Re: [gnso-irtpc] Comments on time-limiting FOA

["Mike O'Connor" <mike@xxxxxxxxxx>]

one caveat to James' language

> Once obtained, an FOA is valid for (45 or 60) calendar days, or until the 
> domain name expires, or until there is a Change of Registrant, whichever 
> occurs first.


On May 23, 2012, at 11:31 AM, James M. Bladel wrote:

> Speaking as a registrar, I agree that there should be some *reasonable* time 
> limits on FOAs.  This is based upon seeing some incidents of actual harm, 
> seeing very little down side / negative impact, and a general unease with any 
> "indefinite" agreement with no time boundaries.
> 
> Harms:  We have seen a few interesting situations where registrants have 
> listed with two aftermarket services, and sold with one while a "valid" FOA 
> (from the previous registrant) is held by the other.  It is also possible 
> that a domain name could expire and be re-renewed or registered via a "drop", 
> but the FOA would persist through these critical events. To build upon real 
> estate analogies, I believe Mikey O'Connor once characterized this as a 
> broken chain of title.  I'm hoping our Aftermarket participants can help us 
> address these issues.
> 
> Negative Impacts:  Minor.  Many registrars are already doing this.  Others 
> could use the expiry of an FOA as an opportunity to contact the registrant 
> and determine why the transfer has not taken place.  Did the transfer fail 
> for some reason?  If the name is listed for sale, why isn't it selling?  Is 
> the current registrant even aware that the FOA exists? 
> 
> Indefinite Agreements:  Need help from a legal-type on this, but aren't all 
> contracts / agreements required to have some sort of term? 
> 
> My recommendation is therefore that there be a reasonably long (45-60 days) 
> time limit on FOAs, and that they are also invalidated by certain events.  
> Some draft language might be:
> 
> Once obtained, an FOA is valid for (45 or 60) calendar days, or until the 
> domain name expires, or until there is a Change of Registrant.
> 
> Thanks--
> 
> J.
> 
> 
> 
> 
> -------- Original Message --------
> Subject: RE: [gnso-irtpc] Comments on time-limiting FOA
> From: "Chris Chaplow" <chris@xxxxxxxxxxxxx>
> Date: Wed, May 23, 2012 9:01 am
> To: "'IRTPC Working Group'" <gnso-irtpc@xxxxxxxxx>
> 
> Hi there,
>  
> My gut feeling is that there should be a time limit on FOA  and this should 
> be policy rather than recommend.
> I do appreciate the argument not to create policy for a non problem.
>  
> Perhaps we should help the community (and us) understand the wisdom by 
> expressing pros and cons of both (ie policy  and  best practice) in a table 
> in the report.
>  
> Best
>  
>  
>  
> Chris Chaplow
> Managing Director
> Andalucia.com S.L.
> Avenida del Carmen 9
> Ed. Puertosol, Puerto Deportivo
> 1ª Planta, Oficina 30
> Estepona, 29680
> Malaga, Spain
> Tel: + (34) 952 897 865
> Fax: + (34) 952 897 874
> E-mail: chris@xxxxxxxxxxxxx
> Web: www.andalucia.com
> Information about Andalucia, Spain.
>  
> De: owner-gnso-irtpc@xxxxxxxxx [mailto:owner-gnso-irtpc@xxxxxxxxx] En nombre 
> de Mike O'Connor
> Enviado el: martes, 22 de mayo de 2012 20:59
> Para: IRTPC Working Group
> Asunto: [gnso-irtpc] Comments on time-limiting FOA
>  
> hi all,
> 
> i would like to make the case for upgrading the time-limiting of FOA's from 
> being a "recommended best practice" to being a policy that is implemented 
> across all registrars.
> 
> here's why…
> 
> first, a replay of the current policy:
> "Section 2 -- Gaining Registrar Requirements
> For each instance where a Registered Name Holder requests to transfer a 
> domain name registration to a different Registrar, the Gaining Registrar 
> shall:
> 2.1 Obtain express authorization from either the Registered Name Holder or 
> the Administrative Contact (hereafter, "Transfer Contact"). Hence, a transfer 
> may only proceed if confirmation of the transfer is received by the Gaining 
> Registrar from the Transfer Contact.
> 2.1.1 The authorization must be made via a valid Standardized Form of 
> Authorization (FOA)…."
> 
> 
> i've highlighted the two phrases that speak to me, FOA's are to be obtained 
> "for each instance" of a transfer and are used to "obtain express 
> authorization" of the transfer.  
> 
> the proposal to time-limit FOAs comes from the working group that launched 
> the long series of PDPs of which this one is the 3rd of 5.  so let's take a 
> look at the question that was posed lo those many years ago:
> Whether provisions on time-limiting Form Of Authorization (FOA)s should be 
> implemented to avoid fraudulent transfers out. For example, if a Gaining 
> Registrar sends and receives an FOA back from a transfer contact, but the 
> name is locked, the registrar may hold the FOA pending adjustment to the 
> domain name status, during which time the registrant or other registration 
> information may have changed.
>  
> it seems to me that the need to limit the time that an FOA is implied by the 
> "avoid fraudulent transfers out" phrase in that question.
>  
> i prefer a policy stance which addresses the security needs of the typical 
> domain registrant (an individual or corporation that uses the domain name) 
> while providing a mechanism where the ease-of-use needs of the 
> relatively-unusual domain-investor can still be addressed.  here's how i'd 
> prefer to see our recommendation phrased.
>  
> "Therefore the WG recommends Section 2 of the IRTP be revised to insert the 
> following section:
>  
> 2.1.4 The FOA will expire when the requested-transfer is complete, it is 
> renewed by the Registered Name Holder, or in 30 calendar days, which ever 
> comes first.  "
>  
> my hope is that by introducing the notion of renewing an FOA, we can 
> accommodate the registrant (and registrars) that would like to:
>  
> -- "pre-authorize" a transfer for months or even years (presumably with 
> suitable security around that process)
> -- provide a framework that they can explicitly enter into agreements to 
> "auto-renew" the FOA indefinitely if they so choose 
> -- support a variety of manual or auto-renew processes that can vary across 
> registrars.
>  
> i'm hoping that with this, we make it possible for high-volume domain 
> investors to put a "buy it right now" sign on their names over long periods 
> of time but still provide enhanced security for the vast majority of 
> registrants who are simply using the name to conduct their day-to-day affairs.
>  
> as i said on the call, i'm cranky about relegating this to a "best practice." 
>  i think that approach solves the problems of the few at the expense of the 
> many.
>  
> mikey
>  
>  
> - - - - - - - - -
> phone  651-647-6109  
> fax                  866-280-2356  
> web     http://www.haven2.com
> handle OConnorStP (ID for public places like Twitter, Facebook, Google, etc.)
>  

- - - - - - - - -
phone   651-647-6109  
fax             866-280-2356  
web     http://www.haven2.com
handle  OConnorStP (ID for public places like Twitter, Facebook, Google, etc.)