Re: [gnso-res-sga] Whois working group -- subgroup A (reponsibilities)

[Hugh Dierker <hdierker2204@xxxxxxxxx>]

I think the registration of the proxy/OPoC makes the "when" more palatable as 
in 12 hrs. I like the concept of "professional proxy". And in so making proxies 
professional there then can be put in place a code of ethics with fast and real 
consequences for malfeasance. It does not make them responsible for content but 
does create some responsibility for conduct.
   
  If ICANN can have an RAA they can have an PAA.
   
  Eric
  

Richard Padilla <padilla.richard@xxxxxxxxx> wrote:
  Sorry to Eric I should have replied to all instead of just Eric. I agreed 
with Eric in that proxy/OPoC should be fully registered but my concern will be 
the accountability and transparency, if that is not in place it will not be of 
any use. If the need of our working group is to develop how the responsibility 
is delivered then it may be a solution to develop regulations that require any 
and all participants involved to ensure that are vetted through a tough 
selection and questioning process enough to be registered and transparent 
enough to ensure accountability. So that even though all registars presently 
are already vetted then our needs to look at how to redesign the process of 
vetting to ensure full accuntability and transparency. This may also led to how 
we may eventually develop the responsibility of how information can be 
protected and regulated. 

Richard

  On 5/8/07, Steve DelBianco < sdelbianco@xxxxxxxxxxxxx> wrote:   
as discussed on our first call last week, here are my personal suggestions for 
the OPoC responsibilities, arranged according to Steve Metalitz' 4 questions.  
Looking forward to our discussion tomorrow. 

--Steve DelBianco


1. WHO is the OPOC: qualifications, identification to/ verification by 
registrar, need for consent before listing, etc:

OPoC must have the technical capability, or have immediate access to someone 
who has the technical capability, to address technical or operational issues 
regarding activity related to the Registrant's domain. 

The OPoC must have the technical capability and permissions to take down a 
registrant's site.

The OPoC should be a legal agent of the registrant, and must acknowledge in 
advance that they could be liable for registrant's illegal activities 

-----------------------------------------------------
2. WHAT issues is the OPOC required to handle - or not:

OPoC must provide accurate and complete details for 24/7 contact information.

At time of registration or upon any change in OPoC designation, the Registrar 
must validate the completeness and accuracy of contact information provided. 

At time of registration or upon any change in OPoC designation, the Registrar 
should roll proxy contacts to the OPoC.

OPoC must maintain accurate published data.

OPoC must not knowingly allow bad faith or illegal activity at the domain. 

OPoC must accept contacts of any nature, ranging from technical,
administrative, IP conflict, legal notices, contact from law enforcement, on 
behalf of the registered name holder. The OPoC must receive and forward any 
communications to the registrant. 

Upon communicating with the registrant, the OPoC must ensure that the 
Registrant communicates a response or resolution of the applicable issue.

If the OPoC is properly informed that their registrant is phishing, the OPoC 
has the responsibility to take the site down immediately upon proper notice. If 
the OPoC then fails to take the site down, the OPoC would be contributorily 
liable. 

-----------------------------------------------------
3. WHEN must the OPoC act - time frames for response, etc:

OPoC must be responsible for forwarding, within 12 hours of receipt, any 
correspondence and requests to contact the registrant and/or a technical 
resource for the registrant. 

OPoC must investigate and take appropriate action (without unreasonable delay, 
or, as soon as reasonably possible) in response to notice of illegal activity 
at the domain.

----------------------------------------------------- 
4. HOW would these responsibilities be enforced - what happens if they are not 
fulfilled?

If an OPoC fails to meet their defined responsibilities in the required 
response period, resolution of the domain name should be immediately suspended 
in these steps: 

1. Registrar shall immediately suspend name records for the affected domain and 
suspend webhost services.

2. Registrar shall immediately convey full owner Whois details to the 
complainant.

3. Registry shall suspend website DNS, although TTL means that resolutions 
would still occur for 24-48 hours. 

4. Registry shall lock the domain so that it cannot be transferred.  The name 
should be available for resale after __ days unless the registrant has 
initiated an approved disputer resolution mechanism.

Steps taken to suspend resolution should not prejudice any party's ability to 
pursue appeals or alternate dispute resolution mechanisms. 






       
---------------------------------
Give spam the boot. Take control with tough spam protection
in the all-new Yahoo! Mail Beta.