Re: [gnso-res-sga] Whois working group -- subgroup A (reponsibilities)

["Richard Padilla" <padilla.richard@xxxxxxxxx>]

Sorry to Eric I should have replied to all instead of just Eric. I agreed
with Eric in that proxy/OPoC should be fully registered but my concern will
be the accountability and transparency, if that is not in place it will not
be of any use. If the need of our working group is to develop how the
responsibility is delivered then it may be a solution to develop regulations
that require any and all participants involved to ensure that are vetted
through a tough selection and questioning process enough to be registered
and transparent enough to ensure accountability. So that even though all
registars presently are already vetted then our needs to look at how to
redesign the process of vetting to ensure full accuntability and
transparency. This may also led to how we may eventually develop the
responsibility of how information can be protected and regulated.

Richard

On 5/8/07, Steve DelBianco <sdelbianco@xxxxxxxxxxxxx> wrote:
> as discussed on our first call last week, here are my personal suggestions
> for the OPoC responsibilities, arranged according to Steve Metalitz' 4
> questions.  Looking forward to our discussion tomorrow.
>
> --Steve DelBianco
>
>
> 1. WHO is the OPOC: qualifications, identification to/ verification by
> registrar, need for consent before listing, etc:
>
> OPoC must have the technical capability, or have immediate access to
> someone who has the technical capability, to address technical or
> operational issues regarding activity related to the Registrant's domain.
>
> The OPoC must have the technical capability and permissions to take down a
> registrant's site.
>
> The OPoC should be a legal agent of the registrant, and must acknowledge
> in advance that they could be liable for registrant's illegal activities
>
> -----------------------------------------------------
> 2. WHAT issues is the OPOC required to handle - or not:
>
> OPoC must provide accurate and complete details for 24/7 contact
> information.
>
> At time of registration or upon any change in OPoC designation, the
> Registrar must validate the completeness and accuracy of contact information
> provided.
>
> At time of registration or upon any change in OPoC designation, the
> Registrar should roll proxy contacts to the OPoC.
>
> OPoC must maintain accurate published data.
>
> OPoC must not knowingly allow bad faith or illegal activity at the domain.
>
>
> OPoC must accept contacts of any nature, ranging from technical,
> administrative, IP conflict, legal notices, contact from law enforcement,
> on behalf of the registered name holder. The OPoC must receive and forward
> any communications to the registrant.
>
> Upon communicating with the registrant, the OPoC must ensure that the
> Registrant communicates a response or resolution of the applicable issue.
>
> If the OPoC is properly informed that their registrant is phishing, the
> OPoC has the responsibility to take the site down immediately upon proper
> notice. If the OPoC then fails to take the site down, the OPoC would be
> contributorily liable.
>
> -----------------------------------------------------
> 3. WHEN must the OPoC act - time frames for response, etc:
>
> OPoC must be responsible for forwarding, within 12 hours of receipt, any
> correspondence and requests to contact the registrant and/or a technical
> resource for the registrant.
>
> OPoC must investigate and take appropriate action (without unreasonable
> delay, or, as soon as reasonably possible) in response to notice of illegal
> activity at the domain.
>
> -----------------------------------------------------
> 4. HOW would these responsibilities be enforced - what happens if they are
> not fulfilled?
>
> If an OPoC fails to meet their defined responsibilities in the required
> response period, resolution of the domain name should be immediately
> suspended in these steps:
>
> 1. Registrar shall immediately suspend name records for the affected
> domain and suspend webhost services.
>
> 2. Registrar shall immediately convey full owner Whois details to the
> complainant.
>
> 3. Registry shall suspend website DNS, although TTL means that resolutions
> would still occur for 24-48 hours.
>
> 4. Registry shall lock the domain so that it cannot be transferred.  The
> name should be available for resale after __ days unless the registrant has
> initiated an approved disputer resolution mechanism.
>
> Steps taken to suspend resolution should not prejudice any party's ability
> to pursue appeals or alternate dispute resolution mechanisms.