RE: [registrars] .US Transfer Proposal

["Michael D. Palage" <michael@palage.com>]

Thanks Bruce.

I agree that providing an Auth Code alone is not enough and that is why it
must be produced by either the Registrant or the Admin Contact.

I believe my proposal was a two step process.

Step 1: Registrant or Admin Contact provides an auth code to gaining
registrar;
Step 2: Gaining registrar submits auth code to implement transfer


Correct me if I am wrong, but I believe you are proposing a three step
process:

Step 1: Registrant or Admin Contact provides an auth code to gaining
registrar;
Step 2: Gaining registrar submits standardized transfer communication to
Registrant and Admin Contact, requesting re-verification of the initial
request.
Step 3: Gaining registrar submits auth code to implement transfer.

In any challenge, the Gaining registrar would be required to provide the
documentations in Step #2.


My question is it possible for Step #1 and Step #2 to happen concurrently.
Specifically, could a registrant go to a gaining registrars web site and
click I want to transfer my domain name. On the first screen, registrant
would provide domain name, email and auth code. After clicking the next
button could the second screen provide the standardized communication. In
this scenario, the only documentation the gaining registrar would have would
be a database entry.

Or are you envisioning a multi-step process. Registrant provides information
via web site, fax or snail mail. Then the gaining registrar sends email or
similar electronic confirmation with the details. After receiving
email/electronic confirmation back, gaining registrar submits transfer
request.

Although I see the merits of your additional step, I only see this value if
the submission and verification is a two-step process.

I will consider you mark-ups. Any additional clarification to my comments
above would be greatly appreciated.

Mike




-----Original Message-----
From: Bruce Tonkin [mailto:Bruce.Tonkin@melbourneit.com.au]
Sent: Monday, December 02, 2002 1:34 AM
To: 'Michael D. Palage'
Cc: registrars@dnso.org
Subject: RE: [registrars] .US Transfer Proposal



Hello Mike,

Thanks for proposing changes to the .us transfer procedure.

I agree with the use of the auth-code for facilitating transfers.

However the auth-code only serves to verify the identity of the registrant.
ie if a person provides you with the correct auth-code - this helps verify
that you are dealing with an authorised person.

It does not provide evidence that a registrar has gained the authority for a
transfer.

In the ".au" environment, we require a two part process:
(1) Obtain the correct auth-info code to verify the identity of the
registrant
(2) Require the registrant to agree to a standard authorisation form that
includes explicit agreement to the transfer

Without (2), registrants can be easily misled into providing the auth-info
code.

We have an instance in Australia where a large Web hosting company has
requested the
"auth-info" code when a domain name holder asks the company to host a
website for them, on the basis that they need the code to arrange a change
in nameserver.  They don't inform the customer that they will first transfer
the name to another registrar, before they may nameserver changes.

I would like to see the use of standard text that is used to obtain the
explicit approval.  A code is not a substitute for this.   I understand that
this is part of the transfer task force recommendations which were developed
with EPP registries in mind.

Although a losing registrar could explain the use of the auth-info code at
the time of registration, it is likely that a registrant will forget this
explanation when they sign up to some misleading marketing material.  The
requirement for a standard authorisation form helps alleviate this problem.

Likewise step (2) above without step (1) - causes problems as multiple
people may assert that they have the authority to authorise a transfer.  The
unique auth-code helps settle this.

Regards,
Bruce Tonkin
>