<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: Arial; font-size: 12pt; color: #000000'>Dear all,<br><br>As promised, my reactions to this final report as well as previous meetings' comments. Due to a recent internal physical transfer of our office, I was delayed in getting these to you. See you all soon in the meeting.<br><br>charter question C<br><br>cost increase is handled from the point of view of the registries, but not from the point of view of the RNH, what the BC intended. Perhaps ICANN compliance could be a more accessible and affordable dispute resolution for registered name holders, where - as noted - trademark knowledge and such legal background is not a priori necessary to resolve a dispute. IF such legal knowledge is deemed necessary, ICANN compliance can still give a 'no verdict' and refer the complainant to legal measures.<br>This would also be in line with ICANN explaining the TDRP on its website - they could offer a channel to handle such disputes.<br><br>charter question D<br><br>Instead of adding explanations as best practice, the explanation of TDRP could be added to a FOC versus an FOA. That way you always have the information as a former registered name holder.<br><br>charter question F<br><br>useful for auditing. It is however not likely to prevent fraudulent transfers. Any hacker that has access to the auth code, generally at the account level or user level, will be like to have access to (updating) the e-mail address of the registered name holder. Rendering the FOA moot.<br><br>For auditing purpose the FOA could be changed to a Form of Confirmation sent to the previous registered name holder. The reason why this is important is because this 'extraneous step' is a likely cause of a higher gTLD transfer fail rate, together with it's depencies on the WHOIS as well as the EPP status: clientTransferProhibited. Our Hostnet data indicates, that, based on 3 million .com transfers per year and a current 25% fail rate, 1 million .com transfers are not transferred each year despite the registered name holder express wish to do so. ccTLD transfer data imply that we can reduce this to 10% or less, which would mean 600.000 more successfull transfers leaving 400.000 failed ones, where registered name holder truly changed their mind instead of where they gave up. The question is if the WG considers this a valid reason to change the FOA to a confirming non-blocking e-mail (Form Of Confirmation)?<br><br><br>In reaction to comments made by :<br><br>Berry Cobb - it is important to note that the FOA / auth-code / clientTransferProhibited combination does not, in security terms, constitute a 'true' multi-factor authentication<br>http://en.wikipedia.org/wiki/Authentication_factor#Factors_and_identity<br>This is because all 3 elements are based on what a user knows, not what a user has (smartphone with software key or a hardware token), nor what a user is or does (finger print, retinal pattern, DNA, hand written signature). In reality, all 3 factors are often accessed by the same customer portal registrars offer to end users or resellers. If a portal is not offered, expiring the end user contract for the domain name can lead to a combined unlock + distribution of authcode + update of e-mail admin-c, defeating any claim to multi-factor security. This may be too high for ICANN to aim for, if required a solution could be the signature or a open source authenticator as for example implemented by dns.be : <br>http://www.dnsbelgium.be/en/help-page-2-step-verification<br><br>Volker Greimann - the FOA does not prove with certainty who is authorizing the transfer. An IP address does not uniquely identify a RNH. The only thing we know about a FOA is to which e-mail address it was sent. Preferably for inter-registrar, but also inter-registrant transfers, the *previous* registered name holder is informed. This can also satisfy the audit requirements. The new registered name holder is required to verify the e-mail address as you have mentioned.<br><br>James Bladel - First of all thanks for asking about the suggestion of changing the FOA to your godaddy compliance department. The reseller becoming registrar can temporarily set itself as administrative contact, to grant permission on behalf of the RNH for any bulk transfer. This can and is frequently done. Legally, the end user contract is unaffected by which supplier is chosen. While the RAA does require us to inform the registrant of their current registrar, it does not force us to include the current registrar in the end user agreement. In other words even for ICANN a change of registrar does not constitute a change in the contract with the registered name holder. At the same time, one can safely assume a gaining registrar will only submit a transfer once it has or has been reasonably satisfied its terms & conditions have been accepted.<br>Furthermore, combining multiple FOA / FOC transfer e-mails into a single e-mail, would already be allowed under current policy in terms of compliance. Text messages would give an alternative, but not improve the likelihood of a RNH agreeing. The point is that many RNH's currently give up is what we're noticing in practice. A resulting point of that is that I'm not trying to prevent harm, I'm trying to prevent unnecessary blocking of RNH's legitimate wish to transfer their domains.<br><br>Rob Golding - your opinions describes exactly the agreement on behalf of the new registered name holder which can safely be assumed to be had. I would suggest we aim to simplify the IRTP where possible, while not sacrificing any audit power the policy currently gives.<br><span><br>Met vriendelijke groet / Kind regards,<br><br>Arthur Zonnenberg<br>Product Manager<br><br>azonnenberg@hostnet.nl<br>http://www.hostnet.nl<br>Tel: +31.207500834<br>Fax: +31.207500825<br><br>Hostnet bv<br>De Ruijterkade 6<br>1013 AA Amsterdam<br>NL<span name="x"></span><br></span><br><hr id="zwchr"><b>From: </b>"Lars Hoffmann" <lars.hoffmann@icann.org><br><b>To: </b>gnso-irtpd@icann.org<br><b>Sent: </b>Friday, July 11, 2014 10:16:20 AM<br><b>Subject: </b>[gnso-irtpd] Final Report Recommendations<br><br><div>Dear all,</div><div><br></div><div>Please find attached a first red-line version of the recommendation for the Final Report. In light of Monday’s agenda (see below) it would be very useful if you could familiarise yourself with the changes as we will start working on determining consensus level on at least some of these.</div><div><br></div><div>Many thanks and best wishes,</div><div>Lars</div><div><br></div><div><br></div><div>Proposed Draft Agenda</div><div>I<b>RTP Part D PDP WG, Monday 14 July 2014</b></div><div><br></div><div><div>1. Roll Call/SOI Update</div><div><br></div><div>2. Review redline-version of recommendations and determining consensus level</div><div><br></div><div>3. Next steps/Confirming next meeting</div></div><div><br></div>
</div></body></html>