[gnso-irtpc] Follow up to call on 17 April

["Knight, Barbara" <BKnight@xxxxxxxxxxxx>]

All,
I listened to the recording from the call yesterday.  Simonetta had a question 
regarding the auth-info code - it should be noted that the auth-info code isn't 
unique to whether the registry is thick or thin but instead, is determined by 
whether the registry is using the EPP protocol.  I believe  that the same 
auth-info code could be used to help secure both transfer requests (this was 
it's initial intent) as well as being extended to securing changes to 
registrant information.  This is something that the registrars would want to 
weigh in on as I expect that there may be development required to implement 
such a solution.

To Michele's point, the auth-info code is typically created when the domain 
name is created by the registrar.  As I had mentioned in a previous call, when 
an EPP transfer command is sent to the registry it must include the auth-info 
code and the auth-info code that is passed must match that which is in the 
registry database or the transfer command will fail and an error will be 
returned to the registrar.

With regard to the FOA, it is intended to authorize the specific transfer of a 
domain name.  I don't believe that the intent was to authorize multiple 
transfers or events.  I am providing the language of the FOA below for 
reference as it may help to answer some of the questions relating to the use of 
the FOA.  Hope this helps.

Barbara

STANDARDIZED FORM OF AUTHORIZATION | DOMAIN NAME TRANSFER (GAINING REGISTRAR)

An English version of this message is contained below.
<Insert translation of English version in preferred language of the registrant 
if known>
ENGLISH VERSION
Attention: <insert Registered Name Holder or Administrative Contact of Record 
as listed in the WHOIS>
Re: Transfer of <insert one or more domain names>
[OPTIONAL text: The current registrar of record for this domain name is <insert 
name of losing registrar>.]
<insert name of gaining registrar> has received a request from <insert name of 
person/entity/reseller requesting transfer>
[OPTIONAL text:] via <insert method of request e.g email address or fax>
[END OPTIONAL TEXT]
on <insert date of request> for us to become the new registrar of record.
You have received this message because you are listed as the Registered Name 
Holder or Administrative contact for this domain name in the WHOIS database.
Please read the following important information about transferring your domain 
name:
*         You must agree to enter into a new Registration Agreement with us. 
You can review the full terms and conditions of the Agreement at <insert 
instructions for accessing the new terms and conditions, e.g. URL where the 
term and conditions can be found>
*         Once you have entered into the Agreement, the transfer will take 
place within five (5) calendar days unless the current registrar of record 
denies the request.
*         Once a transfer takes place, you will not be able to transfer to 
another registrar for 60 days, apart from a transfer back to the original 
registrar,in cases where both registrars so agree or where a decision in the 
dispute resolution process so directs.
If you WISH TO PROCEED with the transfer, you must respond to this message via 
one of the following methods (note if you do not respond by <date>, <domain 
name or domain names> will not be transferred to us.).
[NOTE: a registrar can choose to include one or more of the following in the 
message sent to the Registered Name Holder or Admin contact, and additional 
processes may be added with ICANN approval. The order in which options are 
presented is a decision for each registrar. Further,in addition to the options 
below, the registrar may choose to request the "Auth-Info" code from the 
Registered Name Holder or Administrative Contact]
[option 1] please email us with the following message:
"I confirm that I have read the Domain Name Transfer - Request for Confirmation 
Message.
I confirm that I wish to proceed with the transfer of <insert domain name> from 
<insert name of losing registrar< to <insert name of gaining registrar>."
[option 2] please go to our website, <insert URL of confirmation webpage> to 
confirm.
[Note: website to contain text as above, with the option to confirm or deny the 
transfer]
[option 3] please print out a copy of this message and send a signed copy to 
<insert fax or postal address details>
If you DO NOT WANT the transfer to proceed, then don't respond to this message.
If you have any questions about this process, please contact <insert contact 
details>.




Barbara Knight
Director of Policy




VerisignInc.com<http://www.verisigninc.com/>

This message (including any attachments) is  intended only for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, privileged, confidential, and exempt from 
disclosure under applicable law or may constitute as attorney work product. If 
you are not the intended recipient, you are hereby notified that any use, 
dissemination, distribution, or copying of this communication is strictly 
prohibited. If you have received this communication in error, notify us 
immediately by telephone and (i) destroy this message if a facsimile or (ii) 
delete this message immediately if this is an electronic communication.

[Verisign(tm)]