Please review ICANN Expected Standards of Behavior here: https://www.icann.org/resources/pages/expected-standards-2016-06-28-en

https://docs.google.com/document/d/1gyy9xfe0-ymW-irtY2gKSEy3za8IcG-GrF8EcCGE57g/edit

Did we set a timeframe of when we need to respond to these request? i.e- 4 weeks etc?

Sorry, I think I missed your proposal Emily, we finish 15 mins early, turn off the recording, or we do the full call, then do 15 mins after?

I was never a fan of those EPDP Friday homework sessions

would prefer to provide feedback on the call, fwiw

Thank you for the clarification

Will the registrar “admit” there is domain theft within their system? I.e. their system is not enough “secure”. I would love data of domain theft or fraudulent activity, but not sure registrars can do this by them selves.

+1 Rick, good info on the RFC

Thanks Rick

That's really helpful Rick- thank you!

It's the response to Charter question a7 starting on page 16

on the issue of affirmative response, the reality is the "affirmative response" is the fact that an RNH logged in to the registrar account. that's the first line of defense and the FOA doesn't fix that. if someone gets into your account they change all those points of contact and the FOA serves no purpose. i hope that's clear enough. the point is the issue is still covered, the same as always.

that's doable Berry

i might even get the RFC number right ;-)

well of course it's vulnerable to theft once it's generated. that's always been true.

if the RNH doesn't do their part to keep it safe, well, oh well.

this proposed system works better because the TAC doesn't exist until it's needed, which is different than history. that's a significant improvement, in my opinion.

So, yes the 5 day window to NACK has been removed from today's traditional transfer process. But isn't this what the TTL of the TAC is meant to compensate for?

@berry - no it doesn't. they are solving different problems.

the TAC TTL is just providing some protection for the TAC, limiting the overall window of vulnerability when a domain is eligible for a transfer. the 5 days window is an extra step for a registrant at a cost of the delay waiting for the transfer.

Ultra secure systems means making transfers just much harder

Plus that ID needs an modification to the EPP

however, the more I think about it, the overarching principle here is that access to the registrar account is primary point of control. the FOA doesn't add anything to do that and neither does the 5 day window. the 5 window solves a different problem than hijacking domains, because if you've lost control of the account then you change all the contact information and neither the notifications nor the FOA matter in any case.