Transfer Policy Review PDP WG - Shared screen with speaker view
Julie Bisland - ICANN Org
Please review ICANN Expected Standards of Behavior here: https://www.icann.org/resources/pages/expected-standards-2016-06-28-en
Emily Barabas - ICANN Org
Keiron Tobin (RrSG)
Did we set a timeframe of when we need to respond to these request? i.e- 4 weeks etc?
Keiron Tobin (RrSG)
Sorry, I think I missed your proposal Emily, we finish 15 mins early, turn off the recording, or we do the full call, then do 15 mins after?
Theo Geurts (RrSG)
I was never a fan of those EPDP Friday homework sessions
Rick Wilhelm (PIR) (RySG)
would prefer to provide feedback on the call, fwiw
Keiron Tobin (RrSG)
Thank you for the clarification
Steinar Grøtterød (At-large)
Will the registrar “admit” there is domain theft within their system? I.e. their system is not enough “secure”. I would love data of domain theft or fraudulent activity, but not sure registrars can do this by them selves.
Theo Geurts (RrSG)
+1 Rick, good info on the RFC
Keiron Tobin (RrSG)
Thanks Rick
Prudence Malinki (RrSG)
That's really helpful Rick- thank you!
Emily Barabas - ICANN Org
It's the response to Charter question a7 starting on page 16
Jim Galvin (RySG)
on the issue of affirmative response, the reality is the "affirmative response" is the fact that an RNH logged in to the registrar account. that's the first line of defense and the FOA doesn't fix that. if someone gets into your account they change all those points of contact and the FOA serves no purpose. i hope that's clear enough. the point is the issue is still covered, the same as always.
Rick Wilhelm (PIR) (RySG)
that's doable Berry
Rick Wilhelm (PIR) (RySG)
i might even get the RFC number right ;-)
Jim Galvin (RySG)
well of course it's vulnerable to theft once it's generated. that's always been true.
Jim Galvin (RySG)
if the RNH doesn't do their part to keep it safe, well, oh well.
Jim Galvin (RySG)
this proposed system works better because the TAC doesn't exist until it's needed, which is different than history. that's a significant improvement, in my opinion.
Berry Cobb - ICANN Org
So, yes the 5 day window to NACK has been removed from today's traditional transfer process. But isn't this what the TTL of the TAC is meant to compensate for?
Jim Galvin (RySG)
@berry - no it doesn't. they are solving different problems.
Jim Galvin (RySG)
the TAC TTL is just providing some protection for the TAC, limiting the overall window of vulnerability when a domain is eligible for a transfer. the 5 days window is an extra step for a registrant at a cost of the delay waiting for the transfer.
Theo Geurts (RrSG)
Ultra secure systems means making transfers just much harder
Theo Geurts (RrSG)
Plus that ID needs an modification to the EPP
Jim Galvin (RySG)
however, the more I think about it, the overarching principle here is that access to the registrar account is primary point of control. the FOA doesn't add anything to do that and neither does the 5 day window. the 5 window solves a different problem than hijacking domains, because if you've lost control of the account then you change all the contact information and neither the notifications nor the FOA matter in any case.