. It happens every day.
Tim,
I know I went to far in the description and I
apologize. In many cases the domains we
bought in conjunction with a web site. The registrant knows nothing about
the registrant agreement or a registrar. Because the Independent TELCO is
re-branding the registrant is unaware of the backend process. That is
where the determining of the Apparent authority is vital in my
situation.
David
David, Not sure I completely
understand what you're describing. But I would think that the
current registrar is still bound by their agreement with the registrant.
I still can't see how, and don't believe, any policy that does not
allow the current registrar to verify a transfer of a domain name
is legitimate and within their agreement terms with the registrant is
legally enforceable. Tim
-------- Original Message
-------- Subject: RE: [registrars] FW: [nc-transfer] Drafting Team
Status Update From: "David Wascher"
<dwascher@iaregistry.com> Date: Thu, August 29, 2002 6:45
pm To: "Paul Stahura" <stahura@enom.com>, "'Registrar
Constituency'" <registrars@dnso.org>,
<tim@godaddy.com>
Paul and Tim, I have to disagree about
the losing registrar determining the apparent authority. In our case
that has been the problem with transfers from VeriSign and others.
The authority as seen from the losing registrar has mostly been the
registrant. I am dealing with TELCO's that manage their Web site,
dialup connection and more then likely did not really know that they
had a domain. They asked for a web site name and think of the web
site and the domain as the same. In many cases a TELCO sells out to
another which then changes the "apparent authority" all together.
Many Independent TELCO's farm out the backend services like the
dial-up, tech support, web hosting, DNS and domain registration. All
of this is part of our business. When a TELCO changes the
backend provider say from NeoNova to Info Avenue their is a very
large conversion that takes place - normally several thousand users
will be migrated to our ISP side of the house. To keep things simple
and in one place they will also migrate the domains to IARegistry. I
think you would agree that most customers when dealing with an array
of services like one place to go. That is the case here. The
losing registrar will not know anything about the move and who we
have established as the apparent authority which is the Admin listed
in our partner account. We recognize the ADMIN as the apparent
authority. They have been setup to Administer the registrants
domain.
Thanks, David IARegistry
::-----Original
Message----- ::From: owner-registrars@dnso.org
[mailto:owner-registrars@dnso.org]On ::Behalf Of Paul
Stahura ::Sent: Wednesday, August 28, 2002 5:53 PM ::To:
'Registrar Constituency' ::Subject: RE: [registrars] FW:
[nc-transfer] Drafting Team Status Update
:: :: ::Ross, :: ::I agree that the loosing registrar is
best qualified to ::figure out if a person has the apparent
authority. ::Unfortunately the loosing registrar has no
incentive ::to validate authority, and actually has an
incentive ::to screw around in the hopes of reducing market share
loss ::(or for whatever business purpose). ::This had been proven
time and time again. Name hostage ::taking to protect market share
decline, or even inadvertently ::(because the email bounced, or did
not get responded to for whatever ::reason), ::is much more
widespread than fraudulent transfers, and causes ::more customer
service complaints. ::Auto-nack will not remove this problem. In my
opinion ::it will make it worse. If you are worried about
fraudulent ::transfers, allow your registrants to put their names
on registrar-lock. ::There is no way a name on registrar-lock
can transfer. If the gaining ::registrar gets a legitimate request
to transfer, the gaining ::registrar can tell the name holder to
go to the losing registrar ::and remove the registrar-lock (the
losing registrar must provide an ::easy way to remove the lock by the
verified name holder). ::So I disagree that the solution is
"auto-nack" if no response to ::an attempted contact of the name
holder by the losing registrar. :: ::I also note 9) would have to
change to implement Tim's suggestion. :: ::Most fraudulent
transfers that we have encountered occur when ::the bad guy gets
control of a domain that was used as part ::of an email address on a
number of other domains. Then the ::bad guy requests transfer on
*all* the other domains, acking ::each email sent by both the losing
and gaining registrars. ::"auto-nack" does not solve this, but
registrar-lock does. ::Additionally, if there is an "auto-nack"
policy in place, ::where is the gaining registrar redress, ::if
the losing registrar abuses the "auto-nack" privilege? :: ::I
believe the root of the problem is with the RRP protocol, ::and to
really go a long way to solve the problem, the RRP ::would need to be
changed slightly (or of course switch to EPP, ::even a "thin" EPP).
