Summary and Analysis of Comments for the Inter-Registrar Transfer Policy - Part A ONew IRTP Issues¹

[Marika Konings <marika.konings@xxxxxxxxx>]

The comment period ran from 5 September 2008 to 29 September 2008. Three 
comments were received of which only one responded to the questions outlined in 
the announcement. The other two responses (from Malc McGookin and Jeffrey A. 
Williams) were off-topic; they expressed concerns relating to the loss of a 
particular domain name, the redemption grace period and warehousing. In 
addition, two other comments, the constituency statements of the Registrar and 
Registry constituency, were received after the deadline of the public comment 
period. These have also been included in this summary. The public comments on 
this forum are archived at http://forum.icann.org/lists/new-irtp-issues/ 
<http://forum.icann.org/lists/new-irtp-issues/> .

The three comments responding to the questions outlined in the announcement 
were submitted by the Intellectual Property Constituency (IPC), the Registry 
Constituency (RyC) and the Registrar Constituency.

Issue I - Is there a way for registrars to make Registrant E-mail Address data 
available to one another? Currently there is no way of automating approval from 
the Registrant, as the Registrant Email Address is not a required field in the 
registrar Whois. This slows down and/or complicates the process for 
registrants, especially since the Registrant can overrule the Admin Contact.

The IPC believes that the lack of an e-mail address for the registrant does not 
necessarily delay the transfer of a domain name. However, it does emphasise 
that if registrant e-mail address data is to be made available to other 
registrars, it should happen in the context of an overall technical 
modernization of the Whois protocol.

The RyC notes that the question might need to be restated to clarify the scope 
as registrant contact information such as the e-mail address is mandated in the 
case of thick registries; the registry operator is required to display the 
registrant e-mail address in the registry's WHOIS. In the case of thin 
registries, the RyC considers it too costly and time consuming to require thin 
registries to add contact information.  The RyC advocates that any chance to 
the policy should be limited to addressing the issue of obtaining authoritative 
information relating to the administrative contact e-mail address. In this 
context, a tiered access approach to proving WHOIS information could be 
considered for implementation by registrars.

The RC highlights that no viable secure implementation is available which would 
allow registrars to make registrant e-mail address data available to one 
another. In addition, the RC believes the issue is more appropriate for a 
market based solution than a regulatory intervention.

Issue II - Whether there is need for other options for electronic
authentication (e.g., security token in the Form of Authorization (FOA)) due to 
 security concerns on use of email addresses (potential for hacking or 
spoofing).

The IPC believes that there is a need for further options for electronic
authentication in order to set a reasonable secure and basic standard to be 
used by every registrar, and that such options should be independent of any 
other services offered by the registrar.  However, such a system should improve 
security without making the transfer process too cumbersome. Possible solutions 
could include the requirement for the registrant to submit with its request to 
unlock the name the IANA ID of the Gaining Registrar or the use of digital 
certificates. The IPC believes that an analysis of various ccTLD registry 
policies such as the Swedish registry, the Swiss registry and CoCCA. The IPC 
does recognize that unexpected and increased costs for registrants or at the 
registry level could be an issue.

The RyC supports the principle that market forces should handle this issue; 
registrars are best placed to measure demand and decide on whether they would 
like to differentiate themselves from their competitors by making additional 
security measures available for their customers. However, if a need would be 
identified for other options of electronic authentication, the RyC recommends 
that the EPP AuthInfo code be explored in further detail as this mechanism 
already provides an automated way to authenticate transfer requests and could 
take the place of both the Registrant and Admin contact e-mail addresses.

The RC also recommends that this issue be decided based on market demands 
rather than regulation.

Issue III - Whether the policy should incorporate provisions for handling 
partial bulk transfers between registrars - that is, transfers
involving a number of names but not the entire group of names held by the 
losing registrar.

The IPC believes that the transfer policy should incorporate provisions for 
handling partial bulk transfers. It considers it particularly helpful in the 
context of corporate asset sales and acquisitions in the context of a 
registrant or in case of the termination or non-renewal of a registrar's 
accreditation agreement.

The RyC supports the incorporation of provisions to handle partial bulk 
transfers as long as this would not require reengineering the existing bulk 
transfer functionality or new development. Specific details of the product 
offerings by registries and registrars should be left to the market.

The RC also believes that a partial bulk transfer option would be a useful tool 
for registrars, as long as it is properly defined. It does note that many 
details still need to be refined such as 'how many domain names constitute a 
bulk transfer' before a policy can be considered in this area. It emphasizes 
that such a policy should be limited to partial bulk transfers between 
registrars; partial bulk transfers for registrants should be left to 
market-driven innovation and competition.

--------------

Marika Konings
ICANN Policy Director