[gnso-irtp-b-jun09] Issue E

["Mike O'Connor" <mike@xxxxxxxxxx>]

hi all,

here's a series of paragraphs to kick off the Issue E discussion.

Denial Reason #7 (as currently writ)

A domain name was already in "lock status" provided that the Registrar provides 
a readily accessible and reasonable means for the Registered Name Holder to 
remove the lock status.

from the Initial Report

Prior to receipt of the transfer request, the domain name was locked pursuant 
to the Registrar’s published security policy or at the direction of the 
Registered Name Holder provided that the Registrar includes in its registration 
agreement the terms and conditions upon which it locks domains and further that 
the Registrar provides a readily accessible and reasonable means for the 
Registered Name Holder to remove the lock status. If the Registrar does not 
provide a means to allow a Registered Name Holder to remove the lock status 
themselves, then Registrar must facilitate removing the lock within 5 calendar 
days of receiving a request from the Registered Name Holder.

unpacked version of the Initial Report language (just a few punctuation marks 
and carriage returns)

Prior to receipt of the transfer request, the domain name was locked:

-- pursuant to the Registrar’s published security policy or at the direction of 
the Registered Name Holder, 

-- provided that the Registrar includes in its registration agreement the terms 
and conditions upon which it locks domains, and 

-- further that the Registrar provides a readily accessible and reasonable 
means for the Registered Name Holder to remove the lock status. 

If the Registrar does not provide a means to allow a Registered Name Holder to 
remove the lock status themselves, then Registrar must facilitate removing the 
lock within 5 calendar days of receiving a request from the Registered Name 
Holder.


issues to puzzle through

-- should we limit this only to locks imposed by Registered Name Holders?  
Michael Collins suggested this, but my recollection is that this policy is 
really aimed at both registrant-initiated AND registrar-initiated locks.  so if 
we want, we can explore moving the treatment of registrar-initiated locks to 
Issue D, but i'll be grumpy about dropping it altogether.

-- how can we address Paul's point that overly-detailed "published security 
policies" provide a roadmap to the criminals?  my take is that this can be 
finessed by leaving the language as it's written -- which leaves Registrars a 
fair amount of latitude as to how detailed they make those published security 
policies.

-- is the 5-day interval the right one?  i don't have strong feelings about 
this -- but again, this might be made less complicated if we split the 
treatment of registrar-initiated and registrant-initiated locks.

there's my first pass.

have at it, peepul

mikey


- - - - - - - - -
phone   651-647-6109  
fax             866-280-2356  
web     http://www.haven2.com
handle  OConnorStP (ID for public places like Twitter, Facebook, Google, etc.)