RRP Registrar-lock is over-loaded, ::and was not intended to solve
the general transfer problem, ::even though it does help solve
fraudulent transfers, IMO. :: ::It would not be too difficult for
the registry to ::implement an "auth code" with RRP. The code will
be ::passed with each "register" command, could be modified
with ::the "modify" command and be required with a "transfer"
command. ::Only 3 commands would need to be modified. Other
Verisign ::registrys have already modified the RRP in various
ways ::(v1.4, with .tv is one example i believe). :: ::My
comments on the document ::on 5b) ::what happens when the losing
registrar ::blocks access to the gaining registrar's repeated
requests for ::the whois information? or if the losing registrar's
whois ::server is down for an extended period? :: ::I think a
"blacklist of domains that must not be transferred" ::is redundant.
Why not put those names on registrar lock? ::Maybe I'm missing the
intent here. :: ::I think the losing registrar MAY/MUST? nack the
request if the gaining ::registrar notifies the losing registrar that
a mistake has been ::made in the transfer initiation (an exception
to 9). :: ::is 10) the only minimum standards that apply to
9)? ::10b) and 10c) do not pertain to the gaining registrar, so
is ::9b) really just 10a)? ::as in "9(b) the Gaining Registrar
fails to comply with 10a)" ::I think i agree with the intent of 9 and
10, I just think ::it could be worded clearer. ::do Gaining
registrars get to inspect the form of 9a) that ::the losing regisrar
used to deny the transfer? :: ::I agree with Tim's suggestion 5.r
below if the intent is ::to prevent registrar
hopping. :: :: ::Paul ::eNom,
Inc. :: :: ::-----Original Message----- ::From: Tim Ruiz
[mailto:tim@godaddy.com] ::Sent: Wednesday, August 28, 2002 11:51
AM ::To: ross@tucows.com; 'Registrar Constituency' ::Subject: RE:
[registrars] FW: [nc-transfer] Drafting Team Status Update
:: :: ::Ross, :: ::The method of obtaining apparent
authority here is backwards. In reality, ::the loosing registrar is
the best gauge of who truly has current apparent ::authority.
Registrars are not required to update their Whois ::information
any ::more often than once in 24 hours. As a result, using Whois data
for the ::gaining registrar to try and figure out who has
apparent authority is not ::safe. Requiring them to go beyond that
adds undue burden on the gaining ::registrar and the registrant
making the request. :: ::As a result I strongly urge that 7.f
does NOT result in an ACK of the ::transfer by the loosing registrar.
The person with the apparent authority ::according to the loosing
registrar's records MUST verify the transfer ::request for it to go
through. Nothing else really makes sense ::here if one of ::our
goals is to truly protect the registrant from fraudulent transfers.
If ::the party with apparent authority confirms with the loosing
registrar that ::the transfer request is valid, the loosing registrar
HAS confirmation then ::that the gaining registrar has acquired the
appropriate FOA. :: ::I don't like the idea of counting on the
gaining registrar to be ::honest and ::complete in their dealings
regarding transfers. It is too ::difficult, if not ::impossible,
to get things reversed with certain registrars. We had some ::rather
unpleasant dealings with one in China a few months ago on a related
::issue. :: ::If transfers are conducted in this manner, the
number of instances of ::registrars needing to invoke the
unnecessarily complicated and time ::consuming Losing Registrar
Redress will be greatly reduced, if not ::eliminated
altogether. :: ::In addition, I strongly urge the addition of the
following v. to 5.r: :: ::v. Request to transfer sponsorship
occurs in the first 60 days after a ::transfer of
sponsorship. :: ::This would add another seriously needed level of
protection against fraud. ::However, if the loosing registrar MUST
obtain approval from someone with ::apparent authority, this may not
be as necessary. :: ::Tim Ruiz ::Go Daddy Software,
Inc. :: ::-----Original Message----- ::From:
owner-registrars@dnso.org
[mailto:owner-registrars@dnso.org]On ::Behalf Of Ross Wm.
