[gnso-irtpc] For review - Updated draft recommendation Charter Question B

[Marika Konings <marika.konings@xxxxxxxxx>]

Dear All,

Please find below the revised language for the recommendation for Charter 
Question B based on the comments made during last week's IRTP Part C meeting 
(the additional changes / edits are in red). Reading the recommendation, I also 
took the liberty of making one edit for clarity to the first sentence of the 
third paragraph. As indicated during the call, I think it would also be helpful 
if the WG could be more specific in the last paragraph whether this work is 
intended to be taken up by the next IRTP PDP or whether this is envisioned as a 
separate effort to help guide the GNSO Council.

Please feel free to share any comments and/or edits you may have with the 
mailing list ahead of tomorrow's meeting.

With best regards,

Marika

============

Draft Recommendation Charter Question B

Mark up

The WG concludes that FOAs, once obtained by a gaining registrar, should be 
valid for 60 days. Following this time period, the gaining a the registrar must 
re-authorize (via new FOA) the any the transfer request. Registrars should be 
permitted to allow registrants to opt-into an automatic renewal of FOAs, if 
desired.

In addition to the 60-day validity restriction period, FOAs will also no longer 
be valid should expire if there is a change of registrant, or if the domain 
name expires, or if the a the transfer is executed, or if there is a dispute 
filed for the domain name. In order to preserve the integrity of the FOA, there 
cannot be any opt-in or opt-out provisions for these reasons for expiration 
this requirement.

As recommended and approved as a result of the IRTP Part B PDP, Losing 
Registrarsntsunder IRTP-B are now required to send an FoA to a Losing Prior 
Registrant. The Workgroup advises that Losing Registrars have the option to 
send a modified version of this FoA to a Losing Prior Registrant in the event 
that the transfer is automated where the FoA would be advisory in nature.

Finally, during the course of its deliberations on this topic, the WG notes 
that the use of EPP Authorization Info (AuthInfo) keys codes has become the de 
facto security mechanism in our industry and thereby replaced some of the 
reason for the creation of the standard FOA. We recommend that future efforts 
in this area examine whether the universal adoption and implementation of EPP 
AuthInfo codes shwould eliminate the use need of FOAs.

Clean

The WG concludes that FOAs, once obtained by a registrar, should be valid for 
60 days. Following this time period, the registrar must re-authorize (via new 
FOA) the transfer request. Registrars should be permitted to allow registrants 
to opt-into an automatic renewal of FOAs, if desired.

In addition to the 60-day validity restriction, FOAs should expire if there is 
a change of registrant, or if the domain name expires, or if the transfer is 
executed, or if there is a dispute filed for the domain name. In order to 
preserve the integrity of the FOA, there cannot be any opt-in or opt-out 
provisions for these reasons for expiration.

As recommended and approved as a result of the IRTP Part B PDP, Losing 
Registrars under IRTP-B are now required to send an FoA to a Prior Registrant. 
The Workgroup advises that Losing Registrars have the option to send a modified 
version of this FoA to a Prior Registrant in the event that the transfer is 
automated where the FoA would be advisory in nature.

Finally, during the course of its deliberations on this topic, the WG notes 
that the use of EPP Authorization Info (AuthInfo) codes has become the de facto 
security mechanism in our  industry and thereby replaced some of the reason for 
the creation of the standard FOA. We recommend that future efforts in this area 
examine whether the universal adoption and implementation of EPP AuthInfo codes 
should eliminate the need of FOAs.