[CPWG] GNSO TPR PDP meeting on Sep 5, 2022

Steinar Grøtterød steinar at recito.no
Wed Sep 7 06:13:59 UTC 2022 

Dear all,

Due to the cancellation of the CPWG meeting on Sep 7, 2022, I will inform the CPWG of the outcome of the CPWG informal letter to the TPR WG.

>From the minutes


  *   Update from Steiner on the At-Large summary of the CPWG discussion on Change of Registrant policy.  See attached.
     *   Had a fruitful discussion last week on the CPWG call.
     *   Based on that discussion, if we are going to change anything on the transfer lock the CPWG would like some statistics/data supporting removing that part of the policy.  But we don’t have any statistics.  If we will have transfer lock period it might be reduced to less than 60 days.  Specifically: “Input to the discussion were mostly connected to the question whether the present 60-days transfer lock after a change of registrant data is preventing domain name hijacking.  Further - the majority of the CPWG attendees requested data about the volume of hijacked domain names. These statistics - if available, may indicate if the transfer lock after a change of registrant is needed. The discussion also covered whether a transfer lock is needed for mitigation of domain name hijacking.”
  *   Discussion:
     *   Wonder if Compliance has some data?
     *   Registrars have indicated that they don’t have data.
     *   Without data we should remove it.
     *   From staff re: question about data: Compliance has provided data related to complaints about the lock itself in Phase 1A, but not specific enough in terms of hijacking.  As to data to “prove” that a lock is necessary or not, we don’t have that level of breakdown/tracking to speak to that issue.
     *   Compliance tracks transfer complaints in general, but does not break down to “inter registrar" vs. “COR”.
     *   The best you can get is the NACK statistics from the Open Data Initiative, but only limited years and not recent.  Does show significant use of the NACK, but can’t correlate it to hijacking.
     *   Not sure that we can get valuable data as to why there was a NACK in the first place.
     *   Registrars offer different levels of security and registrant can pick the model that fits their needs/shop around to get what they are looking for.
     *   I also remember most complaints about COR to Compliance were people annoyed by not being to unlock their domains. For hijacked domains, the hijack happened even with COR process (which hijackers were able to bypass).
     *   It’s a very interesting perspective. As registrars can and do provide security that is superior to minimum requirements under the Transfer Policy. Accordingly, it may be that this is the answer; leave it to registrants to select a registrar with desirable security protocols to prevent unauthorized transfer.


All recordings for the Transfer Policy Review PDP WG call held on Tuesday, 06 September 2022 at 16:00 UTC can be found on the agenda wiki page <https://community.icann.org/x/BwVpD> (attendance included) and the GNSO Master calendar <https://urldefense.com/v3/__https:/gnso.icann.org/en/group-activities/calendar/2022__;!!PtGJab4!vZdE84iVM-1QJ1D7deBk7YLs762A0a7CKZCW9WEuS-kwSDVItUTQIDSY2VVe4xM40A6qESvEAw$> .

Regards,

Steinar Grøtterød
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/cpwg/attachments/20220907/bb95bac6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: At-Large input to the Change of Registrant Policy.pdf
Type: application/pdf
Size: 50553 bytes
Desc: At-Large input to the Change of Registrant Policy.pdf
URL: <https://mm.icann.org/pipermail/cpwg/attachments/20220907/bb95bac6/At-LargeinputtotheChangeofRegistrantPolicy-0001.pdf>

More information about the CPWG mailing list