RE: [gnso-irtpc] Consensus Call: Charter Question B (FOAs)

["Knight, Barbara" <BKnight@xxxxxxxxxxxx>]

All,
I think that the language is looking good.  However, I would recommend that we 
NOT delete the "be permitted to" from the last sentence of the first section 
unless it is the intent to require all registrars to allow registrants to opt 
into an auto-renewal of the FOA if the registrant so wishes.  Some registrars 
may not want to give this option and, in my opinion, I don't think that the 
policy should require them to.  I also suggest (as highlighted and in blue 
below) that we change "use" to "need" in the very last sentence.  Thanks.



Barbara Knight
Director of Policy
VerisignInc.com<http://www.verisigninc.com/>

This message (including any attachments) is  intended only for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, privileged, confidential, and exempt from 
disclosure under applicable law or may constitute as attorney work product. If 
you are not the intended recipient, you are hereby notified that any use, 
dissemination, distribution, or copying of this communication is strictly 
prohibited. If you have received this communication in error, notify us 
immediately by telephone and (i) destroy this message if a facsimile or (ii) 
delete this message immediately if this is an electronic communication.

[Verisign(tm)]



From: owner-gnso-irtpc@xxxxxxxxx [mailto:owner-gnso-irtpc@xxxxxxxxx] On Behalf 
Of Bob Mountain
Sent: Tuesday, September 11, 2012 2:08 AM
To: Sedo :: Simonetta Batteiger; James M. Bladel; IRTPC Working Group
Subject: Re: [gnso-irtpc] Consensus Call: Charter Question B (FOAs)

James / Simonetta,
OK despite multiple reads I somehow missed that sentence so yes, that does work.

My only other comment was in the use of the standard FoA being sent to a Losing 
Registrant.  We had circulated some language earlier which proposed the use of 
a modified FoA for Losing Registrant where rather than giving the Registrant 
the ability to terminate a sale, they would be advised to contact their 
registrar.  This would be an option for the registrar and could be used in the 
case of a fast transfer sale.  I'd propose something like the section below in 
green.

Still on the road so sorry for delays.

Thanks!
Mtn.


The WG concludes that FOAs, once obtained by a gaining registrar, should be 
valid for 60 days.  Following this time period, the gaining a registrar must 
re-authorize (via new FOA) the  any transfer request. Registrars should be 
permitted to allow registrants to opt-into an automatic renewal of FOAs, if 
desired.

In addition to the 60-day validity restriction period, FOAs will also no longer 
be valid should expire if there is a change of registrant, or if the domain 
name expires, or if the a transfer is executed, or if there is a dispute filed 
for the domain name.  In order to preserve the integrity of the FOA, there 
cannot be any opt-in or opt-out provisions for these reasons for expiration 
this requirement.

Losing Registrants under IRTP-B are now required to send an FoA to a Losing 
Registrant.  The Workgroup advises that Losing Registrars have the option to 
send a modified version of this FoA to a Losing Registrant in the event that 
the transfer is automated where the FoA would be advisory in nature.

Finally, during the course of its deliberations on this topic, the WG notes 
that the use of EPP Authorization Info (AuthInfo) keys has become the de facto 
security mechanism in our industry and thereby replaced some of the reason for 
the creation of the standard FOA.  We recommend that future efforts in this 
area examine whether the universal adoption and implementation of EPP AuthInfo 
codes shwould eliminate the use need of FOAs.


--
Bob Mountain
Senior Vice President
Business Development & Account Services
[cid:9F696FD4-E9C1-427D-B0C8-E6F83C4FFF89]
E: mtn@xxxxxxxxxxxxx<mailto:bmountain@xxxxxxxxxxxxx>
P: +1 781.839.2871    F: +1 781.839.2801  C: +1 508-878-0469

Visit us at NameMedia.com<http://www.namemedia.com/>

CONFIDENTIALITY NOTICE: This e-mail and any documents attached to it may 
contain confidential or proprietary information or content. The transmission is 
intended solely for the information or use of the individuals addressed, or 
copied, as intended recipients. If you are not a named recipient, or you were 
otherwise sent this by mistake, you are hereby notified that any disclosure, 
copying, distribution or taking of any action as a result of or in reliance on 
the contents of this e-mail is strictly prohibited. If this message has been 
received in error, please delete it immediately and notify the sender by return 
e-mail. Please consider the environment before printing this e-mail.


