A step in the right direction but not the end of the walk...

[Patrick Mevzek <contact@xxxxxxxxxxxx>]

As a summary (see my posts in all other categories) I believe the new
transfer policy is a step in the good direction because:
- it clearly states who is the responsible authority to initiate and
authorize a transfer (this was not the case before)
- it gives a list of possible denial reasons, with all others being
excluded (this was not clear before)
- it gives a way to dispute a transfer formally, puts the penalty on
the dispute losing registrar, and clearly involves the registries
(this was not the case before)

This three points were alone much awaited, and are at the benefice of
registrants.
The new policy also removes the double acking that was necessary
before and which is superflous, since the ``lock status'' is enough
by itself for a registrant to be sure to need both to ack  at the
gaining registrar and do something (remove the lock status) at the
loosing one.

What should still be made better:

- a regular verification system, something not just when a problem
comes, but regularly by ICANN or a neutral third party, to make sure
that registrars send emails per the policy, records things, give EPP
authorization code, and so on...
A statistical number of transfers should be checked.
This process can be automated for the better part, and results should
be publicly available
As for the panix.com story, for example, it is today still not know
1) if the domains were on lock (panix.com owner say yes, but the fact
that the registry let the transfer happen means no to me)
2) if dotster did send the warning emails and where
3) what did/did not melbourneit precisely do

- a clear list of penalties for registrars not following this policy,
  with levels
  This may include probation time (no incoming transfers allowed
  anymore).

- having access to emails through whois for the gaining registrar:
  it is simpler for thick registries, but the problem remains for
  thin registries
  ICANN could mandate to all registrars to have a private (reserved
  for registrars) interface just to access emails for transfer.
  However this is not so easy in practice, as it can also be abused.
 Another solution may be for each registrar to maintain specific and
 dynamic aliases of the form example.com@xxxxxxxxxxxxxxxxxxxxxx
 where the left part is any domain names handled by the registrar
 This alias should forward to the admin & owner, and be used only by
 other registrars. This can also be abused.

 Attempts in the past to gather registrars together to define
 something has AFAIK always failed, anyone believing it has much to
 loose and nothing to gain, when everyone complains about the current
 state of whois (whose policy should be also amended since for thick
 registries it does not make sense that a whois is still handled at
 the registrar, sometimes with *other* information !)

- making sure it is possible for a registrant to choose its EPP
authorization information, if he so wishes, at registration time, and
change it anytime later (hence access it).
ICANN or a third party should register domain names with each
registrar and regularly check this is the case, at least for the
access part. As well as enabling/disabling a lock (which could also
be a service offered directly by the registry, if provided with the
authorization code).

-- 
Patrick Mevzek . . . . . . Dot and Co (Paris, France)
<http://www.dotandco.net/> <http://www.dotandco.com/>