[CPWG] Transfer Policy Review Team: Question about the 60-days lock
Lutz Donnerhacke
lutz at donnerhacke.de
Fri Nov 12 17:12:16 UTC 2021
On Fri, Nov 12, 2021 at 09:19:25AM +0100, Chokri Ben Romdhane via CPWG wrote:
> So I'm with removing the 60 day lock after the successful transfer, since
> the TAC (or any other technical mechanisms) may avoid any transfer risks.
Unfortunately this is not true. Using a different authentication mechanism
does not reduce fraud consequences. Such codes are always also available to
insiders and social engineering.
So the problem with a fraudulent transfer is not gone. Hence we need to
block further changes of the registrar (lock). But the most common action
required (change of the domain data) should be lifted from a lock. We only
need to catch the thief in the first step.
More information about the CPWG
mailing list