From: Simonetta Batteiger <simonetta@xxxxxxxx<mailto:simonetta@xxxxxxxx>>
Date: Monday, September 10, 2012 5:35 PM
To: "James M. Bladel" <jbladel@xxxxxxxxxxx<mailto:jbladel@xxxxxxxxxxx>>, Bob 
Mountain <bmountain@xxxxxxxxxxxxx<mailto:bmountain@xxxxxxxxxxxxx>>, IRTPC 
Working Group <gnso-irtpc@xxxxxxxxx<mailto:gnso-irtpc@xxxxxxxxx>>
Subject: RE: [gnso-irtpc] Consensus Call: Charter Question B (FOAs)

I thought it sounded as if this is only applying for specific transfers that 
are defined somewhere else (and that there might be transfers this does not 
apply to), so I thought it would be better to keep it more generic as the 
intent of this is to apply to any transfer. But if the workgroup feels 
otherwise, I have no issues with changing that back. I'm also not the native 
speaker in the group, so this might just be me... :)
Simonetta

From: James M. Bladel [mailto:jbladel@xxxxxxxxxxx]
Sent: Monday, September 10, 2012 3:25 PM
To: Sedo :: Simonetta Batteiger; Bob Mountain; IRTPC Working Group
Subject: RE: [gnso-irtpc] Consensus Call: Charter Question B (FOAs)

Simonetta, Bob, and Team:

Sorry for the delayed response, but Simonetta's reply is spot-on.  I also agree 
with her improved language, with one minor question:  Why change "the" to "any" 
or "a" when referring to the transfer request?  I believe we would want to be 
as specific as possible on this, unless I'm missing some use case.

Thoughts?

J.

-------- Original Message --------
Subject: RE: [gnso-irtpc] Consensus Call: Charter Question B (FOAs)
From: "Sedo :: Simonetta Batteiger" 
<simonetta@xxxxxxxx<mailto:simonetta@xxxxxxxx>>
Date: Mon, September 10, 2012 8:05 am
To: Bob Mountain <bmountain@xxxxxxxxxxxxx<mailto:bmountain@xxxxxxxxxxxxx>>, 
"James M. Bladel"
<jbladel@xxxxxxxxxxx<mailto:jbladel@xxxxxxxxxxx>>, IRTPC Working Group 
<gnso-irtpc@xxxxxxxxx<mailto:gnso-irtpc@xxxxxxxxx>>
Bob,

I think James tried to capture this non-time limited idea with the "permitted 
to allow registrants to opt-in to an automatic renewal" part. But I also think 
this could be worded a bit more clear. The original wording almost sounded like 
it's something we want to put forward as optional, this was not what I thought 
the intent of the proposal should be.

The other thing is that IRTP-B asked that FOAs are done both at the Gaining as 
well as the Losing Registrar, so the restriction in the first paragraph to just 
the Gaining registrar does not seem to make sense to me. I would simply state 
"the registrar" there. The important thing in case of a change of registrant is 
also, that the "seller" or "prior registrant" gave their consent to the 
transfer, and that they can do so ahead of time if they wish to list their 
names for sale in an automatic trading system.

Also thought that a dispute on the name should be an additional reason for an 
FOA to expire. (can anyone think of additional reasons?)

How about something like this (marked all my change proposals yellow, so it's 
easy to spot them):

WG Response:
The WG concludes that FOAs, once obtained by a gaining registrar, should be 
valid for 60 days.  Following this time period, the gaining a registrar must 
re-authorize (via new FOA) the  any transfer request. Registrars should be 
permitted to allow registrants to opt-into an automatic renewal of FOAs, if 
desired.

