Public Comment

Public Comment is a vital part of our multistakeholder model. It provides a mechanism for stakeholders to have their opinions and recommendations formally and publicly documented. It is an opportunity for the ICANN community to effect change and improve policies and operations.

Name: Philip Busca
Date:15 Aug 2022
Are you providing input on behalf of another group (e.g., organization, company, government)?
Please choose your level of support for Preliminary Recommendation 1.
Support Recommendation as written
Please choose your level of support for Preliminary Recommendation 2.
Significant change required: changing intent and wording

If your response requires an edit or deletion of Preliminary Recommendation 2, please indicate the revised wording and rationale here.

If a registrant have 2FA at the registrar enabled, the losing FOA should be optional, but in case of no other security added to ones account, the losing FOA would be mandatory. Maybe automatically applicable depending on registrant own implemented security measures to his arccount.

Please choose your level of support for Preliminary Recommendation 3.
Support Recommendation intent with wording change

If your response requires an edit or deletion of Preliminary Recommendation 3, please indicate the revised wording and rationale here.

If i paid to transfer 25 domains at one time, i think there should be only one notification for those 25 domains, but not separately as it is currently for each domain.

Please choose your level of support for Preliminary Recommendation 4.
Support Recommendation intent with wording change

If your response requires an edit or deletion of Preliminary Recommendation 4, please indicate the revised wording and rationale here.

Same thing as Recommendation 3 above.

Question to the community: Should the Gaining Registrar’s IANA ID be provided by the Registry Operator to the Losing Registrar so that it may be included in the Notification of Transfer Completion sent by the Losing Registrar to the Registered Name Holder? Why or why not? Please explain.

Yes of course, this would be useful to identify the registrar, and as a means of record for future use in case of some transfer evidence.

Please choose your level of support for Preliminary Recommendation 5.
Support Recommendation as written
Please choose your level of support for Preliminary Recommendation 6.
Support Recommendation as written
Please choose your level of support for Preliminary Recommendation 7.
Support Recommendation as written
Please choose your level of support for Preliminary Recommendation 8.
Support Recommendation as written
Please choose your level of support for Preliminary Recommendation 9.
Support Recommendation as written
Please choose your level of support for Preliminary Recommendation 10.
Support Recommendation as written

If your response requires an edit or deletion of Preliminary Recommendation 10, please indicate the revised wording and rationale here.

I totally agree, I had situations where the provided TAC was wrong or expired, which made the transfer of specific domains to fail.

Please choose your level of support for Preliminary Recommendation 11.
Support Recommendation as written
Please choose your level of support for Preliminary Recommendation 12.
Support Recommendation intent with wording change

If your response requires an edit or deletion of Preliminary Recommendation 12, please indicate the revised wording and rationale here.

I would agree with the working group that the time (SLA) for TAC provision can be shortened for example to maximum of 3 days not 5 days.

Please choose your level of support for Preliminary Recommendation 13.
Support Recommendation as written
Question to the community: Who is best positioned to manage the standard 14-day TTL – the Registry or the Registrar, and why? Are there specific implications if the TTL is managed by the Losing Registrar?

The Registrar works best as a bridge between Registry and Registrant for such purposes, although I let the working group to decide who is best suited and will make it work without issues.

Please choose your level of support for Preliminary Recommendation 14.
Support Recommendation as written
Please choose your level of support for Preliminary Recommendation 15.
Support Recommendation as written
Please choose your level of support for Preliminary Recommendation 16.
Support Recommendation as written
Please choose your level of support for Preliminary Recommendation 17.
Support Recommendation as written
Please choose your level of support for Preliminary Recommendation 18.
Support Recommendation as written
Please choose your level of support for Preliminary Recommendation 19.
Support Recommendation as written
Please choose your level of support for Preliminary Recommendation 20.
Support Recommendation as written
Please choose your level of support for Preliminary Recommendation 21.
Support Recommendation as written
Please choose your level of support for Preliminary Recommendation 22.
Support Recommendation as written
Are there any recommendations the Working Group has not considered? If yes, please provide details below.

The working group have proposed a bulk transfer TAC to be generated, I would ask why not?

One would select an specified amount of domains and click generate (Bulk TAC) for selected domains, of course again if there are security measures as 2FA and other factors to prevent a easier method to steal domains.

Are there any other comments or issues you would like to raise pertaining to the Initial Report? If yes, please enter your comments here. If applicable, please specify the section or page number in the Initial Report to which your comments refer.

I think it can be implemented domain push to other registrar with a simple button, free of charge without renewal, of course if there are other security measures like 2FA.

To allow registrants to renew domains starting with one month and up to 10 years, for example if the cost per year of a com domain is 9 USD i would like to renew it for 6 months at half of this price, and so on if i want for less months or more. This is because I would prefer my domains to have a specific expiration date and there because the date between other domains is not the same.

Also as an idea to eliminate stolen domains: before one begins transferring domains from his account, the registrar will ask web camera access to take a live selfie of the person who does the transfer, in this case there will be evidence who is doing the transfer.

Additionally i consider all registrars must verify their users by asking an government issued ID card to increase security.

Summary of Submission

Someone wrote on NP forum about 2FA security, what if ones wife have access to the mobile phone and can access the registrant account with 2FA after receiving the code through SMS or application, well it's your fault that you have such wife or who ever is around you, not the registrar, humans will find ways to steal from you it's your responsibility, you must make sure to keep it secret if you have valuable domain assets. So in the end it's ones fault for dealing with such people.

I have 2FA enabled, even the domain lock is useless IMO, some registrars like porkbun allow you to lock each domain with a unique password, dynadot allow you to transfer domains only after unlocking your account with 2FA or security questions, in this cases the approval is not really needed only takes time and email space with so many emails received, I had recently 90% notification from DH because of transfer emails, had to increase space because of this.

Something that I was thinking for long time but did not had an opportunity where to mention about it, in my opinion when a domain name is stolen, it does not matter where it's transferred, all the parties involved must work together with each other and expose all the involved into this process, maybe create an investigative group on this matter. Let's take an example, someone hacks into your Namecheap account and transfers the domain(s) to Godaddy, in this case Godaddy must expose the data of the receiver and all the related details and return the domain back, if this gets done no one will cry about stolen domains, if this still happens it means that those who do this, have a percentage and I m sure that registrars are involved in such scheme.

Whatever applied it must ease our day to day domain management and usage, without much complications.

This is just my own opinion, take it as a ones observation on the proposed Policy, and very sorry for my poor English.

P.s. I have read more than 40 pages of the Policy, hard to understand for me.