Comments on `` A. Standardized Forms of Authorization ''

[Patrick Mevzek <contact@xxxxxxxxxxxx>]

First I am not sure that all details should be specified in stone.
It may be better to give a list of mandatory points to be specified,
leaving the registrars the ability to convey those points in the way
they wish.

Of course all correspondence has to be archived, timestamped
(but are any efforts made to make sure time is correct ?), and
readily available if requested by registry, ICANN, dispute resolution
providers or the other registrar concerned by the transfer.

All correspondence should also include specific tokens, so that
replies can not be spoofed.

All correspondence should be sent to the owner and the administrative
contact (in Cc for example), not one or the other.

For the initial authorization:
- if the request is first handled through a website, it may not be
easy or possible to known the person/entity requesting the transfer
all we can know if that it has the authorization information that
should normally only by known by the owner of the domain name
In fact, this whole authorization message may be superflous since the
authorization info has the equivalent meaning.
A registrar should not even begin sending emails requesting to start
a transfer, if the authorization info has not been given.

For the confirmation:
- the formulation may be frightening
Telling the owner/admin that: ``you have requested'' can create
support nightmares since if someone else tried the transfer (which
may be the case when the authorization info is not used), the
owner/admin will learn it has done something that it may not have
done at all. This is another reason to let registrar use their own
phrasing as long as they convey some specified points.

There should also be a way to expedite a transfer (not waiting for up
to 5 days).

-- 
Patrick Mevzek . . . . . . Dot and Co (Paris, France)
<http://www.dotandco.net/> <http://www.dotandco.com/>