In addition to the 60-day validity restriction period, FOAs will also no longer 
be valid should expire if there is a change of registrant, or if the domain 
name expires, or if the a transfer is executed, or if there is a dispute filed 
for the domain name.  In order to preserve the integrity of the FOA, there 
cannot be any opt-in or opt-out provisions for these reasons for expiration 
this requirement.

Finally, during the course of its deliberations on this topic, the WG notes 
that the use of EPP Authorization Info (AuthInfo) keys has become the de facto 
security mechanism in our industry and thereby replaced some of the reason for 
the creation of the standard FOA.  We recommend that future efforts in this 
area examine whether the universal adoption and implementation of EPP AuthInfo 
codes shwould eliminate the use of FOAs.


From:owner-gnso-irtpc@xxxxxxxxx<mailto:owner-gnso-irtpc@xxxxxxxxx> 
[mailto:owner-gnso-irtpc@xxxxxxxxx] On Behalf Of Bob Mountain
Sent: Sunday, September 09, 2012 6:28 PM
To: James M. Bladel; IRTPC Working Group
Subject: Re: [gnso-irtpc] Consensus Call: Charter Question B (FOAs)

Hi James,
We also discussed a non-time limited FoA at the discretion of the registrant, 
were you going to cover that in a different section?
Tks Mtn.


--
Bob Mountain
Senior Vice President
Business Development & Account Services
[cid:9F696FD4-E9C1-427D-B0C8-E6F83C4FFF89]
E: mtn@xxxxxxxxxxxxx<mailto:bmountain@xxxxxxxxxxxxx>
P: +1 781.839.2871    F: +1 781.839.2801  C: +1 508-878-0469

Visit us at NameMedia.com<http://www.namemedia.com/>

CONFIDENTIALITY NOTICE: This e-mail and any documents attached to it may 
contain confidential or proprietary information or content. The transmission is 
intended solely for the information or use of the individuals addressed, or 
copied, as intended recipients. If you are not a named recipient, or you were 
otherwise sent this by mistake, you are hereby notified that any disclosure, 
copying, distribution or taking of any action as a result of or in reliance on 
the contents of this e-mail is strictly prohibited. If this message has been 
received in error, please delete it immediately and notify the sender by return 
e-mail. Please consider the environment before printing this e-mail.


From: "James M. Bladel" <jbladel@xxxxxxxxxxx<mailto:jbladel@xxxxxxxxxxx>>
Date: Sunday, September 9, 2012 6:22 PM
To: IRTPC Working Group <gnso-irtpc@xxxxxxxxx<mailto:gnso-irtpc@xxxxxxxxx>>
Subject: [gnso-irtpc] Consensus Call: Charter Question B (FOAs)

Team:

Please review the statement(s) below, and indicate your support, or objection.  
If the latter, please propose and alternative approach.

Avri and I will work with staff to clean up the final language, but these are 
the (very) basic points.

Thanks--

J.

____________________________________

Charter Question B: Whether provisions on time-limiting Form Of Authorization 
(FOA)s should be implemented to avoid fraudulent transfers out. For example, if 
a Gaining Registrar sends and receives an FOA back from a transfer contact, but 
the name is locked, the registrar may hold the FOA pending adjustment to the 
domain name status, during which time the registrant or other registration 
information may have changed.

WG Response:
The WG concludes that FOAs, once obtained by the gaining registrar, should be 
valid for 60 days.  Following this time period, the gaining registrar must 
re-authorize (via new FOA) the transfer request.   Registrars should be 
permitted to allow registrants to opt-in to an automatic renewal of FOAs, if 
desired.

In addition the 60-day validity period, FOAs will also no longer be valid if 
there is a change of registrant, or if the domain name expires, or if the 
transfer is executed.  In order to preserve the integrity of the FOA, there 
cannot be any opt-in or opt-out provisions for this requirement.

Finally, during the course of its deliberations on this topic, the WG notes 
that the use of EPP Authorization Info (AuthInfo) keys has become the de facto 
security mechanism in our industry.  We recommend that future efforts in this 
area examine whether the universal adoption and implementation of EPP AuthInfo 
codes would eliminate the use of FOAs.