Comments on `` A. Standardized Forms of Authorization ''
First I am not sure that all details should be specified in stone. It may be better to give a list of mandatory points to be specified, leaving the registrars the ability to convey those points in the way they wish. Of course all correspondence has to be archived, timestamped (but are any efforts made to make sure time is correct ?), and readily available if requested by registry, ICANN, dispute resolution providers or the other registrar concerned by the transfer. All correspondence should also include specific tokens, so that replies can not be spoofed. All correspondence should be sent to the owner and the administrative contact (in Cc for example), not one or the other. For the initial authorization: - if the request is first handled through a website, it may not be easy or possible to known the person/entity requesting the transfer all we can know if that it has the authorization information that should normally only by known by the owner of the domain name In fact, this whole authorization message may be superflous since the authorization info has the equivalent meaning. A registrar should not even begin sending emails requesting to start a transfer, if the authorization info has not been given. For the confirmation: - the formulation may be frightening Telling the owner/admin that: ``you have requested'' can create support nightmares since if someone else tried the transfer (which may be the case when the authorization info is not used), the owner/admin will learn it has done something that it may not have done at all. This is another reason to let registrar use their own phrasing as long as they convey some specified points. There should also be a way to expedite a transfer (not waiting for up to 5 days). -- Patrick Mevzek . . . . . . Dot and Co (Paris, France) <http://www.dotandco.net/> <http://www.dotandco.com/>