RE: [gnso-irtpc] Comments on time-limiting FOA

["Michele Neylon :: Blacknight" <michele@xxxxxxxxxxxxx>]

James et al

I'd agree with James and Chris on this.

It would be beneficial to have broader input, but I can see plenty of scenarios 
like those that James outlined where not expiring an FOA could lead to 
headaches.

The proposed language from James makes a lot of sense to me.

Regards

Michele

--
Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
http://www.blacknight.com/
http://blog.blacknight.com/
http://mneylon.tel/
Intl. +353 (0) 59  9183072
Locall: 1850 929 929
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 1 4811 763
Twitter: http://twitter.com/mneylon
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,Ireland  Company No.: 370845
________________________________
From: owner-gnso-irtpc@xxxxxxxxx [owner-gnso-irtpc@xxxxxxxxx] on behalf of 
James M. Bladel [jbladel@xxxxxxxxxxx]
Sent: 23 May 2012 17:31
To: Chris Chaplow
Cc: IRTPC Working Group
Subject: RE: [gnso-irtpc] Comments on time-limiting FOA

Speaking as a registrar, I agree that there should be some *reasonable* time 
limits on FOAs.  This is based upon seeing some incidents of actual harm, 
seeing very little down side / negative impact, and a general unease with any 
"indefinite" agreement with no time boundaries.

Harms:  We have seen a few interesting situations where registrants have listed 
with two aftermarket services, and sold with one while a "valid" FOA (from the 
previous registrant) is held by the other.  It is also possible that a domain 
name could expire and be re-renewed or registered via a "drop", but the FOA 
would persist through these critical events. To build upon real estate 
analogies, I believe Mikey O'Connor once characterized this as a broken chain 
of title.  I'm hoping our Aftermarket participants can help us address these 
issues.

Negative Impacts:  Minor.  Many registrars are already doing this.  Others 
could use the expiry of an FOA as an opportunity to contact the registrant and 
determine why the transfer has not taken place.  Did the transfer fail for some 
reason?  If the name is listed for sale, why isn't it selling?  Is the current 
registrant even aware that the FOA exists?

Indefinite Agreements:  Need help from a legal-type on this, but aren't all 
contracts / agreements required to have some sort of term?

My recommendation is therefore that there be a reasonably long (45-60 days) 
time limit on FOAs, and that they are also invalidated by certain events.  Some 
draft language might be:

Once obtained, an FOA is valid for (45 or 60) calendar days, or until the 
domain name expires, or until there is a Change of Registrant.

Thanks--

J.




-------- Original Message --------
Subject: RE: [gnso-irtpc] Comments on time-limiting FOA
From: "Chris Chaplow" <chris@xxxxxxxxxxxxx<mailto:chris@xxxxxxxxxxxxx>>
Date: Wed, May 23, 2012 9:01 am
To: "'IRTPC Working Group'" <gnso-irtpc@xxxxxxxxx<mailto:gnso-irtpc@xxxxxxxxx>>

Hi there,

My gut feeling is that there should be a time limit on FOA  and this should be 
policy rather than recommend.
I do appreciate the argument not to create policy for a non problem.

Perhaps we should help the community (and us) understand the wisdom by 
expressing pros and cons of both (ie policy  and  best practice) in a table in 
the report.

Best



Chris Chaplow
Managing Director
Andalucia.com<http://Andalucia.com> S.L.
Avenida del Carmen 9
Ed. Puertosol, Puerto Deportivo
1ª Planta, Oficina 30
Estepona, 29680
Malaga, Spain
Tel: + (34) 952 897 865
Fax: + (34) 952 897 874
E-mail: chris@xxxxxxxxxxxxx<mailto:chris@xxxxxxxxxxxxx>
Web: www.andalucia.com<http://www.andalucia.com/>
Information about Andalucia, Spain.

De: owner-gnso-irtpc@xxxxxxxxx<mailto:owner-gnso-irtpc@xxxxxxxxx> 
[mailto:owner-gnso-irtpc@xxxxxxxxx] En nombre de Mike O'Connor
Enviado el: martes, 22 de mayo de 2012 20:59
Para: IRTPC Working Group
Asunto: [gnso-irtpc] Comments on time-limiting FOA

hi all,

i would like to make the case for upgrading the time-limiting of FOA's from 
being a "recommended best practice" to being a policy that is implemented 
across all registrars.

here's why…

first, a replay of the current policy:
"Section 2 -- Gaining Registrar Requirements
For each instance where a Registered Name Holder requests to transfer a domain 
name registration to a different Registrar, the Gaining Registrar shall:
2.1 Obtain express authorization from either the Registered Name Holder or the 
Administrative Contact (hereafter, "Transfer Contact"). Hence, a transfer may 
only proceed if confirmation of the transfer is received by the Gaining 
Registrar from the Transfer Contact.
2.1.1 The authorization must be made via a valid Standardized Form of 
Authorization (FOA)…."


i've highlighted the two phrases that speak to me, FOA's are to be obtained 
"for each instance" of a transfer and are used to "obtain express 
authorization" of the transfer.

the proposal to time-limit FOAs comes from the working group that launched the 
long series of PDPs of which this one is the 3rd of 5.  so let's take a look at 
the question that was posed lo those many years ago:
Whether provisions on time-limiting Form Of Authorization (FOA)s should be 
implemented to avoid fraudulent transfers out. For example, if a Gaining 
Registrar sends and receives an FOA back from a transfer contact, but the name 
is locked, the registrar may hold the FOA pending adjustment to the domain name 
status, during which time the registrant or other registration information may 
have changed.

it seems to me that the need to limit the time that an FOA is implied by the 
"avoid fraudulent transfers out" phrase in that question.

i prefer a policy stance which addresses the security needs of the typical 
domain registrant (an individual or corporation that uses the domain name) 
while providing a mechanism where the ease-of-use needs of the 
relatively-unusual domain-investor can still be addressed.  here's how i'd 
prefer to see our recommendation phrased.

"Therefore the WG recommends Section 2 of the IRTP be revised to insert the 
following section:

2.1.4 The FOA will expire when the requested-transfer is complete, it is 
renewed by the Registered Name Holder, or in 30 calendar days, which ever comes 
first.  "

my hope is that by introducing the notion of renewing an FOA, we can 
accommodate the registrant (and registrars) that would like to:

-- "pre-authorize" a transfer for months or even years (presumably with 
suitable security around that process)
-- provide a framework that they can explicitly enter into agreements to 
"auto-renew" the FOA indefinitely if they so choose
-- support a variety of manual or auto-renew processes that can vary across 
registrars.

i'm hoping that with this, we make it possible for high-volume domain investors 
to put a "buy it right now" sign on their names over long periods of time but 
still provide enhanced security for the vast majority of registrants who are 
simply using the name to conduct their day-to-day affairs.

as i said on the call, i'm cranky about relegating this to a "best practice."  
i think that approach solves the problems of the few at the expense of the many.

mikey


- - - - - - - - -
phone  651-647-6109
fax                  866-280-2356
web     http://www.haven2.com
handle OConnorStP (ID for public places like Twitter, Facebook, Google, etc.)