[Gnso-ppsai-pdp-wg] Privacy and Transfers

[James M. Bladel]

Colleagues -

Another topic discussed during last week's call, and during our ad-hoc "subteam" on Friday, was the matter of private registrations and Inter-Registrar Transfers.  While this subject is certainly less interesting to many when compared against developing rules for abuse, disclosure, etc., I am confident that rules & standards set for Transfers will be much more important on a day-to-day basis for Registrants. And while there are tons of implementation details to work out, here are some high-level ideals that can help us move forward in our work.

Currently, most P/P Services will automatically reject a transfer request.  This is the simplest approach, as it ensures that domains managed by P/P services "stay home" with their affiliated Registrar.  Also, this method has the added benefit of providing an additional layer of security against domain name theft/hijacking.

As some have noted, this also ties a domain name to a specific Registrar.  If the only way for a Registrant to take their domain business elsewhere means that they must give up their privacy service (& publish their personal information in WHOIS).  For some Registrants, this would be an unacceptable option.

Also, Registrars are concerned that the required Form of Authorization (FOA) for a domain transfer would be invalid if it this was presented to a P/P Service rather than the Registrant (or Admin Contact).

I think we can structure our work to allow & encourage (but not necessarily require) Registrars and P/P Services to work together to facilitate "private transfers."  But some common principles would need to be noted in our Final Report.  For example:

1.  Registrars are still free to reject incoming transfers from any entity, including Accredited P/P Services.  This is the status quo, and an important concept in our industry.  Otherwise, bad actors (spammers, etc.) would be able to sneak back in to prohibited registrars using P/P Services.

2.  Registrars can cooperate (operationally & commercially) to allow incoming transfers from P/P Services affiliated with other Registrars, or P/P Services that are independent.  This would include some audit-able means to ensure that the transfer was properly authorized by the P/P Service on behalf of its customer.

3.  As a pre-condition for a "private transfer," Registrars are allowed to require Registrants to either switch to their own P/P Service (if available), or to cancel the P/P Service associated with their previous Registrar.  Some fixed window (30 days?) should be available for Registrants to make this choice.

I have no illusions that there are tons of gaps/missing details here, but these are just a few ideas to get us on the path towards addressing this issue.  I'm hoping that other Registrars on the group will chime in, especially those who spot technical/operational challenges with this approach.

And, for comparison of scale, please keep in mind that while we may encounter a handful of abusive/infringing domains each week, the same time period could see tens of thousands of inter-registrar transfers.  So it is important that we on the PPSAI not leave this issue as a loose thread.


Thank you,

J.
____________
James Bladel
GoDaddy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-ppsai-pdp-wg/attachments/20151117/e6a5b91a/attachment.html>