RE: [registrars] .US Transfer Proposal

[Bruce Tonkin <Bruce.Tonkin@melbourneit.com.au>]

Hello Mike,

Thanks for proposing changes to the .us transfer procedure.

I agree with the use of the auth-code for facilitating transfers.

However the auth-code only serves to verify the identity of the registrant.
ie if a person provides you with the correct auth-code - this helps verify
that you are dealing with an authorised person.

It does not provide evidence that a registrar has gained the authority for a
transfer.

In the ".au" environment, we require a two part process:
(1) Obtain the correct auth-info code to verify the identity of the
registrant
(2) Require the registrant to agree to a standard authorisation form that
includes explicit agreement to the transfer

Without (2), registrants can be easily misled into providing the auth-info
code.

We have an instance in Australia where a large Web hosting company has
requested the
"auth-info" code when a domain name holder asks the company to host a
website for them, on the basis that they need the code to arrange a change
in nameserver.  They don't inform the customer that they will first transfer
the name to another registrar, before they may nameserver changes.

I would like to see the use of standard text that is used to obtain the
explicit approval.  A code is not a substitute for this.   I understand that
this is part of the transfer task force recommendations which were developed
with EPP registries in mind.

Although a losing registrar could explain the use of the auth-info code at
the time of registration, it is likely that a registrant will forget this
explanation when they sign up to some misleading marketing material.  The
requirement for a standard authorisation form helps alleviate this problem.

Likewise step (2) above without step (1) - causes problems as multiple
people may assert that they have the authority to authorise a transfer.  The
unique auth-code helps settle this.

Regards,
Bruce Tonkin
>