Rader ::Sent: Wednesday, August 28, 2002 11:17 AM ::To: 'Registrar
Constituency' ::Subject: [registrars] FW: [nc-transfer] Drafting Team
Status Update :: :: ::Members, :: ::Please find to follow
below a brief report on the status of the work of ::the Transfers TF
as it relates to Transfers. Note that we are ::progressing reasonably
well through a review of the Registrar ::Constituency proposal and
have made a few modifications that I believe ::are amenable to the
interests of Registrars. I had hoped at this point ::that we would
have received feedback from the Registry Constituency ::given their
renewed commitment to the issue, however I suspect that ::"real life"
is somehow interfering with finalizing the revisions ::referenced
below. I don't expect this delay to draw out in any ::meaningful
way (we should be able to resolve it this afternoon during ::our
call) but it needs to be brought to the attention of
the ::constituency nonetheless. :: ::The Task Force is still
targetting the Shanghai meeting for tabling of ::our recommendations
and we look to be in good shape at this point. If ::there are any
questions between now and Amsterdam, I am happy to answer ::them as
they come up. I expect to deliver a full progress report and ::draft
recommendations during the timing of the Amsterdam meeting.
:: ::Thanks in advance, (and as noted below, apologies for
the proprietary ::document format). :: :: :: ::
-rwr :: :: :: :: ::"There's a fine line between fishing
and standing on the shore like an ::idiot." ::- Steven
Wright :: ::Got Blog? http://www.byte.org/blog :: ::Please
review our ICANN Reform
Proposal: ::http://www.byte.org/heathrow :: :: :: :: ::-----Original
Message----- ::From: owner-nc-transfer@dnso.org
[mailto:owner-nc-transfer@dnso.org] On ::Behalf Of Ross Wm.
Rader ::Sent: Wednesday, August 28, 2002 12:10 PM ::To: 'Transfer
TF (E-mail)' ::Subject: [nc-transfer] Drafting Team Status
Update :: :: ::Folks, :: ::Please find attached a copy of
the latest draft (version 1, revision 2, ::draft 2) of the IRDX
proposal that the drafting team has been working on ::for the last
two weeks or so. :: ::During the call today, I would like to focus
on a review of points 8 ::through 15 (pages 14, 15 and 16)
(highlighted in blue) with an eye ::towards ensuring that the process
appropriately takes into account the ::needs of R'ants, R'rars and
R'ry's. The feedback that the drafting team ::gathers through this
review will be invaluable in providing us with the ::guidance that we
need to complete our task. :: ::I would also like to review the
formal revisions made thus far to ensure ::that the language used
appropriately captures the intent and sentiment ::of the larger
group. :: ::Please note that the revisions are not as sweeping as
I had expected as ::we are still waiting for input on enforcement
mechanisms from the ::Registry Constituency reps to the Drafting
Team. I do not have an ETA ::for delivery of these details, so its
not likely that we can cover them ::on the call, however the call
will give us the capability to rework the ::deadlines in order to
keep the document on track :: ::If there are any questions, please
don't hesitate to drop me a note. :: ::Apologies in advance for
the proprietary document format. :: :: :: ::
-rwr :: :: :: :: ::"There's a fine line between fishing
and standing on the shore like an ::idiot." ::- Steven
Wright :: ::Got Blog? http://www.byte.org/blog :: ::Please
review our ICANN Reform Proposal: http://www.byte.org/heathrow
:: :: ::
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|