ICANN ICANN Email List Archives

[bc-gnso]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [bc-gnso] FW: Inter-Registrar Transfer Policy - PDP Part B

  • To: BC gnso <bc-gnso@xxxxxxxxx>
  • Subject: Re: [bc-gnso] FW: Inter-Registrar Transfer Policy - PDP Part B
  • From: George Kirikos <icann@xxxxxxxx>
  • Date: Thu, 28 May 2009 14:13:25 -0400

Hello,

On Thu, May 28, 2009 at 1:36 PM, Mike Rodenbaugh wrote:
> c) Whether special provisions are needed for a change of registrant when it 
> occurs near to the time of a change of registrar

We'd support the PDP, if it will raise the general level of security
for all registrants. For many years we've been fighting to reverse
domain name thefts and the industry needs to be proactive regarding
security, instead of "reactive" using an exception mechanism. Some of
our past comments within ICANN can be seen at:

http://forum.icann.org/lists/transfer-comments-g/msg00003.html

and some registrars have followed our advice. However, this issue is
also closely tied in to WHOIS accuracy and registrant verification.
Domains are valuable and if the thieves are able to operate in
relative anonymity, they'll continue to operate. Address verification
and other systems (2-factor security, out-of-band verification, etc.)
can be used to raise the level of security for every registrant and
their clients/users.

One should be cautious about the "special provisions" noted above, as
most domain name purchases/sales will involve a change of registrar at
the same time as a registrant change (e.g. Sally Jones purchases
Example.com from John Smith, registered at NSI, and immediately
transfers the name to her favourite registrar Tucows). But, I assume
we'll have lots of time to comment on anything produced by members of
the PDP, so nothing too kooky should come out of the process once
everyone has had an opportunity to review it. Making ALL domain
registrant changes highly secure (with an audit trail, with verified
registrants) reduces the need for exception mechanisms.

Rogue registrars are also part of the problem (e.g. RegisterFly,
EstDomains) and so the bar needs to be raised in terms of due
diligence in the registrar accreditation and ongoing compliance
process.

Sincerely,

George Kirikos
416-588-0269
http://www.leap.com/



<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy