Public Comment is a vital part of our multistakeholder model. It provides a mechanism for stakeholders to have their opinions and recommendations formally and publicly documented. It is an opportunity for the ICANN community to effect change and improve policies and operations.
هذا المحتوى متوفر فقط باللغة (أو اللغات)
If your response requires an edit or deletion of Preliminary Recommendation 2, please indicate the revised wording and rationale here.
I'm concerned about the decision to remove the losing registrar's Form of Authorization (FOA). With the FOA, a domain owner could be made aware of a fraudulent transfer and have time to contact the registrar to stop it. Under the proposed system, the domain registrant likely won't learn of a transfer until after the transfer is complete. While this will make transfers easier and — in the words of the Initial Report — instant, I'm concerned that it will result in fraudulent transfers. It would be interesting to hear from registrars about how many times customers try to stop fraudulent transfers after receiving the FOA. There is a backdoor security measure that registrars could undertake to reduce the chances of this happening: domain registrars could delay the time between people asking for Transfer Authorization Codes (TACs) and issuing them to customers. I fear that registrars will feel compelled to implement this backdoor security measure, which will ultimately burden domain registrants; they will have to request the code and then wait a long time for it to arrive before providing it to the gaining registrar. They would not be able to complete the domain transfer process in one sitting. I understand the Working Group is working on transfer rollback procedures in a later phase. Approving a less secure transfer system prior to determining rollback features doesn't make sense to me.
Registrar name or IANA ID should be included
Thank you for your work modernizing domain transfers.
I'm concerned about the decision to remove the losing registrar's Form of Authorization (FOA). With the FOA, a domain owner could be made aware of a fraudulent transfer and have time to contact the registrar to stop it. Under the proposed system, the domain registrant likely won't learn of a transfer until after the transfer is complete.
While this will make transfers easier and — in the words of the Initial Report — instant, I'm concerned that it will result in fraudulent transfers.
It would be interesting to hear from registrars about how many times customers try to stop fraudulent transfers after receiving the FOA.
There is a backdoor security measure that registrars could undertake to reduce the chances of this happening: domain registrars could delay the time between people asking for Transfer Authorization Codes (TACs) and issuing them to customers. I fear that registrars will feel compelled to implement this backdoor security measure, which will ultimately burden domain registrants; they will have to request the code and then wait a long time for it to arrive before providing it to the gaining registrar. They would not be able to complete the domain transfer process in one sitting.
I understand the Working Group is working on transfer rollback procedures in a later phase. Approving a less secure transfer system prior to determining rollback features doesn't make sense to me.