Re: [gnso-irtpc] Consensus Call: Charter Question B (FOAs)

[Bob Mountain <bmountain@xxxxxxxxxxxxx>]

Hi James,
We also discussed a non-time limited FoA at the discretion of the registrant, 
were you going to cover that in a different section?
Tks Mtn.


--
Bob Mountain
Senior Vice President
Business Development & Account Services
[cid:9F696FD4-E9C1-427D-B0C8-E6F83C4FFF89]
E: mtn@xxxxxxxxxxxxx<mailto:bmountain@xxxxxxxxxxxxx>
P: +1 781.839.2871    F: +1 781.839.2801  C: +1 508-878-0469

Visit us at NameMedia.com<http://www.namemedia.com/>

CONFIDENTIALITY NOTICE: This e-mail and any documents attached to it may 
contain confidential or proprietary information or content. The transmission is 
intended solely for the information or use of the individuals addressed, or 
copied, as intended recipients. If you are not a named recipient, or you were 
otherwise sent this by mistake, you are hereby notified that any disclosure, 
copying, distribution or taking of any action as a result of or in reliance on 
the contents of this e-mail is strictly prohibited. If this message has been 
received in error, please delete it immediately and notify the sender by return 
e-mail. Please consider the environment before printing this e-mail.


From: "James M. Bladel" <jbladel@xxxxxxxxxxx<mailto:jbladel@xxxxxxxxxxx>>
Date: Sunday, September 9, 2012 6:22 PM
To: IRTPC Working Group <gnso-irtpc@xxxxxxxxx<mailto:gnso-irtpc@xxxxxxxxx>>
Subject: [gnso-irtpc] Consensus Call: Charter Question B (FOAs)

Team:

Please review the statement(s) below, and indicate your support, or objection.  
If the latter, please propose and alternative approach.

Avri and I will work with staff to clean up the final language, but these are 
the (very) basic points.

Thanks--

J.

____________________________________

Charter Question B: Whether provisions on time-limiting Form Of Authorization 
(FOA)s should be implemented to avoid fraudulent transfers out. For example, if 
a Gaining Registrar sends and receives an FOA back from a transfer contact, but 
the name is locked, the registrar may hold the FOA pending adjustment to the 
domain name status, during which time the registrant or other registration 
information may have changed.

WG Response:
The WG concludes that FOAs, once obtained by the gaining registrar, should be 
valid for 60 days.  Following this time period, the gaining registrar must 
re-authorize (via new FOA) the transfer request.   Registrars should be 
permitted to allow registrants to opt-in to an automatic renewal of FOAs, if 
desired.

In addition the 60-day validity period, FOAs will also no longer be valid if 
there is a change of registrant, or if the domain name expires, or if the 
transfer is executed.  In order to preserve the integrity of the FOA, there 
cannot be any opt-in or opt-out provisions for this requirement.

Finally, during the course of its deliberations on this topic, the WG notes 
that the use of EPP Authorization Info (AuthInfo) keys has become the de facto 
security mechanism in our industry.  We recommend that future efforts in this 
area examine whether the universal adoption and implementation of EPP AuthInfo 
codes would eliminate the use of FOAs.