[CPWG] GNSO TPR PDP meeting on Sep 5, 2022
Olivier MJ Crépin-Leblond
ocl at gih.com
Wed Sep 7 06:29:49 UTC 2022
Thank you Steinar.
I invite any other ALAC Reps in GNSO PDPs to provide their summarised
update, if any, by email, like you have done so well.
Kindest regards,
Olivier
On 07/09/2022 09:13, Steinar Grøtterød wrote:
>
> Dear all,
>
> Due to the cancellation of the CPWG meeting on Sep 7, 2022, I will
> inform the CPWG of the outcome of the CPWG informal letter to the TPR WG.
>
> From the minutes
>
> * Update from Steiner on the At-Large summary of the CPWG discussion
> on Change of Registrant policy. See attached.
> o Had a fruitful discussion last week on the CPWG call.
> o Based on that discussion, if we are going to change anything
> on the transfer lock the CPWG would like some statistics/data
> supporting removing that part of the policy. But we don’t
> have any statistics. If we will have transfer lock period it
> might be reduced to less than 60 days. Specifically: “Input
> to the discussion were mostly connected to the question
> whether the present 60-days transfer lock after a change of
> registrant data is preventing domain name hijacking. Further
> - the majority of the CPWG attendees requested data about the
> volume of hijacked domain names. These statistics - if
> available, may indicate if the transfer lock after a change of
> registrant is needed. The discussion also covered whether a
> transfer lock is needed for mitigation of domain name hijacking.”
> * Discussion:
> o Wonder if Compliance has some data?
> o Registrars have indicated that they don’t have data.
> o Without data we should remove it.
> o >From staff re: question about data: Compliance has provided
> data related to complaints about the lock itself in Phase 1A,
> but not specific enough in terms of hijacking. As to data to
> “prove” that a lock is necessary or not, we don’t have that
> level of breakdown/tracking to speak to that issue.
> o Compliance tracks transfer complaints in general, but does not
> break down to “inter registrar" vs. “COR”.
> o The best you can get is the NACK statistics from the Open Data
> Initiative, but only limited years and not recent. Does show
> significant use of the NACK, but can’t correlate it to hijacking.
> o Not sure that we can get valuable data as to why there was a
> NACK in the first place.
> o Registrars offer different levels of security and registrant
> can pick the model that fits their needs/shop around to get
> what they are looking for.
> o I also remember most complaints about COR to Compliance were
> people annoyed by not being to unlock their domains. For
> hijacked domains, the hijack happened even with COR process
> (which hijackers were able to bypass).
> o It’s a very interesting perspective. As registrars can and do
> provide security that is superior to minimum requirements
> under the Transfer Policy. Accordingly, it may be that this is
> the answer; leave it to registrants to select a registrar with
> desirable security protocols to prevent unauthorized transfer.
>
> All recordings for the*Transfer Policy Review PDP WG*call held
> on*Tuesday,06 September 2022at 16:00 UTC*can be foundon theagenda wiki
> page <https://community.icann.org/x/BwVpD>(attendance included)and
> theGNSO Master
> calendar<https://urldefense.com/v3/__https:/gnso.icann.org/en/group-activities/calendar/2022__;!!PtGJab4!vZdE84iVM-1QJ1D7deBk7YLs762A0a7CKZCW9WEuS-kwSDVItUTQIDSY2VVe4xM40A6qESvEAw$>.
>
> Regards,
>
> Steinar Grøtterød
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/cpwg/attachments/20220907/ce580f91/attachment.html>
More information about the CPWG
mailing list